Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.09.2011, 17:37   #1
o.O
 
Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " - Standard

Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "



Hallo,

seit heute kann ich mit keinem Browser (FF 6.0.2, Opera) auf Youtube kommen. Es erscheint jedesmal die Fehlermeldung "Fehler: Server nicht gefunden".
Alle anderen Internetseiten scheinen zu funktionieren.
Ich arbeite mit Windows 7 (32bit).

Hier das OTL file:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.09.2011 18:07:56 - Run 3
OTL by OldTimer - Version 3.2.28.0     Folder = D:\Users\Alex\Desktop\trojanerboard
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,59% Memory free
4,00 Gb Paging File | 2,94 Gb Available in Paging File | 73,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive D: | 232,88 Gb Total Space | 135,96 Gb Free Space | 58,38% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Alex\Desktop\trojanerboard\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - D:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - D:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - D:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - D:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - D:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - D:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - D:\Programme\Launchy\Launchy.exe ()
PRC - D:\Programme\NetMeter\NetMeter.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - D:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - D:\Programme\Notepad++\NppShell_04.dll ()
MOD - D:\Programme\Launchy\plugins\calcy.dll ()
MOD - D:\Programme\Launchy\plugins\gcalc.dll ()
MOD - D:\Programme\Launchy\plugins\runner.dll ()
MOD - D:\Programme\Launchy\plugins\weby.dll ()
MOD - D:\Programme\Launchy\Launchy.exe ()
MOD - D:\Programme\Launchy\plugins\verby.dll ()
MOD - D:\Programme\Launchy\plugins\controly.dll ()
MOD - D:\Programme\Launchy\imageformats\qmng4.dll ()
MOD - D:\Programme\Launchy\QtGui4.dll ()
MOD - D:\Programme\Launchy\QtNetwork4.dll ()
MOD - D:\Programme\Launchy\QtCore4.dll ()
MOD - D:\Programme\NetMeter\NetMeter.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- D:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- D:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (LBTServ) -- D:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (DAUpdaterSvc) -- D:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- D:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- D:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- D:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- D:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- D:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- D:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SbieDrv) -- D:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (vmbus) -- D:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LMouKE) -- D:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- D:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- D:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- D:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- D:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (yukonw7) -- D:\Windows\System32\drivers\yk62x86.sys ()
DRV - (tandpl) -- D:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- D:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 77 63 54 75 74 CC 01  [binary data]
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: treestyletab@piro.sakura.ne.jp:0.11.2011021901
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.16 14:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 18:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.06.05 19:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.07.31 15:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.03 14:05:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.05.03 14:05:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.02 15:25:55 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions
[2011.08.19 13:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.02 15:25:55 | 000,000,000 | ---D | M] (Ghostery) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\firefox@ghostery.com
[2011.08.17 12:19:07 | 000,000,000 | ---D | M] (Cooliris) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\piclens@cooliris.com
[2011.06.18 14:08:21 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2011.06.05 19:17:54 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.18 14:08:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\TREESTYLETAB@PIRO.SAKURA.NE.JP.XPI
[2011.09.07 18:05:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- D:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.16 17:18:14 | 000,000,000 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Programme\NetMeter\NetMeter.exe ()
O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1001..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Maus- und Tastatureinstellungen.lnk = D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED1F7C9-39F2-436B-AD0D-2AF7254C989C}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) -D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - d:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8d78a650-9433-11e0-ad9a-001a4d40eb99}\Shell - "" = AutoRun
O33 - MountPoints2\{8d78a650-9433-11e0-ad9a-001a4d40eb99}\Shell\AutoRun\command - "" = F:\DS1.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - D:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.16 17:42:02 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\trojanerboard
[2011.09.09 12:15:09 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\vlc
[2011.09.09 12:14:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.09.09 12:14:00 | 000,000,000 | ---D | C] -- D:\Program Files\VideoLAN
[2011.09.09 11:35:58 | 000,000,000 | ---D | C] -- D:\Users\Alex\dwhelper
[2011.08.28 19:45:18 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\Slot_71
[2011.08.28 19:44:01 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\gff4editor-0.5.4
[2011.08.24 12:04:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2011.08.22 12:47:09 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Local\Electronic Arts
[2011.08.22 12:47:01 | 000,000,000 | ---D | C] -- D:\Users\Alex\Documents\Electronic Arts
[2011.08.22 12:44:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.08.22 12:27:48 | 000,000,000 | ---D | C] -- D:\Program Files\Electronic Arts
[2011.08.22 12:19:52 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\Launchy
[2011.08.22 12:19:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launchy
[2011.08.22 12:19:32 | 000,000,000 | ---D | C] -- D:\Program Files\Launchy
[2011.08.18 12:40:44 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\Opera
[2011.08.18 12:40:44 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Local\Opera
[2011.08.18 12:40:39 | 000,000,000 | ---D | C] -- D:\Program Files\Opera
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.16 17:54:12 | 000,016,704 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.16 17:54:12 | 000,016,704 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.16 17:46:52 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011.09.16 17:46:48 | 1609,424,896 | -HS- | M] () -- D:\hiberfil.sys
[2011.09.16 17:43:16 | 000,000,156 | ---- | M] () -- D:\Users\Alex\defogger_reenable
[2011.09.16 17:18:14 | 000,000,000 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2011.09.15 12:17:11 | 000,036,236 | ---- | M] () -- D:\Users\Alex\Desktop\Werften von Antiga (4).SC2Replay
[2011.09.14 13:46:59 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2011.09.14 13:46:59 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011.09.14 13:46:59 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2011.09.14 13:46:59 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011.08.29 16:09:42 | 000,003,584 | ---- | M] () -- D:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.28 19:53:01 | 000,001,645 | ---- | M] () -- D:\Users\Alex\Desktop\Angel_console_fix_fonts_er-1110.zip
[2011.08.28 19:43:29 | 018,668,802 | ---- | M] () -- D:\Users\Alex\Desktop\gff4editor-0.5.4.zip
[2011.08.22 12:19:33 | 000,000,971 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.16 17:43:15 | 000,000,156 | ---- | C] () -- D:\Users\Alex\defogger_reenable
[2011.09.15 12:17:09 | 000,036,236 | ---- | C] () -- D:\Users\Alex\Desktop\Werften von Antiga (4).SC2Replay
[2011.08.29 16:09:42 | 000,003,584 | ---- | C] () -- D:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.28 19:52:59 | 000,001,645 | ---- | C] () -- D:\Users\Alex\Desktop\Angel_console_fix_fonts_er-1110.zip
[2011.08.28 19:42:19 | 018,668,802 | ---- | C] () -- D:\Users\Alex\Desktop\gff4editor-0.5.4.zip
[2011.08.24 16:08:15 | 002,344,694 | ---- | C] () -- D:\Users\Alex\Desktop\BILD1260.JPG
[2011.08.22 12:19:33 | 000,000,971 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2011.08.18 12:40:41 | 000,001,791 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.08.16 11:36:54 | 000,007,552 | ---- | C] () -- D:\Windows\System32\drivers\enodpl.sys
[2011.08.16 11:36:54 | 000,004,736 | ---- | C] () -- D:\Windows\System32\drivers\tandpl.sys
[2011.06.24 12:47:44 | 000,000,193 | ---- | C] () -- D:\Windows\hppsapp.INI
[2011.05.03 14:54:03 | 000,001,548 | ---- | C] () -- D:\Windows\Sandboxie.ini
[2011.04.29 11:47:38 | 000,007,615 | ---- | C] () -- D:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2011.04.27 23:03:56 | 000,306,688 | ---- | C] () -- D:\Windows\System32\Lffpx7.dll
[2011.04.27 23:03:56 | 000,095,232 | ---- | C] () -- D:\Windows\System32\Lfkodak.dll
[2011.04.27 13:43:11 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.06.11 20:17:51 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2011.05.06 14:54:22 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\GrabPro
[2011.07.24 18:23:37 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\IrfanView
[2011.08.22 12:20:05 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Launchy
[2011.04.27 14:39:57 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Leadertech
[2011.05.24 17:51:00 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Mp3tag
[2011.05.15 20:19:45 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\NetMeter
[2011.04.27 14:49:24 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Notepad++
[2011.08.18 12:40:44 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Opera
[2011.06.28 16:00:59 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Orbit
[2011.04.27 14:50:30 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\ProgSense
[2011.05.03 14:05:33 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Thunderbird
[2011.05.15 20:19:45 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\TS3Client
[2011.09.11 16:47:24 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.28 12:00:28 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2011.07.16 16:08:18 | 000,000,000 | -HSD | M] -- D:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2011.04.27 14:50:30 | 000,000,000 | ---D | M] -- D:\Downloads
[2011.04.27 14:30:04 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011.09.09 12:14:00 | 000,000,000 | R--D | M] -- D:\Program Files
[2011.06.13 17:36:33 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Programme
[2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011.05.03 14:57:59 | 000,000,000 | R--D | M] -- D:\Sandbox
[2011.09.16 17:54:32 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2011.05.03 14:57:18 | 000,000,000 | R--D | M] -- D:\Users
[2011.07.16 14:35:46 | 000,000,000 | ---D | M] -- D:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs         >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 10:30:40
 
