Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: dllhost.exe kommt immer wieder

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.09.2014, 22:51   #1
237187
 
dllhost.exe kommt immer wieder - Standard

dllhost.exe kommt immer wieder



Okay, folgendes Problem, bei mir(Windows 7) taucht wenn ich mit dem Internet verbunden bin immer die dllhost.exe auf(in der Beschreibung steht Com Surrogate), und wenn ich im Taskmanager bin verschwindet sie wieder, manchmal bleibt sie auch da, dann beende ich den prozess und die datei taucht erneut auf, habe schon mit nem anderen Taskmanager mal genauer hingeguckt, und da sah ich das die Datei im richtigen Ordner(C:\Windows\System32) befindet, aber irgendwie finde ich das trotzdem sehr merkwürdig, ab und zu erscheint auch für ne millisekunde ne kleine Sanduhr neben dem Mauszeiger bevor die dllhost.exe datei wieder auftaucht, ich hab schon ein bisschen gegooglet und hab auch schon ähnliche Themen gefunden, aber da war es überall so das die dllhost.exe sehr viel Ram verbraucht, das is bei mir aber nicht der Fall, habe deshalb mal gedacht ich suche hier nach Hilfe, wenn ihr mehr Informationen benötigt, dann sagt bescheid!




FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by **** (administrator) on *****-PC on 02-09-2014 23:26:43
Running from C:\Users\***\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-31] (AVAST Software)
HKU\S-1-5-21-2801342529-536116899-3390027421-1001\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDED77E6B576ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://start.qone8.com/?type=hp&ts=1400121850&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400290918&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400322180&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400361164&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400375297&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400464484&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400534591&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400609099&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400712795&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400780164&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400865722&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1400947302&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401061107&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401075012&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401383605&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401582378&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401747741&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1401969533&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402192021&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402270629&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402357676&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402443605&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402535817&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402611531&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402694888&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402758018&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402791094&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402865366&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1402954254&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403020887&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403053999&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403211227&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403382227&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403398173&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403656787&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403909376&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1403993445&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404065109&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404178489&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404267094&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404322802&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404413784&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404498221&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404531224&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404545931&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404601127&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404698825&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404756680&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404778700&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404864346&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404918522&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404924603&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404925082&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1404957610&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405122910&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405215951&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405285402&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405381631&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405462642&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405540458&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405807283&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1405968279&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406067864&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406506381&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406598052&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406661710&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406673320&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406729771&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406761970&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406847078&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406942902&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1406985949&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407022662&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407122399&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