| |
| |||||||
Log-Analyse und Auswertung: dllhost.exe kommt immer wiederWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.09.2014, 22:51
| #1 |
| |  dllhost.exe kommt immer wieder Okay, folgendes Problem, bei mir(Windows 7) taucht wenn ich mit dem Internet verbunden bin immer die dllhost.exe auf(in der Beschreibung steht Com Surrogate), und wenn ich im Taskmanager bin verschwindet sie wieder, manchmal bleibt sie auch da, dann beende ich den prozess und die datei taucht erneut auf, habe schon mit nem anderen Taskmanager mal genauer hingeguckt, und da sah ich das die Datei im richtigen Ordner(C:\Windows\System32) befindet, aber irgendwie finde ich das trotzdem sehr merkwürdig, ab und zu erscheint auch für ne millisekunde ne kleine Sanduhr neben dem Mauszeiger bevor die dllhost.exe datei wieder auftaucht, ich hab schon ein bisschen gegooglet und hab auch schon ähnliche Themen gefunden, aber da war es überall so das die dllhost.exe sehr viel Ram verbraucht, das is bei mir aber nicht der Fall, habe deshalb mal gedacht ich suche hier nach Hilfe, wenn ihr mehr Informationen benötigt, dann sagt bescheid!  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by **** (administrator) on *****-PC on 02-09-2014 23:26:43
Running from C:\Users\***\Downloads
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
HKU\S-1-5-21-2801342529-536116899-3390027421-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDED77E6B576ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://start.qone8.com/?type=hp&ts=1400121850&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400290918&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400322180&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400361164&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400375297&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400464484&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400534591&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400609099&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400712795&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400780164&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400865722&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400947302&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401061107&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401075012&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401383605&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401582378&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401747741&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401969533&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402192021&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402270629&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402357676&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402443605&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402535817&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402611531&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402694888&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402758018&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402791094&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402865366&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402954254&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403020887&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403053999&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403211227&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403382227&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403398173&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403656787&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403909376&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403993445&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404065109&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404178489&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404267094&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404322802&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404413784&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404498221&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404531224&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404545931&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404601127&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404698825&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404756680&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404778700&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404864346&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404918522&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404924603&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404925082&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404957610&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405122910&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405215951&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405285402&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405381631&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405462642&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405540458&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405807283&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405968279&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406067864&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406506381&