< End of report >
         
--- --- ---

[/CODE]

Gruß

Hab jetzt erst gesehen, dass das gmer-logfile nicht hochgeladen wurde....

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-16 18:28:17
Windows 6.1.7601 Service Pack 1 
Running: gmer.exe; Driver: D:\Users\Alex\AppData\Local\Temp\kxldrpog.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwAddBootEntry [0x8DE43202]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                  ZwAllocateVirtualMemory [0x8E774D8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateEvent [0x8DE457F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateEventPair [0x8DE45848]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateIoCompletion [0x8DE4595E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateMutant [0x8DE45746]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateSection [0x8DE45898]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateSemaphore [0x8DE4579A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwCreateTimer [0x8DE4590C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwDeleteBootEntry [0x8DE43226]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                  ZwFreeVirtualMemory [0x8E774E3C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwLoadDriver [0x8DE42FF0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwModifyBootEntry [0x8DE4324A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwNotifyChangeKey [0x8DE45D56]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwNotifyChangeMultipleKeys [0x8DE43CDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenEvent [0x8DE45820]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenEventPair [0x8DE45870]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenIoCompletion [0x8DE45988]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenMutant [0x8DE45772]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenSection [0x8DE458D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenSemaphore [0x8DE457C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwOpenTimer [0x8DE45936]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                  ZwProtectVirtualMemory [0x8E774ED4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwQueryObject [0x8DE43BA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwSetBootEntryOrder [0x8DE4326E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwSetBootOptions [0x8DE43292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwSetSystemInformation [0x8DE4304A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwSetSystemPowerState [0x8DE43186]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwShutdownSystem [0x8DE43162]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwSystemDebugControl [0x8DE431AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                  ZwVdmControl [0x8DE432B6]
 