407169077&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407251761&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407343389&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407430520&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407465916&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407524758&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407534189&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407603420&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407616588&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407725931&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407788326&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://start.qone8.com/?type=hppp&ts=1407883858&from=kmp&uid=ST3320820AS_5QF34LLWXXXX5QF34LLW", "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Google-Suche) - C:\Users\+++\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-31]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-31] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-19] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-31] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-18] (Disc Soft Ltd)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc.              )
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:27 - 2014-09-02 23:27 - 00380416 _____ () C:\Users\****\Downloads\uyh5nomf.exe
2014-09-02 23:26 - 2014-09-02 23:27 - 00016717 _____ () C:\Users\****\Downloads\FRST.txt
2014-09-02 23:26 - 2014-09-02 23:26 - 01096704 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2014-09-02 23:26 - 2014-09-02 23:26 - 00000000 ____D () C:\FRST
2014-09-02 23:25 - 2014-09-02 23:25 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-09-02 23:25 - 2014-09-02 23:25 - 00000468 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-09-02 23:25 - 2014-09-02 23:25 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-09-02 21:09 - 2014-09-02 21:10 - 41317456 _____ (Google Inc.) C:\Users\****\Downloads\Chrome37StandaloneSetup.exe
2014-08-31 04:51 - 2014-08-31 04:51 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 04:50 - 2014-08-31 04:51 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 04:50 - 2014-08-31 04:50 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 04:50 - 2014-08-31 04:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 04:49 - 2014-08-31 04:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 04:47 - 2014-08-31 04:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 04:45 - 2014-08-31 04:46 - 91906368 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup_9.0.2021 (1).exe
2014-08-29 03:44 - 2014-08-29 03:44 - 01****960 _____ () C:\Users\****\Downloads\ProcessExplorer.zip
2014-08-29 02:05 - 2014-08-29 02:06 - 105379251 _____ () C:\Users\****\Downloads\Kal-SecKro.zip
2014-08-28 06:02 - 2014-08-28 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 06:01 - 2014-08-28 06:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 06:00 - 2014-08-28 06:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 06:05 - 2014-08-27 07:35 - 00000000 ____D () C:\Users\****\Desktop\clickclickbang
2014-08-27 04:37 - 2014-08-27 04:37 - 00036403 _____ () C:\Users\****\Documents\Unbenannt.wma
2014-08-23 03:35 - 2009-06-10 23:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140823-033518.backup
2014-08-23 03:30 - 2014-08-23 03:30 - 00000000 ____D () C:\Users\****\Documents\ProcAlyzer Dumps
2014-08-23 02:33 - 2014-08-23 02:33 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 02:33 - 2014-08-23 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 02:21 - 2014-08-23 03:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-23 02:21 - 2014-08-23 02:29 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-23 02:21 - 2014-08-23 02:21 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-23 02:21 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-23 02:18 - 2014-08-23 02:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\****\Downloads\spybot-2.4.exe
2014-08-23 02:16 - 2014-09-02 20:55 - 00000000 ____D () C:\Program Files\Avira
2014-08-23 02:16 - 2014-08-23 02:27 - 00000000 ____D () C:\ProgramData\Avira
2014-08-20 18:56 - 2014-08-20 18:56 - 00119551 _____ () C:\Users\****\Downloads\watch.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00152726 _____ () C:\Users\****\Downloads\f.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00000000 ____D () C:\Users\****\Downloads\f_files
2014-08-18 12:43 - 2014-03-11 19:27 - 00003560 _____ () C:\Users\****\Documents\ChromeCacheView_lng.ini
2014-08-14 05:19 - 2014-09-02 19:54 - 00000000 ____D () C:\Users\****\Downloads\backups
2014-08-14 05:18 - 2014-08-14 05:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\****\Downloads\HiJackThis204.exe
2014-08-14 02:22 - 2014-08-14 02:23 - 100182584 _____ () C:\Users\****\Downloads\So_You_Need_Beats_3_instrumental_Edition-(DatPiff.com).zip
2014-08-14 02:17 - 2014-08-14 02:18 - 116042919 _____ () C:\Users\****\Downloads\Instrumental_Invasion_-_Diplomatic_Season_2-(DatPiff.com).zip
2014-08-14 02:16 - 2014-08-14 02:17 - 51923654 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_38_Dr_Dre_The_Collection-(DatPiff.com).zip
2014-08-13 04:14 - 2014-08-13 04:15 - 62705718 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_39_DJ_Premier_Edition-(DatPiff.com).zip
2014-08-11 05:53 - 2014-08-11 05:54 - 28180776 _____ () C:\Users\****\Downloads\WASKMUSIC-JITBUILD-91BPM.wav
2014-08-09 05:21 - 2014-08-09 05:21 - 00114112 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 03:50 - 2014-08-09 03:51 - 45757840 _____ () C:\Users\****\Downloads\Kollegah & Farid Bang - Dynamit Remix (prod. by Chief Chiko).wav
2014-08-07 18:55 - 2014-09-02 21:02 - 00001176 _____ () C:\Windows\setupact.log
2014-08-07 18:55 - 2014-08-07 18:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 18:54 - 2014-09-02 20:55 - 00153160 _____ () C:\Windows\PFRO.log
2014-08-07 18:54 - 2014-08-07 18:55 - 00392416 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:27 - 2014-09-02 23:27 - 00380416 _____ () C:\Users\****\Downloads\uyh5nomf.exe
2014-09-02 23:27 - 2014-09-02 23:26 - 00016717 _____ () C:\Users\****\Downloads\FRST.txt