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406598052&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406661710&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406673320&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406729771&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406761970&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406847078&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406942902&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406985949&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407022662&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407122399&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407169077&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407251761&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407343389&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407430520&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407465916&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407524758&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407534189&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407603420&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407616588&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407725931&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407788326&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407883858&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Google-Suche) - C:\Users\+++\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-19] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-31] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-18] (Disc Soft Ltd)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 23:27 - 2014-09-02 23:27 - 00380416 _____ () C:\Users\****\Downloads\uyh5nomf.exe
2014-09-02 23:26 - 2014-09-02 23:27 - 00016717 _____ () C:\Users\****\Downloads\FRST.txt
2014-09-02 23:26 - 2014-09-02 23:26 - 01096704 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2014-09-02 23:26 - 2014-09-02 23:26 - 00000000 ____D () C:\FRST
2014-09-02 23:25 - 2014-09-02 23:25 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-09-02 23:25 - 2014-09-02 23:25 - 00000468 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-09-02 23:25 - 2014-09-02 23:25 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-09-02 21:09 - 2014-09-02 21:10 - 41317456 _____ (Google Inc.) C:\Users\****\Downloads\Chrome37StandaloneSetup.exe
2014-08-31 04:51 - 2014-08-31 04:51 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 04:50 - 2014-08-31 04:51 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 04:50 - 2014-08-31 04:50 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 04:50 - 2014-08-31 04:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 04:49 - 2014-08-31 04:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 04:47 - 2014-08-31 04:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 04:45 - 2014-08-31 04:46 - 91906368 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup_9.0.2021 (1).exe
2014-08-29 03:44 - 2014-08-29 03:44 - 01****960 _____ () C:\Users\****\Downloads\ProcessExplorer.zip
2014-08-29 02:05 - 2014-08-29 02:06 - 105379251 _____ () C:\Users\****\Downloads\Kal-SecKro.zip
2014-08-28 06:02 - 2014-08-28 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 06:01 - 2014-08-28 06:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 06:00 - 2014-08-28 06:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 06:05 - 2014-08-27 07:35 - 00000000 ____D () C:\Users\****\Desktop\clickclickbang
2014-08-27 04:37 - 2014-08-27 04:37 - 00036403 _____ () C:\Users\****\Documents\Unbenannt.wma
2014-08-23 03:35 - 2009-06-10 23:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140823-033518.backup
2014-08-23 03:30 - 2014-08-23 03:30 - 00000000 ____D () C:\Users\****\Documents\ProcAlyzer Dumps
2014-08-23 02:33 - 2014-08-23 02:33 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 02:33 - 2014-08-23 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 02:21 - 2014-08-23 03:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-23 02:21 - 2014-08-23 02:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-23 02:21 - 2014-08-23 02:21 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-23 02:21 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-23 02:18 - 2014-08-23 02:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\****\Downloads\spybot-2.4.exe
2014-08-23 02:16 - 2014-09-02 20:55 - 00000000 ____D () C:\Program Files\Avira
2014-08-23 02:16 - 2014-08-23 02:27 - 00000000 ____D () C:\ProgramData\Avira
2014-08-20 18:56 - 2014-08-20 18:56 - 00119551 _____ () C:\Users\****\Downloads\watch.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00152726 _____ () C:\Users\****\Downloads\f.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00000000 ____D () C:\Users\****\Downloads\f_files
2014-08-18 12:43 - 2014-03-11 19:27 - 00003560 _____ () C:\Users\****\Documents\ChromeCacheView_lng.ini
2014-08-14 05:19 - 2014-09-02 19:54 - 00000000 ____D () C:\Users\****\Downloads\backups
2014-08-14 05:18 - 2014-08-14 05:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\****\Downloads\HiJackThis204.exe
2014-08-14 02:22 - 2014-08-14 02:23 - 100182584 _____ () C:\Users\****\Downloads\So_You_Need_Beats_3_instrumental_Edition-(DatPiff.com).zip
2014-08-14 02:17 - 2014-08-14 02:18 - 116042919 _____ () C:\Users\****\Downloads\Instrumental_Invasion_-_Diplomatic_Season_2-(DatPiff.com).zip