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                  ZwCreateProcessEx [0x8E78A398]
Code            95DFFBFC                                                                                               ZwTraceEvent
Code            95DFFBFB                                                                                               NtTraceEvent
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                  ObMakeTemporaryObject
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                          82C3E349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                 82C77D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                    82C7ED80 4 Bytes  [02, 32, E4, 8D] {ADD DH, [EDX]; IN AL, 0x8d}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                    82C7EDA8 4 Bytes  [8C, 4D, 77, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                    82C7EE5C 2 Bytes  [F0, 57]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11AA                                                                    82C7EE5F 5 Bytes  [8D, 48, 58, E4, 8D] {LEA ECX, [EAX+0x58]; IN AL, 0x8d}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                    82C7EE68 4 Bytes  [5E, 59, E4, 8D] {POP ESI; POP ECX; IN AL, 0x8d}
.text           ...                                                                                                    
.text           ntkrnlpa.exe!NtTraceEvent                                                                              82CC765A 5 Bytes  JMP 95DFFC00 
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                     82E0BBE8 5 Bytes  JMP 8E785D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                       82E241B8 5 Bytes  JMP 8E78780A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                            82E392FF 4 Bytes  CALL 8DE4434B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                                82E3E96D 5 Bytes  JMP 95DFFD40 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                             82E52FB1 5 Bytes  JMP 95DFFDE0 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                           82E530D1 4 Bytes  CALL 8DE44361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                         82E814DF 5 Bytes  JMP 95DFFCA0 
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                         82EDCF10 7 Bytes  JMP 8E78A39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           user32.dll!UnhookWindowsHookEx                                                                         75C7ADF9 5 Bytes  [E9, 0A, 5C, 67, 8A] {JMP 0xffffffff8a675c0f}
.text           user32.dll!UnhookWinEvent                                                                              75C7B750 5 Bytes  [E9, A7, 4C, 67, 8A] {JMP 0xffffffff8a674cac}
.text           user32.dll!SetWindowsHookExW                                                                           75C7E30C 5 Bytes  [E9, F3, 24, 67, 8A] {JMP 0xffffffff8a6724f8}
.text           user32.dll!SetWinEventHook                                                                             75C824DC 5 Bytes  [E9, 17, DD, 66, 8A] {JMP 0xffffffff8a66dd1c}
.text           user32.dll!SetWindowsHookExA                                                                           75CA6D0C 5 Bytes  [E9, EF, 98, 64, 8A] {JMP 0xffffffff8a6498f4}
.text           kernel32.dll!GetBinaryTypeW + 70                                                                       75A369F4 1 Byte  [62]
 