2014-09-02 23:26 - 2014-09-02 23:26 - 01096704 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2014-09-02 23:26 - 2014-09-02 23:26 - 00000000 ____D () C:\FRST
2014-09-02 23:25 - 2014-09-02 23:25 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2014-09-02 23:25 - 2014-09-02 23:25 - 00000468 _____ () C:\Users\****\Downloads\defogger_disable.log
2014-09-02 23:25 - 2014-09-02 23:25 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-09-02 23:25 - 2014-05-01 18:20 - 00000000 ____D () C:\Users\****
2014-09-02 23:16 - 2014-05-01 23:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-09-02 23:12 - 2014-05-10 03:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\ICQ
2014-09-02 22:55 - 2014-05-01 21:31 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 21:11 - 2014-05-01 21:32 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 21:11 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:11 - 2009-07-14 06:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 21:10 - 2014-09-02 21:09 - 41317456 _____ (Google Inc.) C:\Users\****\Downloads\Chrome37StandaloneSetup.exe
2014-09-02 21:06 - 2014-05-01 17:45 - 01167903 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 21:02 - 2014-08-07 18:55 - 00001176 _____ () C:\Windows\setupact.log
2014-09-02 21:02 - 2014-05-01 21:31 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 21:02 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 21:01 - 2014-05-02 16:44 - 00000000 ____D () C:\Users\****\AppData\Roaming\vlc
2014-09-02 20:55 - 2014-08-23 02:16 - 00000000 ____D () C:\Program Files\Avira
2014-09-02 20:55 - 2014-08-07 18:54 - 00153160 _____ () C:\Windows\PFRO.log
2014-09-02 19:54 - 2014-08-14 05:19 - 00000000 ____D () C:\Users\****\Downloads\backups
2014-09-01 06:41 - 2014-05-01 19:36 - 00003030 _____ () C:\Users\****\Desktop\VBT.txt
2014-08-31 04:51 - 2014-08-31 04:51 - 00002119 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2014-08-31 04:51 - 2014-08-31 04:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 04:51 - 2014-08-31 04:50 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-31 04:50 - 2014-08-31 04:50 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-31 04:50 - 2014-08-31 04:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-31 04:50 - 2014-08-31 04:50 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-31 04:49 - 2014-08-31 04:49 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-31 04:49 - 2014-08-31 04:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 04:48 - 2014-05-01 18:41 - 00000000 ____D () C:\Windows\Panther
2014-08-31 04:46 - 2014-08-31 04:45 - 91906368 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup_9.0.2021 (1).exe
2014-08-29 03:55 - 2014-07-05 05:39 - 00000000 ____D () C:\ProgramData\Apple
2014-08-29 03:55 - 2014-07-05 05:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-29 03:52 - 2014-07-05 05:41 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-29 03:44 - 2014-08-29 03:44 - 01****960 _____ () C:\Users\****\Downloads\ProcessExplorer.zip
2014-08-29 02:06 - 2014-08-29 02:05 - 105379251 _____ () C:\Users\****\Downloads\Kal-SecKro.zip
2014-08-28 06:20 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-28 06:02 - 2014-08-28 06:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-28 06:01 - 2014-08-28 06:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 06:01 - 2014-08-28 06:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-27 07:50 - 2014-06-07 00:57 - 00000000 ____D () C:\Temp
2014-08-27 07:35 - 2014-08-27 06:05 - 00000000 ____D () C:\Users\****\Desktop\clickclickbang
2014-08-27 06:11 - 2014-07-26 16:46 - 00000000 ____D () C:\Users\****\Desktop\mason family
2014-08-27 04:37 - 2014-08-27 04:37 - 00036403 _____ () C:\Users\****\Documents\Unbenannt.wma
2014-08-23 03:33 - 2014-08-23 02:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-23 03:30 - 2014-08-23 03:30 - 00000000 ____D () C:\Users\****\Documents\ProcAlyzer Dumps
2014-08-23 02:34 - 2014-05-19 23:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 02:33 - 2014-08-23 02:33 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 02:33 - 2014-08-23 02:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 02:29 - 2014-08-23 02:21 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-23 02:27 - 2014-08-23 02:16 - 00000000 ____D () C:\ProgramData\Avira
2014-08-23 02:21 - 2014-08-23 02:21 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-23 02:21 - 2014-08-23 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-23 02:19 - 2014-08-23 02:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\****\Downloads\spybot-2.4.exe
2014-08-20 18:56 - 2014-08-20 18:56 - 00119551 _____ () C:\Users\****\Downloads\watch.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00152726 _____ () C:\Users\****\Downloads\f.htm
2014-08-19 19:11 - 2014-08-19 19:11 - 00000000 ____D () C:\Users\****\Downloads\f_files
2014-08-15 00:04 - 2010-11-20 23:01 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 05:18 - 2014-08-14 05:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\****\Downloads\HiJackThis204.exe
2014-08-14 02:23 - 2014-08-14 02:22 - 100182584 _____ () C:\Users\****\Downloads\So_You_Need_Beats_3_instrumental_Edition-(DatPiff.com).zip
2014-08-14 02:18 - 2014-08-14 02:17 - 116042919 _____ () C:\Users\****\Downloads\Instrumental_Invasion_-_Diplomatic_Season_2-(DatPiff.com).zip
2014-08-14 02:17 - 2014-08-14 02:16 - 51923654 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_38_Dr_Dre_The_Collection-(DatPiff.com).zip
2014-08-13 04:15 - 2014-08-13 04:14 - 62705718 _____ () C:\Users\****\Downloads\Instrumental_World_Vol_39_DJ_Premier_Edition-(DatPiff.com).zip
2014-08-11 05:54 - 2014-08-11 05:53 - 28180776 _____ () C:\Users\****\Downloads\WASKMUSIC-JITBUILD-91BPM.wav
2014-08-09 18:56 - 2009-07-14 06:53 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 05:21 - 2014-08-09 05:21 - 00114112 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-09 03:51 - 2014-08-09 03:50 - 45757840 _____ () C:\Users\****\Downloads\Kollegah & Farid Bang - Dynamit Remix (prod. by Chief Chiko).wav
2014-08-07 18:55 - 2014-08-07 18:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-07 18:55 - 2014-08-07 18:54 - 00392416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 04:58 - 2014-05-01 19:36 - 00000000 ____D () C:\Users\****\Desktop\Okaaaaaaay