2014-08-14 02:16 - 2014-08-14 02:17 - 51923654 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_38_Dr_Dre_The_Collection-(DatPiff.com).zip
2014-08-13 04:14 - 2014-08-13 04:15 - 62705718 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_39_DJ_Premier_Edition-(DatPiff.com).zip
2014-08-11 05:53 - 2014-08-11 05:54 - 28180776 _____ () C:\Users\****\Downloads\WASKMUSIC-JITBUILD-91BPM.wav
2014-08-09 05:21 - 2014-08-09 05:21 - 00114112 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 03:50 - 2014-08-09 03:51 - 45757840 _____ () C:\Users\****\Downloads\Kollegah & Farid Bang - Dynamit Remix (prod. by Chief Chiko).wav
2014-08-07 18:55 - 2014-09-02 21:02 - 00001176 _____ () C:\Windows\setupact.log
2014-08-07 18:55 - 2014-08-07 18:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 18:54 - 2014-09-02 20:55 - 00153160 _____ () C:\Windows\PFRO.log
2014-08-07 18:54 - 2014-08-07 18:55 - 00392416 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-02 23:27 - 2014-09-02 23:27 - 00380416 _____ () C:\Users\****\Downloads\uyh5nomf.exe
2014-09-02 23:27 - 2014-09-02 23:26 - 00016717 _____ () C:\Users\****\Downloads\FRST.txt
2014-09-02 23:26 - 2014-09-02 23:26 - 01096704 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2014-09-02 23:26 - 2014-09-02 23:26 - 00000000 ____D () C:\FRST
2014-09-02 23:25 - 2014-09-02 23:25 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-09-02 23:25 - 2014-09-02 23:25 - 00000468 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-09-02 23:25 - 2014-09-02 23:25 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-09-02 23:25 - 2014-05-01 18:20 - 00000000 ____D () C:\Users\****
2014-09-02 23:16 - 2014-05-01 23:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-09-02 23:12 - 2014-05-10 03:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\ICQ
2014-09-02 22:55 - 2014-05-01 21:31 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 21:11 - 2014-05-01 21:32 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 21:11 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:11 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:10 - 2014-09-02 21:09 - 41317456 _____ (Google Inc.) C:\Users\****\Downloads\Chrome37StandaloneSetup.exe
2014-09-02 21:06 - 2014-05-01 17:45 - 01167903 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 21:02 - 2014-08-07 18:55 - 00001176 _____ () C:\Windows\setupact.log
2014-09-02 21:02 - 2014-05-01 21:31 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 21:02 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 21:01 - 2014-05-02 16:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-09-02 20:55 - 2014-08-23 02:16 - 00000000 ____D () C:\Program Files\Avira
2014-09-02 20:55 - 2014-08-07 18:54 - 00153160 _____ () C:\Windows\PFRO.log
2014-09-02 19:54 - 2014-08-14 05:19 - 00000000 ____D () C:\Users\****\Downloads\backups
2014-09-01 06:41 - 2014-05-01 19:36 - 00003030 _____ () C:\Users\****\Desktop\VBT.txt
2014-08-31 04:51 - 2014-08-31 04:51 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 04:51 - 2014-08-31 04:50 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 04:50 - 2014-08-31 04:50 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 04:50 - 2014-08-31 04:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 04:49 - 2014-08-31 04:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 04:49 - 2014-08-31 04:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 04:48 - 2014-05-01 18:41 - 00000000 ____D () C:\Windows\Panther
2014-08-31 04:46 - 2014-08-31 04:45 - 91906368 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup_9.0.2021 (1).exe
2014-08-29 03:55 - 2014-07-05 05:39 - 00000000 ____D () C:\ProgramData\Apple
2014-08-29 03:55 - 2014-07-05 05:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-29 03:52 - 2014-07-05 05:41 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-29 03:44 - 2014-08-29 03:44 - 01****960 _____ () C:\Users\****\Downloads\ProcessExplorer.zip
2014-08-29 02:06 - 2014-08-29 02:05 - 105379251 _____ () C:\Users\****\Downloads\Kal-SecKro.zip
2014-08-28 06:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-28 06:02 - 2014-08-28 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 06:01 - 2014-08-28 06:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 06:01 - 2014-08-28 06:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 07:50 - 2014-06-07 00:57 - 00000000 ____D () C:\Temp
2014-08-27 07:35 - 2014-08-27 06:05 - 00000000 ____D () C:\Users\****\Desktop\clickclickbang
2014-08-27 06:11 - 2014-07-26 16:46 - 00000000 ____D () C:\Users\****\Desktop\mason family
2014-08-27 04:37 - 2014-08-27 04:37 - 00036403 _____ () C:\Users\****\Documents\Unbenannt.wma
2014-08-23 03:33 - 2014-08-23 02:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-23 03:30 - 2014-08-23 03:30 - 00000000 ____D () C:\Users\****\Documents\ProcAlyzer Dumps
2014-08-23 02:34 - 2014-05-19 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 02:33 - 2014-08-23 02:33 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 02:33 - 2014-08-23 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 02:29 - 2014-08-23 02:21 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-23 02:27 - 2014-08-23 02:16 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 02:21 - 2014-08-23 02:21 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-23 02:19 - 2014-08-23 02:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\****\Downloads\spybot-2.4.exe
2014-08-20 18:56 - 2014-08-20 18:56 - 00119551 _____ () C:\Users\****\Downloads\watch.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00152726 _____ () C:\Users\****\Downloads\f.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00000000 ____D () C:\Users\****\Downloads\f_files