---- User code sections - GMER 1.0.15 ----
 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] ntdll.dll!LdrUnloadDll              7738C8DE 5 Bytes  JMP 001503FC 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] ntdll.dll!LdrLoadDll                773922B8 5 Bytes  JMP 001501F8 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] kernel32.dll!GetBinaryTypeW + 70    75A369F4 1 Byte  [62]
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!UnhookWindowsHookEx      75C7ADF9 5 Bytes  JMP 00300A08 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!UnhookWinEvent           75C7B750 5 Bytes  JMP 003003FC 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWindowsHookExW        75C7E30C 5 Bytes  JMP 00300804 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWinEventHook          75C824DC 5 Bytes  JMP 003001F8 
.text           D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWindowsHookExA        75CA6D0C 5 Bytes  JMP 00300600 
.text           D:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70                                    75A369F4 1 Byte  [62]
.text           D:\Windows\system32\wininit.exe[488] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 000303FC 
.text           D:\Windows\system32\wininit.exe[488] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 000301F8 
.text           D:\Windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\system32\wininit.exe[488] USER32.dll!UnhookWindowsHookEx                                    75C7ADF9 5 Bytes  JMP 00050A08 
.text           D:\Windows\system32\wininit.exe[488] USER32.dll!UnhookWinEvent                                         75C7B750 5 Bytes  JMP 000503FC 
.text           D:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExW                                      75C7E30C 5 Bytes  JMP 00050804 
.text           D:\Windows\system32\wininit.exe[488] USER32.dll!SetWinEventHook                                        75C824DC 5 Bytes  JMP 000501F8 
.text           D:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExA                                      75CA6D0C 5 Bytes  JMP 00050600 
.text           D:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70                                    75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[504] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[504] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[504] USER32.dll!UnhookWindowsHookEx                                    75C7ADF9 5 Bytes  JMP 00420A08 
.text           D:\Windows\system32\svchost.exe[504] USER32.dll!UnhookWinEvent                                         75C7B750 5 Bytes  JMP 004203FC 
.text           D:\Windows\system32\svchost.exe[504] USER32.dll!SetWindowsHookExW                                      75C7E30C 5 Bytes  JMP 00420804 
.text           D:\Windows\system32\svchost.exe[504] USER32.dll!SetWinEventHook                                        75C824DC 5 Bytes  JMP 004201F8 
.text           D:\Windows\system32\svchost.exe[504] USER32.dll!SetWindowsHookExA                                      75CA6D0C 5 Bytes  JMP 00420600 
.text           D:\Windows\system32\services.exe[540] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\services.exe[540] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\services.exe[540] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\lsass.exe[560] ntdll.dll!LdrUnloadDll                                              7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\lsass.exe[560] ntdll.dll!LdrLoadDll                                                773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 70                                    75A369F4 1 Byte  [62]
.text           D:\Windows\system32\lsass.exe[560] USER32.dll!UnhookWindowsHookEx                                      75C7ADF9 5 Bytes  JMP 00100A08 
.text           D:\Windows\system32\lsass.exe[560] USER32.dll!UnhookWinEvent                                           75C7B750 5 Bytes  JMP 001003FC 
.text           D:\Windows\system32\lsass.exe[560] USER32.dll!SetWindowsHookExW                                        75C7E30C 5 Bytes  JMP 00100804 
.text           D:\Windows\system32\lsass.exe[560] USER32.dll!SetWinEventHook                                          75C824DC 5 Bytes  JMP 001001F8 
.text           D:\Windows\system32\lsass.exe[560] USER32.dll!SetWindowsHookExA                                        75CA6D0C 5 Bytes  JMP 00100600 
.text           D:\Windows\system32\lsm.exe[568] ntdll.dll!LdrUnloadDll                                                7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\lsm.exe[568] ntdll.dll!LdrLoadDll                                                  773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\lsm.exe[568] kernel32.dll!GetBinaryTypeW + 70                                      75A369F4 1 Byte  [62]
.text           D:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000303FC 
.text           D:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000301F8 
.text           D:\Windows\system32\winlogon.exe[624] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 000C0A08 
.text           D:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 000C03FC 
.text           D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 000C0804 
.text           D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 000C01F8 
.text           D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 000C0600 
.text           D:\Windows\system32\svchost.exe[716] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[716] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[716] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\system32\nvvsvc.exe[788] ntdll.dll!LdrUnloadDll                                             7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Windows\system32\nvvsvc.exe[788] ntdll.dll!LdrLoadDll                                               773922B8 5 Bytes  JMP 001601F8 
.text           D:\Windows\system32\nvvsvc.exe[788] kernel32.dll!GetBinaryTypeW + 70                                   75A369F4 1 Byte  [62]
.text           D:\Windows\system32\nvvsvc.exe[788] USER32.dll!UnhookWindowsHookEx                                     75C7ADF9 5 Bytes  JMP 001F0A08 
.text           D:\Windows\system32\nvvsvc.exe[788] USER32.dll!UnhookWinEvent                                          75C7B750 5 Bytes  JMP 001F03FC 
.text           D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWindowsHookExW                                       75C7E30C 5 Bytes  JMP 001F0804 
.text           D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWinEventHook                                         75C824DC 5 Bytes  JMP 001F01F8 
.text           D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWindowsHookExA                                       75CA6D0C 5 Bytes  JMP 001F0600 
.text           D:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 000A03FC 
.text           D:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 000A01F8 
.text           D:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx                                    75C7ADF9 5 Bytes  JMP 00510A08 
.text           D:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent                                         75C7B750 5 Bytes  JMP 005103FC 
.text           D:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW                                      75C7E30C 5 Bytes  JMP 00510804 
.text           D:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook                                        75C824DC 5 Bytes  JMP 005101F8 
.text           D:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA                                      75CA6D0C 5 Bytes  JMP 00510600 
.text           D:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx                                    75C7ADF9 5 Bytes  JMP 00370A08 