Some content of TEMP:
====================
C:\Users\*\AppData\Local\Temp\avgnt.exe
C:\Users\*\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 09:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by **** at 2014-09-02 23:27:32
Running from C:\Users\******\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 - Michael Tippach)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
CasinoClub (HKLM\...\CasinoClub ) (Version:  - GtechG2)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
GhostMouse (HKLM\...\GhostMouse_is1) (Version: Free V3.2.2 - ghost-mouse.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.94 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICQ7M (HKLM\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
Pinnacle VideoSpin (HKLM\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2801342529-536116899-3390027421-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> dwusplay.dll No File
CustomCLSID: HKU\S-1-5-21-2801342529-536116899-3390027421-1001_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> dwusplay.exe No File

==================== Restore Points  =========================

15-08-2014 04:55:23 Geplanter Prüfpunkt
22-08-2014 05:41:36 Geplanter Prüfpunkt
29-08-2014 01:49:17 Removed iTunes
29-08-2014 01:53:32 Removed Apple Software Update
29-08-2014 01:54:28 Removed Apple Application Support
31-08-2014 02:47:37 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8DF48E16-741E-4B1C-93DD-0AF1D99DA7B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
Task: {93723EF8-2073-4011-AD4A-C098FAE4C541} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
Task: {EF443A18-D835-4891-B28E-2D818CDA472F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-31] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-31 04:50 - 2014-08-31 04:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-02 20:57 - 2014-09-02 20:57 - 02807296 _____ () C:\Program Files\AVAST Software\Avast\defs\14090200\algo.dll
2014-08-23 02:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-23 02:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-23 02:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-23 02:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-23 02:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-31 04:50 - 2014-08-31 04:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-02 21:11 - 2014-08-20 00:16 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\pdf.dll
2014-09-02 21:11 - 2014-08-20 00:16 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\ppGoogleNaClPluginChrome.dll
2014-09-02 21:10 - 2014-08-20 00:16 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\ffmpegsumo.dll
2014-06-22 02:59 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\******\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-06-22 02:59 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\******\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-09-02 21:11 - 2014-08-20 00:16 - 14669128 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 09:03:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:57:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 11:17:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/31/2014 04:49:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816\instup.exe  /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816 ; Beschreibung = avast! antivirus system restore point; Fehler = 0x800706be).

Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary dmngnjwq.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/31/2014 04:47:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/29/2014 03:54:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/29/2014 03:53:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/28/2014 08:30:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (09/02/2014 08:56:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/02/2014 08:56:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (09/02/2014 08:55:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎02.‎09.‎2014 um 20:54:18 unerwartet heruntergefahren.

Error: (08/27/2014 04:20:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/27/2014 02:43:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (08/24/2014 01:01:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (08/24/2014 01:00:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/24/2014 01:00:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (08/23/2014 04:32:06 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Netzwerkspeicher-Schnittstellendienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (08/23/2014 04:30:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (09/02/2014 09:03:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:57:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 11:17:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe

Error: (08/31/2014 04:49:20 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816\instup.exe  /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\******\AppData\Local\Temp\_av_iup.tm~a07816 avast! antivirus system restore point0x800706be

Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary dmngnjwq.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 04:49:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/31/2014 04:47:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/29/2014 03:54:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/29/2014 03:53:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary GEAR ASPI Filter Driver.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (08/28/2014 08:30:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3070.49 MB
Available physical RAM: 1509.31 MB
Total Pagefile: 6139.27 MB
Available Pagefile: 4406.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1869.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.49 GB) (Free:206.33 GB) NTFS
Drive d: () (Fixed) (Total:14.5 GB) (Free:11.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.5 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-02 23:41:30
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAC 298,09GB
Running: uyh5nomf.exe; Driver: C:\Users\****\AppData\Local\Temp\uwldqpow.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwAddBootEntry [0x8FE9BBA6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwAssignProcessToJobObject [0x8FE9C684]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwCreateEvent [0x8FEA86F8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwCreateEventPair [0x8FEA8744]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwCreateIoCompletion [0x8FEA88DE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwCreateMutant [0x8FEA8666]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwCreateSection [0x8FF52DF0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwCreateSemaphore [0x8FEA86AE]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwCreateThread [0x8FF53080]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwCreateThreadEx [0x8FF5316A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwCreateTimer [0x8FEA8898]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwDebugActiveProcess [0x8FE9D472]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwDeleteBootEntry [0x8FE9BC0C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwDuplicateObject [0x8FEA0C68]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwLoadDriver [0x8FE9B7F8]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwMapViewOfSection [0x8FF52ED0]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwModifyBootEntry [0x8FE9BC72]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwNotifyChangeKey [0x8FEA105E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwNotifyChangeMultipleKeys [0x8FE9DF5A]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenEvent [0x8FEA8722]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenEventPair [0x8FEA8766]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenIoCompletion [0x8FEA8902]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenMutant [0x8FEA868C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenProcess [0x8FEA0560]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenSection [0x8FEA8816]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenSemaphore [0x8FEA86D6]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenThread [0x8FEA094C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwOpenTimer [0x8FEA88BC]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwProtectVirtualMemory [0x8FF52C6E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwQueryObject [0x8FE9DDCE]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwQueueApcThreadEx [0x8FE9DADC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSetBootEntryOrder [0x8FE9BCD8]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSetBootOptions [0x8FE9BD3E]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwSetContextThread [0x8FF52FCC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSetSystemInformation [0x8FE9B892]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSetSystemPowerState [0x8FE9BA64]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwShutdownSystem [0x8FE9B9F2]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSuspendProcess [0x8FE9D63C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSuspendThread [0x8FE9D79E]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwSystemDebugControl [0x8FE9BAEC]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwTerminateProcess [0x8FF52D3C]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwTerminateThread [0x8FE9D2CC]
SSDT   \SystemRoot\system32\drivers\aswSnx.sys                                                                               ZwVdmControl [0x8FE9BDA4]
SSDT   \SystemRoot\system32\drivers\aswSP.sys                                                                                ZwWriteVirtualMemory [0x8FF52BA0]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                              82A53A15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                82A8D212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                   82A94460 4 Bytes  [A6, BB, E9, 8F]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                   82A944E8 4 Bytes  [84, C6, E9, 8F]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                   82A9453C 8 Bytes  JMP EA87448F 
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                   82A94548 4 Bytes  [DE, 88, EA, 8F]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                   82A94564 4 Bytes  [66, 86, EA, 8F]
.text  ...                                                                                                                   
PAGE   ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                           82C4F4DF 4 Bytes  CALL 8FE9E641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE   ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                          82C69347 4 Bytes  CALL 8FE9E657 \SystemRoot\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70                                                   77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70                                                   77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\wininit.exe[452] kernel32.dll!GetBinaryTypeW + 70                                                 77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\services.exe[496] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\winlogon.exe[520] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  ...                                                                                                                   