2014-08-15 00:04 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 05:18 - 2014-08-14 05:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\****\Downloads\HiJackThis204.exe
2014-08-14 02:23 - 2014-08-14 02:22 - 100182584 _____ () C:\Users\****\Downloads\So_You_Need_Beats_3_instrumental_Edition-(DatPiff.com).zip
2014-08-14 02:18 - 2014-08-14 02:17 - 116042919 _____ () C:\Users\****\Downloads\Instrumental_Invasion_-_Diplomatic_Season_2-(DatPiff.com).zip
2014-08-14 02:17 - 2014-08-14 02:16 - 51923654 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_38_Dr_Dre_The_Collection-(DatPiff.com).zip
2014-08-13 04:15 - 2014-08-13 04:14 - 62705718 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_39_DJ_Premier_Edition-(DatPiff.com).zip
2014-08-11 05:54 - 2014-08-11 05:53 - 28180776 _____ () C:\Users\****\Downloads\WASKMUSIC-JITBUILD-91BPM.wav
2014-08-09 18:56 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 05:21 - 2014-08-09 05:21 - 00114112 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 03:51 - 2014-08-09 03:50 - 45757840 _____ () C:\Users\****\Downloads\Kollegah & Farid Bang - Dynamit Remix (prod. by Chief Chiko).wav
2014-08-07 18:55 - 2014-08-07 18:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 18:55 - 2014-08-07 18:54 - 00392416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 04:58 - 2014-05-01 19:36 - 00000000 ____D () C:\Users\****\Desktop\Okaaaaaaay
Some content of TEMP:
====================
C:\Users\*\AppData\Local\Temp\avgnt.exe
C:\Users\*\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 09:09
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by **** at 2014-09-02 23:27:32
Running from C:\Users\******\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 - Michael Tippach)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
CasinoClub (HKLM\...\CasinoClub ) (Version: - GtechG2)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
GhostMouse (HKLM\...\GhostMouse_is1) (Version: Free V3.2.2 - ghost-mouse.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.94 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICQ7M (HKLM\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2801342529-536116899-3390027421-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> dwusplay.dll No File
CustomCLSID: HKU\S-1-5-21-2801342529-536116899-3390027421-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> dwusplay.exe No File
==================== Restore Points =========================
15-08-2014 04:55:23 Geplanter Prüfpunkt
22-08-2014 05:41:36 Geplanter Prüfpunkt
29-08-2014 01:49:17 Removed iTunes
29-08-2014 01:53:32 Removed Apple Software Update
29-08-2014 01:54:28 Removed Apple Application Support
31-08-2014 02:47:37 Windows Modules Installer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {8DF48E16-741E-4B1C-93DD-0AF1D99DA7B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
Task: {93723EF8-2073-4011-AD4A-C098FAE4C541} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
Task: {EF443A18-D835-4891-B28E-2D818CDA472F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-31 04:50 - 2014-08-31 04:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 20:57 - 2014-09-02 20:57 - 02807296 _____ () C:\Program Files\AVAST Software\Avast\defs\14090200\algo.dll
2014-08-23 02:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-23 02:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-23 02:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-23 02:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-23 02:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-31 04:50 - 2014-08-31 04:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-02 21:11 - 2014-08-20 00:16 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\pdf.dll
2014-09-02 21:11 - 2014-08-20 00:16 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\ppGoogleNaClPluginChrome.dll
2014-09-02 21:10 - 2014-08-20 00:16 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\ffmpegsumo.dll
2014-06-22 02:59 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\******\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-06-22 02:59 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\******\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-09-02 21:11 - 2014-08-20 00:16 - 14669128 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/02/2014 09:03:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 08:57:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 11:17:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/31/2014 04:49:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816\instup.exe /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816 ; Beschreibung = avast! antivirus system restore point; Fehler = 0x800706be).
Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary dmngnjwq.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (08/31/2014 04:47:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (08/29/2014 03:54:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (08/29/2014 03:53:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (08/28/2014 08:30:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (09/02/2014 08:56:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/02/2014 08:56:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (09/02/2014 08:55:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.09.2014 um 20:54:18 unerwartet heruntergefahren.