.text           D:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent                                         75C7B750 5 Bytes  JMP 003703FC 
.text           D:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW                                      75C7E30C 5 Bytes  JMP 00370804 
.text           D:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook                                        75C824DC 5 Bytes  JMP 003701F8 
.text           D:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA                                      75CA6D0C 5 Bytes  JMP 00370600 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] ntdll.dll!LdrUnloadDll            7738C8DE 5 Bytes  JMP 001703FC 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] ntdll.dll!LdrLoadDll              773922B8 5 Bytes  JMP 001701F8 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] kernel32.dll!GetBinaryTypeW + 70  75A369F4 1 Byte  [62]
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!UnhookWindowsHookEx    75C7ADF9 5 Bytes  JMP 00300A08 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!UnhookWinEvent         75C7B750 5 Bytes  JMP 003003FC 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWindowsHookExW      75C7E30C 5 Bytes  JMP 00300804 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWinEventHook        75C824DC 5 Bytes  JMP 003001F8 
.text           D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWindowsHookExA      75CA6D0C 5 Bytes  JMP 00300600 
.text           D:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 00B10A08 
.text           D:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 00B103FC 
.text           D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 00B10804 
.text           D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 00B101F8 
.text           D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 00B10600 
.text           D:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 001E0A08 
.text           D:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 001E03FC 
.text           D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 001E0804 
.text           D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 001E01F8 
.text           D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 001E0600 
.text           D:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 000F0A08 
.text           D:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 000F03FC 
.text           D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 000F0804 
.text           D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 000F01F8 
.text           D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 000F0600 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll                                    7738C8DE 5 Bytes  JMP 000903FC 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll                                      773922B8 5 Bytes  JMP 000901F8 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70                          75A369F4 1 Byte  [62]
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx                            75C7ADF9 5 Bytes  JMP 00140A08 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent                                 75C7B750 5 Bytes  JMP 001403FC 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW                              75C7E30C 5 Bytes  JMP 00140804 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook                                75C824DC 5 Bytes  JMP 001401F8 
.text           D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA                              75CA6D0C 5 Bytes  JMP 00140600 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrUnloadDll                  7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrLoadDll                    773922B8 5 Bytes  JMP 001601F8 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] kernel32.dll!GetBinaryTypeW + 70        75A369F4 1 Byte  [62]
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWindowsHookEx          75C7ADF9 5 Bytes  JMP 001F0A08 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWinEvent               75C7B750 5 Bytes  JMP 001F03FC 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExW            75C7E30C 5 Bytes  JMP 001F0804 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWinEventHook              75C824DC 5 Bytes  JMP 001F01F8 
.text           D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExA            75CA6D0C 5 Bytes  JMP 001F0600 
.text           D:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrUnloadDll                                            7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrLoadDll                                              773922B8 5 Bytes  JMP 001601F8 
.text           D:\Windows\system32\nvvsvc.exe[1296] kernel32.dll!GetBinaryTypeW + 70                                  75A369F4 1 Byte  [62]
.text           D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWindowsHookEx                                    75C7ADF9 5 Bytes  JMP 001F0A08 
.text           D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWinEvent                                         75C7B750 5 Bytes  JMP 001F03FC 
.text           D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExW                                      75C7E30C 5 Bytes  JMP 001F0804 
.text           D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWinEventHook                                        75C824DC 5 Bytes  JMP 001F01F8 
.text           D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExA                                      75CA6D0C 5 Bytes  JMP 001F0600 
.text           D:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 00990A08 
.text           D:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 009903FC 
.text           D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 00990804 
.text           D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 009901F8 
.text           D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 00990600 
.text           D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter      75A1F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70              75A369F4 1 Byte  [62]
.text           D:\Windows\System32\spoolsv.exe[1916] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\System32\spoolsv.exe[1916] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\System32\spoolsv.exe[1916] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\System32\spoolsv.exe[1916] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 00190A08 
.text           D:\Windows\System32\spoolsv.exe[1916] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 001903FC 
.text           D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 00190804 
.text           D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 001901F8 
.text           D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 00190600 
.text           D:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\svchost.exe[1944] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\system32\svchost.exe[1944] USER32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 000E0A08 
.text           D:\Windows\system32\svchost.exe[1944] USER32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 000E03FC 
.text           D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 000E0804 
.text           D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 000E01F8 
.text           D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 000E0600 
.text           D:\Windows\system32\Dwm.exe[2192] ntdll.dll!LdrUnloadDll                                               7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\Dwm.exe[2192] ntdll.dll!LdrLoadDll                                                 773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\Dwm.exe[2192] kernel32.dll!GetBinaryTypeW + 70                                     75A369F4 1 Byte  [62]