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1256] kernel32.dll!SetUnhandledExceptionFilter                     77A5F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1256] kernel32.dll!GetBinaryTypeW + 70                             77A76AAC 1 Byte  [62]
.text  C:\Windows\Explorer.EXE[1428] kernel32.dll!GetBinaryTypeW + 70                                                        77A76AAC 1 Byte  [62]
.text  C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[1444] kernel32.dll!GetBinaryTypeW + 70                      77A76AAC 1 Byte  [62]
.text  C:\Windows\System32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[1620] kernel32.dll!SetUnhandledExceptionFilter                      77A5F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[1620] kernel32.dll!GetBinaryTypeW + 70                              77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Users\****\Downloads\uyh5nomf.exe[2036] kernel32.dll!GetBinaryTypeW + 70                                            77A76AAC 1 Byte  [62]
.text  C:\Program Files\Skype\Phone\Skype.exe[2720] kernel32.dll!GetBinaryTypeW + 70                                         77A76AAC 1 Byte  [62]
.text  C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2884] kernel32.dll!GetBinaryTypeW + 70                      77A76AAC 1 Byte  [62]
.text  ...                                                                                                                   
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, 90, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, 93, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, 90, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, 91, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C10274 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, 92, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, 91, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, 92, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C10305 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, 90, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C104C3 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, 91, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, 92, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, 93, A4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 00B103FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 00B101F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3372] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  CALL 5ABF5710 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, EB, FD, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  CALL 5ABF5E20 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  JMP 5ABF5ED0 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C15BCC C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  JMP E2FF00FD 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  JMP 5ABF5F50 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  JMP E2FF00FD 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C15C5D C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  CALL 5ABF6080 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C15E1B C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  JMP 5ABF6780 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  JMP E2FF00FD 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, EB, FD, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 011903FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 011901F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[3524] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\notepad.exe[3664] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe[3936] KERNEL32.dll!GetBinaryTypeW + 70                       77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\AUDIODG.EXE[3952] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [18, 10, 82, 6E]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 000E03FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4028] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 000E01F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4028] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\WUDFHost.exe[4232] kernel32.dll!GetBinaryTypeW + 70                                               77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, BC, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, BF, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, BC, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, BD, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C163A0 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, BE, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, BD, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, BE, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C16431 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, BC, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C165EF C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, BD, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, BE, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, BF, 05, 01]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 011203FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 011201F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4308] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, 5C, 5F, 00] {SUB [EDI+EBX*2+0x0], BL}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, 5F, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, 5C, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, 5D, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C0BD40 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, 5E, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, 5D, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, 5E, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C0BDD1 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, 5C, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C0BF8F C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, 5D, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, 5E, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, 5F, 5F, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 006C03FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 006C01F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[4348] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[4452] kernel32.dll!GetBinaryTypeW + 70                             77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\taskmgr.exe[4600] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\DllHost.exe[4928] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Windows\System32\svchost.exe[5108] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, 34, D4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, 37, D4, 00] {SUB [EDI], DH; AAM 0x0}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, 34, D4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, 35, D4, 00] {TEST AL, 0x35; AAM 0x0}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C13218 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, 36, D4, 00] {TEST AL, 0x36; AAM 0x0}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, 35, D4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, 36, D4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C132A9 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, 34, D4, 00] {TEST AL, 0x34; AAM 0x0}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C13467 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, 35, D4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, 36, D4, 00] {SUB [ESI], DH; AAM 0x0}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, 37, D4, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 00F603FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 00F601F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5164] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, 58, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, 