Error: (08/27/2014 04:20:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (08/27/2014 02:43:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (08/24/2014 01:01:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (08/24/2014 01:00:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/24/2014 01:00:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/23/2014 04:32:06 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Netzwerkspeicher-Schnittstellendienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (08/23/2014 04:30:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (09/02/2014 09:03:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 08:57:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 11:17:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe
Error: (08/31/2014 04:49:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816\instup.exe /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816 avast! antivirus system restore point0x800706be
Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary dmngnjwq.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (08/31/2014 04:47:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (08/29/2014 03:54:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (08/29/2014 03:53:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (08/28/2014 08:30:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3070.49 MB
Available physical RAM: 1509.31 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4406.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1869.1 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:283.49 GB) (Free:206.33 GB) NTFS
Drive d: () (Fixed) (Total:14.5 GB) (Free:11.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-02 23:41:30
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAC 298,09GB
Running: uyh5nomf.exe; Driver: C:\Users\****\AppData\Local\Temp\uwldqpow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8FE9BBA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8FE9C684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8FEA86F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8FEA8744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8FEA88DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8FEA8666]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8FF52DF0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8FEA86AE]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8FF53080]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8FF5316A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8FEA8898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8FE9D472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8FE9BC0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8FEA0C68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x8FE9B7F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8FF52ED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8FE9BC72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8FEA105E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8FE9DF5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8FEA8722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8FEA8766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8FEA8902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8FEA868C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8FEA0560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8FEA8816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8FEA86D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8FEA094C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8FEA88BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8FF52C6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8FE9DDCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8FE9DADC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8FE9BCD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8FE9BD3E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8FF52FCC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8FE9B892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8FE9BA64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8FE9B9F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8FE9D63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8FE9D79E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8FE9BAEC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8FF52D3C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8FE9D2CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8FE9BDA4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8FF52BA0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A53A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8D212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82A94460 4 Bytes [A6, BB, E9, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82A944E8 4 Bytes [84, C6, E9, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82A9453C 8 Bytes JMP EA87448F
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82A94548 4 Bytes [DE, 88, EA, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82A94564 4 Bytes [66, 86, EA, 8F]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82C4F4DF 4 Bytes CALL 8FE9E641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82C69347 4 Bytes CALL 8FE9E657 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[452] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\services.exe[496] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[520] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1256] kernel32.dll!SetUnhandledExceptionFilter 77A5F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1256] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\Explorer.EXE[1428] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[1444] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 77A5F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1620] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Users\****\Downloads\uyh5nomf.exe[2036] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[2720] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2884] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, 90, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, 93, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, 90, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, 91, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C10274 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, 92, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, 91, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, 92, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C10305 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, 90, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C104C3 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, 91, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, 92, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, 93, A4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 00B103FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 00B101F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3372] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes CALL 5ABF5710
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, EB, FD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes CALL 5ABF5E20
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes JMP 5ABF5ED0
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C15BCC C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes JMP E2FF00FD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes JMP 5ABF5F50
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes JMP E2FF00FD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C15C5D C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes CALL 5ABF6080
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C15E1B C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes JMP 5ABF6780
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes JMP E2FF00FD
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, EB, FD, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 011903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 011901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3524] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\notepad.exe[3664] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe[3936] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[3952] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [18, 10, 82, 6E]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 000E03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 000E01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4028] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[4232] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, BC, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, BF, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, BC, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, BD, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C163A0 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, BE, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, BD, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, BE, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C16431 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, BC, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C165EF C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, BD, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, BE, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, BF, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 011203FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 011201F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, 