.text           D:\Windows\system32\Dwm.exe[2192] USER32.dll!UnhookWindowsHookEx                                       75C7ADF9 5 Bytes  JMP 00080A08 
.text           D:\Windows\system32\Dwm.exe[2192] USER32.dll!UnhookWinEvent                                            75C7B750 5 Bytes  JMP 000803FC 
.text           D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWindowsHookExW                                         75C7E30C 5 Bytes  JMP 00080804 
.text           D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWinEventHook                                           75C824DC 5 Bytes  JMP 000801F8 
.text           D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWindowsHookExA                                         75CA6D0C 5 Bytes  JMP 00080600 
.text           D:\Windows\Explorer.EXE[2216] ntdll.dll!LdrUnloadDll                                                   7738C8DE 5 Bytes  JMP 000A03FC 
.text           D:\Windows\Explorer.EXE[2216] ntdll.dll!LdrLoadDll                                                     773922B8 5 Bytes  JMP 000A01F8 
.text           D:\Windows\Explorer.EXE[2216] kernel32.dll!GetBinaryTypeW + 70                                         75A369F4 1 Byte  [62]
.text           D:\Windows\Explorer.EXE[2216] USER32.dll!UnhookWindowsHookEx                                           75C7ADF9 5 Bytes  JMP 00150A08 
.text           D:\Windows\Explorer.EXE[2216] USER32.dll!UnhookWinEvent                                                75C7B750 5 Bytes  JMP 001503FC 
.text           D:\Windows\Explorer.EXE[2216] USER32.dll!SetWindowsHookExW                                             75C7E30C 5 Bytes  JMP 00150804 
.text           D:\Windows\Explorer.EXE[2216] USER32.dll!SetWinEventHook                                               75C824DC 5 Bytes  JMP 001501F8 
.text           D:\Windows\Explorer.EXE[2216] USER32.dll!SetWindowsHookExA                                             75CA6D0C 5 Bytes  JMP 00150600 
.text           D:\Windows\system32\taskhost.exe[2268] ntdll.dll!LdrUnloadDll                                          7738C8DE 5 Bytes  JMP 000503FC 
.text           D:\Windows\system32\taskhost.exe[2268] ntdll.dll!LdrLoadDll                                            773922B8 5 Bytes  JMP 000501F8 
.text           D:\Windows\system32\taskhost.exe[2268] kernel32.dll!GetBinaryTypeW + 70                                75A369F4 1 Byte  [62]
.text           D:\Windows\system32\taskhost.exe[2268] USER32.dll!UnhookWindowsHookEx                                  75C7ADF9 5 Bytes  JMP 00120A08 
.text           D:\Windows\system32\taskhost.exe[2268] USER32.dll!UnhookWinEvent                                       75C7B750 5 Bytes  JMP 001203FC 
.text           D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWindowsHookExW                                    75C7E30C 5 Bytes  JMP 00120804 
.text           D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWinEventHook                                      75C824DC 5 Bytes  JMP 001201F8 
.text           D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWindowsHookExA                                    75CA6D0C 5 Bytes  JMP 00120600 
.text           D:\Windows\system32\AUDIODG.EXE[2516] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrUnloadDll                           7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrLoadDll                             773922B8 5 Bytes  JMP 001601F8 
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] kernel32.dll!GetBinaryTypeW + 70                 75A369F4 1 Byte  [62]
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!UnhookWindowsHookEx                   75C7ADF9 5 Bytes  JMP 00200A08 
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!UnhookWinEvent                        75C7B750 5 Bytes  JMP 002003FC 
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowsHookExW                     75C7E30C 5 Bytes  JMP 00200804 
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWinEventHook                       75C824DC 5 Bytes  JMP 002001F8 
.text           D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowsHookExA                     75CA6D0C 5 Bytes  JMP 00200600 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] ntdll.dll!LdrUnloadDll                    7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] ntdll.dll!LdrLoadDll                      773922B8 5 Bytes  JMP 001601F8 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] kernel32.dll!GetBinaryTypeW + 70          75A369F4 1 Byte  [62]
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!UnhookWindowsHookEx            75C7ADF9 5 Bytes  JMP 00300A08 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!UnhookWinEvent                 75C7B750 5 Bytes  JMP 003003FC 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWindowsHookExW              75C7E30C 5 Bytes  JMP 00300804 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWinEventHook                75C824DC 5 Bytes  JMP 003001F8 
.text           D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWindowsHookExA              75CA6D0C 5 Bytes  JMP 00300600 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] ntdll.dll!LdrUnloadDll                          7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] ntdll.dll!LdrLoadDll                            773922B8 5 Bytes  JMP 001601F8 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] kernel32.dll!GetBinaryTypeW + 70                75A369F4 1 Byte  [62]
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!UnhookWindowsHookEx                  75C7ADF9 5 Bytes  JMP 00250A08 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!UnhookWinEvent                       75C7B750 5 Bytes  JMP 002503FC 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWindowsHookExW                    75C7E30C 5 Bytes  JMP 00250804 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWinEventHook                      75C824DC 5 Bytes  JMP 002501F8 
.text           D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWindowsHookExA                    75CA6D0C 5 Bytes  JMP 00250600 
.text           D:\Program Files\AVAST Software\Avast\AvastUI.exe[2900] kernel32.dll!GetBinaryTypeW + 70               75A369F4 1 Byte  [62]
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] ntdll.dll!LdrUnloadDll                7738C8DE 5 Bytes  JMP 001703FC 
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] ntdll.dll!LdrLoadDll                  773922B8 5 Bytes  JMP 001701F8 
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] kernel32.dll!GetBinaryTypeW + 70      75A369F4 1 Byte  [62]
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!UnhookWindowsHookEx        75C7ADF9 5 Bytes  JMP 00210A08 
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!UnhookWinEvent             75C7B750 5 Bytes  JMP 002103FC 
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWindowsHookExW          75C7E30C 5 Bytes  JMP 00210804 
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWinEventHook            75C824DC 5 Bytes  JMP 002101F8 
.text           D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWindowsHookExA          75CA6D0C 5 Bytes  JMP 00210600 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] ntdll.dll!LdrUnloadDll                                    7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] ntdll.dll!LdrLoadDll                                      773922B8 5 Bytes  JMP 001601F8 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] kernel32.dll!GetBinaryTypeW + 70                          75A369F4 1 Byte  [62]
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!UnhookWindowsHookEx                            75C7ADF9 5 Bytes  JMP 00200A08 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!UnhookWinEvent                                 75C7B750 5 Bytes  JMP 002003FC 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWindowsHookExW                              75C7E30C 5 Bytes  JMP 00200804 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWinEventHook                                75C824DC 5 Bytes  JMP 002001F8 