5B, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, 58, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, 59, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C0B53C C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, 5A, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, 59, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, 5A, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C0B5CD C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, 58, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C0B78B C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, 59, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, 5A, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, 5B, 57, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 006403FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 006401F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Windows\system32\vssvc.exe[5804] kernel32.dll!GetBinaryTypeW + 70                                                  77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, 30, 8A, 00] {SUB [EAX], DH; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, 33, 8A, 00] {SUB [EBX], DH; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, 30, 8A, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, 31, 8A, 00] {TEST AL, 0x31; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C0E814 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, 32, 8A, 00] {TEST AL, 0x32; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, 31, 8A, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, 32, 8A, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C0E8A5 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, 30, 8A, 00] {TEST AL, 0x30; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C0EA63 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, 31, 8A, 00] {SUB [ECX], DH; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, 32, 8A, 00] {SUB [EDX], DH; MOV AL, [EAX]}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, 33, 8A, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 00B703FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 00B701F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6020] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, 5C, AE, 00] {SUB [ESI+EBP*4+0x0], BL}
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, 5F, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, 5C, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, 5D, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C10C40 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, 5E, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, 5D, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, 5E, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C10CD1 C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, 5C, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C10E8F C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, 5D, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, 5E, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, 5F, AE, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 00BE03FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 00BE01F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6024] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + 6                                77C0560E 4 Bytes  [28, A8, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + B                                77C05613 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6                          77C05C6E 4 Bytes  [28, AB, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + B                          77C05C73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + 6                                  77C05D1E 4 Bytes  [68, A8, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + B                                  77C05D23 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + 6                               77C05DCE 4 Bytes  [A8, A9, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + B                               77C05DD3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + 6                          77C05DDE 4 Bytes  CALL 76C0A18C C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + B                          77C05DE3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + 6                        77C05DEE 4 Bytes  [A8, AA, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + B                        77C05DF3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + 6                                77C05E4E 4 Bytes  [68, A9, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + B                                77C05E53 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + 6                           77C05E5E 4 Bytes  [68, AA, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + B                           77C05E63 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + 6                         77C05E6E 4 Bytes  CALL 76C0A21D C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + B                         77C05E73 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + 6                       77C05F7E 4 Bytes  [A8, A8, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + B                       77C05F83 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + 6                   77C0602E 4 Bytes  CALL 76C0A3DB C:\Windows\system32\SHELL32.dll
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + B                   77C06033 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + 6                        77C0667E 4 Bytes  [28, A9, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + B                        77C06683 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + 6                      77C066DE 4 Bytes  [28, AA, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + B                      77C066E3 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6                        77C069FE 4 Bytes  [68, AB, 43, 00]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + B                        77C06A03 1 Byte  [E2]
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!LdrUnloadDll                                    77C1C8DE 5 Bytes  JMP 005003FC 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!LdrLoadDll                                      77C222AE 5 Bytes  JMP 005001F8 
.text  C:\Program Files\Google\Chrome\Application\chrome.exe[6068] KERNEL32.dll!GetBinaryTypeW + 70                          77A76AAC 1 Byte  [62]
.text  C:\Windows\System32\svchost.exe[6084] kernel32.dll!GetBinaryTypeW + 70                                                77A76AAC 1 Byte  [62]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                      94729
Reg    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2801342529-536116899-3390027421-1001@RefCount  5
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b    0x2E 0xE8 0xE1 0x00 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b    0x6A 0x9C 0xD6 0x61 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016    0x7A 0x45 0x05 0xFD ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48    0x3E 0x1E 0x9E 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472    0xCD 0x44 0xCD 0xB9 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d    0xDF 0x20 0x58 0x62 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b    0x31 0x77 0xE1 0xBA ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d    0x83 0x6C 0x56 0x8B ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3    0x51 0xFA 0x6E 0x91 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b    0x3D 0xCE 0xEA 0x26 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6    0x2A 0xB7 0xCC 0xB5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                     
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                      Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                    C:\Windows\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2    0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 2.1 ----
         