5C, 5F, 00] {SUB [EDI+EBX*2+0x0], BL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, 5F, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, 5C, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, 5D, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C0BD40 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, 5E, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, 5D, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, 5E, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C0BDD1 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, 5C, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C0BF8F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, 5D, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, 5E, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, 5F, 5F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 006C03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 006C01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4348] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4452] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\taskmgr.exe[4600] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\DllHost.exe[4928] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5108] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, 34, D4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, 37, D4, 00] {SUB [EDI], DH; AAM 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, 34, D4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, 35, D4, 00] {TEST AL, 0x35; AAM 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C13218 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, 36, D4, 00] {TEST AL, 0x36; AAM 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, 35, D4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, 36, D4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C132A9 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, 34, D4, 00] {TEST AL, 0x34; AAM 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C13467 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, 35, D4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, 36, D4, 00] {SUB [ESI], DH; AAM 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, 37, D4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 00F603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 00F601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5164] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, 58, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, 5B, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, 58, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, 59, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C0B53C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, 5A, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, 59, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, 5A, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C0B5CD C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, 58, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C0B78B C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, 59, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, 5A, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, 5B, 57, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 006403FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 006401F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\system32\vssvc.exe[5804] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, 30, 8A, 00] {SUB [EAX], DH; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, 33, 8A, 00] {SUB [EBX], DH; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, 30, 8A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, 31, 8A, 00] {TEST AL, 0x31; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C0E814 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, 32, 8A, 00] {TEST AL, 0x32; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, 31, 8A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, 32, 8A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C0E8A5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, 30, 8A, 00] {TEST AL, 0x30; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C0EA63 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, 31, 8A, 00] {SUB [ECX], DH; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, 32, 8A, 00] {SUB [EDX], DH; MOV AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, 33, 8A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 00B703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 00B701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6020] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, 5C, AE, 00] {SUB [ESI+EBP*4+0x0], BL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, 5F, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, 5C, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, 5D, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C10C40 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, 5E, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, 5D, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, 5E, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C10CD1 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, 5C, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C10E8F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, 5D, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, 5E, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, 5F, AE, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 00BE03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 00BE01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6024] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + 6 77C0560E 4 Bytes [28, A8, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + B 77C05613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77C05C6E 4 Bytes [28, AB, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + B 77C05C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + 6 77C05D1E 4 Bytes [68, A8, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + B 77C05D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + 6 77C05DCE 4 Bytes [A8, A9, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + B 77C05DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + 6 77C05DDE 4 Bytes CALL 76C0A18C C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + B 77C05DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + 6 77C05DEE 4 Bytes [A8, AA, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + B 77C05DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + 6 77C05E4E 4 Bytes [68, A9, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + B 77C05E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + 6 77C05E5E 4 Bytes [68, AA, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + B 77C05E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + 6 77C05E6E 4 Bytes CALL 76C0A21D C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + B 77C05E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + 6 77C05F7E 4 Bytes [A8, A8, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + B 77C05F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + 6 77C0602E 4 Bytes CALL 76C0A3DB C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + B 77C06033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + 6 77C0667E 4 Bytes [28, A9, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + B 77C06683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + 6 77C066DE 4 Bytes [28, AA, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + B 77C066E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 77C069FE 4 Bytes [68, AB, 43, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + B 77C06A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!LdrUnloadDll 77C1C8DE 5 Bytes JMP 005003FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!LdrLoadDll 77C222AE 5 Bytes JMP 005001F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6068] KERNEL32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[6084] kernel32.dll!GetBinaryTypeW + 70 77A76AAC 1 Byte [62]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 94729
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2801342529-536116899-3390027421-1001@RefCount 5
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 2.1 ----
|
|
03.09.2014, 05:53
| #2 |
| /// the machine /// TB-Ausbilder    | dllhost.exe kommt immer wieder hi,
__________________das ist ne legitime Windows Datei 
__________________ |
|
04.09.2014, 23:02
| #3 |
| | dllhost.exe kommt immer wieder sicher?
__________________ |
|
05.09.2014, 20:09
| #4 |
| /// the machine /// TB-Ausbilder | dllhost.exe kommt immer wieder nee ich rate meine Antworten nur.... Lass die Datei doch mal bei virustotal scannen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.09.2014, 00:20
| #5 |
| | dllhost.exe kommt immer wieder hab ich gemacht... es wundert mich halt nur das die Datei so oft im Taskmanager erscheint, selbst wenn ich NIX mache(aber trotzdem im Inet bin und n Film guck oder so..) |
|
06.09.2014, 18:59
| #6 |
| /// the machine /// TB-Ausbilder | dllhost.exe kommt immer wieder du hast dir aber schon mal angeschaut bei Google was das für ne Datei is oder?
__________________ --> dllhost.exe kommt immer wieder |
|
| Themen zu dllhost.exe kommt immer wieder |
| adware, antivirus, avira, com surrogate, cpu, desktop, dllhost.exe, fehler, flash player, helper, hijack, hijackthis, home, homepage, internet, kommt immer wieder, problem, programm, prozess, registry, safer networking, sanduhr, scan, security, software, svchost.exe, system, taskmanager, windows |
Linear-Darstellung