.text           D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWindowsHookExA                              75CA6D0C 5 Bytes  JMP 00200600 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] ntdll.dll!LdrUnloadDll                                   7738C8DE 5 Bytes  JMP 000A03FC 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] ntdll.dll!LdrLoadDll                                     773922B8 5 Bytes  JMP 000A01F8 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] kernel32.dll!GetBinaryTypeW + 70                         75A369F4 1 Byte  [62]
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!UnhookWindowsHookEx                           75C7ADF9 5 Bytes  JMP 00130A08 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!UnhookWinEvent                                75C7B750 5 Bytes  JMP 001303FC 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWindowsHookExW                             75C7E30C 5 Bytes  JMP 00130804 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWinEventHook                               75C824DC 5 Bytes  JMP 001301F8 
.text           D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWindowsHookExA                             75CA6D0C 5 Bytes  JMP 00130600 
.text           D:\Program Files\Launchy\Launchy.exe[3120] ntdll.dll!LdrUnloadDll                                      7738C8DE 5 Bytes  JMP 001703FC 
.text           D:\Program Files\Launchy\Launchy.exe[3120] ntdll.dll!LdrLoadDll                                        773922B8 5 Bytes  JMP 001701F8 
.text           D:\Program Files\Launchy\Launchy.exe[3120] kernel32.dll!GetBinaryTypeW + 70                            75A369F4 1 Byte  [62]
.text           D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!UnhookWindowsHookEx                              75C7ADF9 5 Bytes  JMP 00230A08 
.text           D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!UnhookWinEvent                                   75C7B750 5 Bytes  JMP 002303FC 
.text           D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWindowsHookExW                                75C7E30C 5 Bytes  JMP 00230804 
.text           D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWinEventHook                                  75C824DC 5 Bytes  JMP 002301F8 
.text           D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWindowsHookExA                                75CA6D0C 5 Bytes  JMP 00230600 
.text           D:\Windows\system32\SearchIndexer.exe[3212] ntdll.dll!LdrUnloadDll                                     7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Windows\system32\SearchIndexer.exe[3212] ntdll.dll!LdrLoadDll                                       773922B8 5 Bytes  JMP 000601F8 
.text           D:\Windows\system32\SearchIndexer.exe[3212] kernel32.dll!GetBinaryTypeW + 70                           75A369F4 1 Byte  [62]
.text           D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!UnhookWindowsHookEx                             75C7ADF9 5 Bytes  JMP 00100A08 
.text           D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!UnhookWinEvent                                  75C7B750 5 Bytes  JMP 001003FC 
.text           D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWindowsHookExW                               75C7E30C 5 Bytes  JMP 00100804 
.text           D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWinEventHook                                 75C824DC 5 Bytes  JMP 001001F8 
.text           D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWindowsHookExA                               75CA6D0C 5 Bytes  JMP 00100600 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] ntdll.dll!LdrUnloadDll                 7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] ntdll.dll!LdrLoadDll                   773922B8 5 Bytes  JMP 001601F8 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] kernel32.dll!GetBinaryTypeW + 70       75A369F4 1 Byte  [62]
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!UnhookWindowsHookEx         75C7ADF9 5 Bytes  JMP 001F0A08 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!UnhookWinEvent              75C7B750 5 Bytes  JMP 001F03FC 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWindowsHookExW           75C7E30C 5 Bytes  JMP 001F0804 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWinEventHook             75C824DC 5 Bytes  JMP 001F01F8 
.text           D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWindowsHookExA           75CA6D0C 5 Bytes  JMP 001F0600 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!LdrUnloadDll                        7738C8DE 5 Bytes  JMP 000603FC 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!LdrLoadDll                          773922B8 5 Bytes  JMP 000601F8 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] kernel32.dll!GetBinaryTypeW + 70              75A369F4 1 Byte  [62]
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!UnhookWindowsHookEx                75C7ADF9 5 Bytes  JMP 00090A08 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!UnhookWinEvent                     75C7B750 5 Bytes  JMP 000903FC 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWindowsHookExW                  75C7E30C 5 Bytes  JMP 00090804 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWinEventHook                    75C824DC 5 Bytes  JMP 000901F8 
.text           D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWindowsHookExA                  75CA6D0C 5 Bytes  JMP 00090600 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] ntdll.dll!LdrUnloadDll                              7738C8DE 5 Bytes  JMP 001603FC 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] ntdll.dll!LdrLoadDll                                773922B8 5 Bytes  JMP 001601F8 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] kernel32.dll!GetBinaryTypeW + 70                    75A369F4 1 Byte  [62]
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!UnhookWindowsHookEx                      75C7ADF9 5 Bytes  JMP 002F0A08 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!UnhookWinEvent                           75C7B750 5 Bytes  JMP 002F03FC 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWindowsHookExW                        75C7E30C 5 Bytes  JMP 002F0804 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWinEventHook                          75C824DC 5 Bytes  JMP 002F01F8 
.text           D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWindowsHookExA                        75CA6D0C 5 Bytes  JMP 002F0600 
.text           D:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrUnloadDll                                           7738C8DE 5 Bytes  JMP 000A03FC 
.text           D:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrLoadDll                                             773922B8 5 Bytes  JMP 000A01F8 
.text           D:\Windows\System32\svchost.exe[3860] kernel32.dll!GetBinaryTypeW + 70                                 75A369F4 1 Byte  [62]
.text           D:\Windows\System32\svchost.exe[3860] user32.dll!UnhookWindowsHookEx                                   75C7ADF9 5 Bytes  JMP 003A0A08 
.text           D:\Windows\System32\svchost.exe[3860] user32.dll!UnhookWinEvent                                        75C7B750 5 Bytes  JMP 003A03FC 
.text           D:\Windows\System32\svchost.exe[3860] user32.dll!SetWindowsHookExW                                     75C7E30C 5 Bytes  JMP 003A0804 
.text           D:\Windows\System32\svchost.exe[3860] user32.dll!SetWinEventHook                                       75C824DC 5 Bytes  JMP 003A01F8 
.text           D:\Windows\System32\svchost.exe[3860] user32.dll!SetWindowsHookExA                                     75CA6D0C 5 Bytes  JMP 003A0600 
 