Alt 03.09.2014, 05:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 

dllhost.exe kommt immer wieder - Standard

dllhost.exe kommt immer wieder



hi,

das ist ne legitime Windows Datei
__________________

__________________

Alt 04.09.2014, 23:02   #3
237187
 
dllhost.exe kommt immer wieder - Standard

dllhost.exe kommt immer wieder



sicher?
__________________

Alt 05.09.2014, 20:09   #4
schrauber
/// the machine
/// TB-Ausbilder
 

dllhost.exe kommt immer wieder - Standard

dllhost.exe kommt immer wieder



nee ich rate meine Antworten nur....

Lass die Datei doch mal bei virustotal scannen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.09.2014, 00:20   #5
237187
 
dllhost.exe kommt immer wieder - Standard

dllhost.exe kommt immer wieder



hab ich gemacht...

es wundert mich halt nur das die Datei so oft im Taskmanager erscheint, selbst wenn ich NIX mache(aber trotzdem im Inet bin und n Film guck oder so..)


Alt 06.09.2014, 18:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

dllhost.exe kommt immer wieder - Standard

dllhost.exe kommt immer wieder



du hast dir aber schon mal angeschaut bei Google was das für ne Datei is oder?
__________________
--> dllhost.exe kommt immer wieder

Antwort

Themen zu dllhost.exe kommt immer wieder
adware, antivirus, avira, com surrogate, cpu, desktop, dllhost.exe, fehler, flash player, helper, hijack, hijackthis, home, homepage, internet, kommt immer wieder, problem, programm, prozess, registry, safer networking, sanduhr, scan, security, software, svchost.exe, system, taskmanager, windows



Ähnliche Themen: dllhost.exe kommt immer wieder


  1. DownloadProdekt kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 03.11.2014 (21)
  2. CouponDropDown kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.05.2013 (37)
  3. GVU, Polizei, BKA Trojaner kommt immer und immer wieder
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (3)
  4. TR/ATRAPS.Gen kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (5)
  5. TR/Dropper.gen kommt immer wieder
    Log-Analyse und Auswertung - 27.04.2011 (32)
  6. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  7. Trojaner kommt immer wieder
    Log-Analyse und Auswertung - 05.08.2010 (19)
  8. JS.Redirector.455 kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 07.11.2009 (1)
  9. JS/Redirector.455 kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 26.10.2009 (3)
  10. Trojaner kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 02.06.2009 (1)
  11. Trojaner kommt immer wieder...
    Log-Analyse und Auswertung - 24.08.2008 (11)
  12. uEXci4uY.exe kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 11.07.2008 (22)
  13. Swizzor kommt immer wieder
    Log-Analyse und Auswertung - 30.04.2006 (1)
  14. coolwwwsearch kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 03.01.2006 (4)
  15. Das Ding kommt immer wieder!!!
    Plagegeister aller Art und deren Bekämpfung - 20.05.2005 (61)
  16. Startseite kommt immer wieder
    Log-Analyse und Auswertung - 12.08.2004 (2)

Zum Thema dllhost.exe kommt immer wieder - Okay, folgendes Problem, bei mir(Windows 7) taucht wenn ich mit dem Internet verbunden bin immer die dllhost.exe auf(in der Beschreibung steht Com Surrogate), und wenn ich im Taskmanager bin verschwindet - dllhost.exe kommt immer wieder...
Archiv
Du betrachtest: dllhost.exe kommt immer wieder auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.