---- Devices - GMER 1.0.15 ----
 
Device          \Driver\ACPI_HAL \Device\00000048                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
 
---- EOF - GMER 1.0.15 ----
         
Gruß

Alt 17.09.2011, 04:48   #2
kira
/// Helfer-Team
 
Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " - Standard

Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "



hi...

Es ist der selbe PC, für den Du bereits ein Thema eröffnet hast?:-> http://www.trojaner-board.de/103448-...tml#post702414

gruß
kira
__________________

__________________

Alt 18.09.2011, 12:07   #3
o.O
 
Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " - Standard

Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "



Hi Kira,

ja das ist derselbe PC, aber es ist nur ein Thread oder? Dein Link führt nämlich zu diesem Thread. Ich habe also nur einen erstellt.

Heute habe ich das Problem gelöst, indem ich meinen Router neugestartet habe. Funktioniert alles wieder normal.
SuperAntispyware hat (bis auf Tracking cookies) nichts gefunden.

Trotzdem Danke für die Hilfe.

Gruß
__________________

Alt 18.09.2011, 12:47   #4
Lucky
/// Helfer-Team
 
Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " - Standard

Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "



Zitat:
Zitat von kira Beitrag anzeigen
hi...

Es ist der selbe PC, für den Du bereits ein Thema eröffnet hast?:-> http://www.trojaner-board.de/103448-...tml#post702414
Es ist der selbe Thread.

@OT:
Ein Neustart wirkt oft wunder. Freut mich das dein Anliegen gelöst ist.
__________________
Kein Support per PM!

Alt 19.09.2011, 16:37   #5
kira
/// Helfer-Team
 
Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " - Standard

Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "



kann mal passieren

Hoffe, dass damit dein Problem wirklich gelöst ist.

alles Gute!

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "
antivirus, application/pdf, application/pdf:, audiodg.exe, autorun, avast, bho, browser, defender, desktop, downloader, explorer, fehler, fehler: server nicht gefunden, fehlermeldung, firefox, format, langs, locker, logfile, mozilla, mozilla thunderbird, mp3, nicht gefunden, ntdll.dll, nvidia, nvlddmkm.sys, registry, rundll, scan, seiten, server, software, taskhost.exe, tracker, version=1.0, webcheck, windows, winlogon.exe



Ähnliche Themen: Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "


  1. Windows 10, Internet hat sehr lange Ladezeit und gibt oft Fehler "Server antwortet nicht"
    Log-Analyse und Auswertung - 01.10.2015 (21)
  2. Fehlermeldung - "Fehler: Server nicht gefunden"
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (13)
  3. Windows Vista-Servicepack 1: Auf Webseiten erscheint "Fehler: Server nicht gefunden". Ursache: Virus ProgramData, Wprotectmanager, IePlugin
    Log-Analyse und Auswertung - 06.11.2014 (12)
  4. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  5. Fehler bei Mozilla "die Seite kann nicht angezeigt werden" ...
    Log-Analyse und Auswertung - 14.06.2014 (9)
  6. "Server ist ausgelastet" - "Dieser Vorgang kann nicht ausgeführt werden,da die andere Anwendung aktiv ist.
    Log-Analyse und Auswertung - 29.11.2013 (23)
  7. DProtect - regedit: "AppInit_DLLs kann nicht bearbeitet werden: Fehler beim Schreiben des Inhalts des Werts."
    Plagegeister aller Art und deren Bekämpfung - 07.11.2013 (4)
  8. "Server ist ausgelastet" - "Dieser Vorgang kann nicht ausgeführt werden,da die andere Anwendung aktiv ist.
    Diskussionsforum - 30.07.2013 (7)
  9. Der Dienst "Arbeitssatationdienst" auf lokalen Computer konnte nicht gestartet werden. Fehler 2: Das System kann die angegebende Datei nicht
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (2)
  10. "Skype" und "Minianwendungen" werden nicht mehr ausgeführt (Windows 7)
    Log-Analyse und Auswertung - 21.05.2013 (3)
  11. "F:\RECYCLER\e621ca05.exe" kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (22)
  12. Administratorkonto nicht mehr benutzbar, Meldung "Website kann nicht angezeigt werden"
    Log-Analyse und Auswertung - 16.08.2012 (15)
  13. Auch keinen Zugriff mehr aufden Desktop "Webseite kann nicht angezeigt werden"
    Log-Analyse und Auswertung - 09.08.2012 (1)
  14. Internet: "Fehler: Server nicht gefunden !"
    Plagegeister aller Art und deren Bekämpfung - 16.08.2011 (1)
  15. Trojaner,"Kann nicht gelöscht werden: Die angegebene Datei wurde nicht gefunden."
    Plagegeister aller Art und deren Bekämpfung - 17.06.2008 (12)
  16. Fehler: Server oder DNS kann nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 07.12.2005 (18)
  17. nach ca. 1/2 h Internet kann "Seite nicht gefunden werden"...
    Log-Analyse und Auswertung - 28.06.2005 (3)

Zum Thema Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " - Hallo, seit heute kann ich mit keinem Browser (FF 6.0.2, Opera) auf Youtube kommen. Es erscheint jedesmal die Fehlermeldung "Fehler: Server nicht gefunden". Alle anderen Internetseiten scheinen zu funktionieren. Ich - Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "...
Archiv
Du betrachtest: Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden " auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.