Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: atapi.sys - Rootkit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.01.2011, 19:44   #1
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Hallo Forum!
Ich bin neu hier und habe gleich einmal eine Frage.

Mein avast! schlägt immer wegen einer "atapi.sys" Alarm, kann sie aber anscheinend nie entfernen.
Nun habe ich in diesem Forum schon eine ähnliches Thema gefunden: http://www.trojaner-board.de/82985-r...dreck-weg.html

Wenn ich alles befolge wie es im zweiten Post beschrieben steht, kommt gleich während dem Booten von Windows 7 (da wo steht: "Windows wird gestartet...") ein BlueScreen.

Wie kann ich das Rootkit entfernen?

Vielen Dank schon einmal im Voraus!

Alt 27.01.2011, 20:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Funktioniert der abgesicherte Modus von Win7 noch?

Zitat:
Wenn ich alles befolge wie es im zweiten Post beschrieben steht, kommt gleich während dem Booten von Windows 7 (da wo steht: "Windows wird gestartet...") ein BlueScreen
Du kannst solche Anleitungen nicht 1:1 auf jeden anderen x-beliebigen Rechner übertragen
Ich hab in diesem älteren Strang eine saubere atapi.sys für Windows XP hochgeladen!!!

Hier ist eine für Win7 (32 Bit) => File-Upload.net - atapi.sys
Funktioniert sehr wahrscheinlich nicht, wenn du ein 64-Bit-Win7 hast.
__________________

__________________

Alt 27.01.2011, 20:20   #3
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Zitat:
Zitat von cosinus Beitrag anzeigen
Funktioniert der abgesicherte Modus von Win7 noch?



Du kannst solche Anleitungen nicht 1:1 auf jeden anderen x-beliebigen Rechner übertragen
Ich hab in diesem älteren Strang eine saubere atapi.sys für Windows XP hochgeladen!!!

Hier ist eine für Win7 (32 Bit) => File-Upload.net - atapi.sys
Funktioniert sehr wahrscheinlich nicht, wenn du ein 64-Bit-Win7 hast.
Vielen Dank erst einmal für die schnelle Antwort!

Ja, es funktioniert auch noch der normale Modus, nur kommt oft nach dem Anmelden ein BlueScreen.

Hätte ich wissen müssen!!

Danke, werde es gleich einmal testen!
Ich habe Windows 7 Home Premium 32bit.

Ich habe auch gerade einen HijackThis Scan gemacht:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:45, on 27.01.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\XXX\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SystemBGImage] C:\Windows\codmw3.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Screenpresso] "C:\Users\Simon\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8244 bytes
         
__________________

Alt 27.01.2011, 20:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Dann kopier über meine Anleitung mit PartedMagic die atapi.sys von Win7, die ich ja oben verlinkt habe, in den richtigen Ordner.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.01.2011, 20:36   #5
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Bereits gemacht!

VirusTotal Auswertung: https://www.virustotal.com/file-scan/report.html?id=31031ae3a01368707d41136092fa5404d586348cccc56049f83cbcbe401b83ba-1296156666
GMER & Malwarebytes starte ich gleich!

Hier noch einmal ein HijackThis Log (falls sich etwas geändert hat):
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:35:09, on 27.01.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\XXX\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SystemBGImage] C:\Windows\codmw3.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Screenpresso] "C:\Users\Simon\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8244 bytes
         

Vielen Dank!


Alt 27.01.2011, 20:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Zitat:
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ZoneAlarm taugt nichts. PFWs sind kontraproduktiv und eher eine Problembeschaffungsmaßnahme. Bitte umgehend deinstallieren und Windows-Firewall einschalten.

Anschließend routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> atapi.sys - Rootkit

Alt 27.01.2011, 21:34   #7
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Ich hatte ZoneAlarm installiert, weil er bei jedem Programm gefragt hat, ob es ins Internet darf oder nicht. Ist das mit der Windows-Firewall auch möglich?

GMER ist gerade fertig geworden, jetzt kommt Malwarebytes.

Log von GMER:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-27 21:15:43
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AACS-00G8B1 rev.05.04C05
Running: eo2ni5qj.exe; Driver: C:\Users\Simon\AppData\Local\Temp\awlcypod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwAllocateVirtualMemory [0x9162F728]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwAlpcConnectPort [0x90EBDBBA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwAlpcCreatePort [0x90EBE48A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwConnectPort [0x90EBD610]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwCreateFile [0x90EB6E42]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwCreateKey [0x90ED8760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwCreatePort [0x90EBE11A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwCreateWaitablePort [0x90EBE278]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwDeleteFile [0x90EB7B7E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwDeleteKey [0x90EDA212]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwDeleteValueKey [0x90ED9B06]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwFreeVirtualMemory [0x9162F7D8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwLoadKey [0x90EDABE0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwLoadKey2 [0x90EDAE1E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwLoadKeyEx [0x90EDB2D0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwOpenFile [0x90EB7730]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwProtectVirtualMemory [0x9162F870]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwRenameKey [0x90EDBCB8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwReplaceKey [0x90EDB59A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwRequestWaitReplyPort [0x90EBD1A4]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwRestoreKey [0x90EDC71E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwSetInformationFile [0x90EB7F8A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwSetSecurityObject [0x90EDC242]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)        ZwSetValueKey [0x90ED9226]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwLoadDriver [0x9164378C]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                       83690599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                836B4F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                                                   836BC74C 4 Bytes  [28, F7, 62, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 248                                                                                   836BC758 8 Bytes  [BA, DB, EB, 90, 8A, E4, EB, ...] {MOV EDX, 0x8a90ebdb; IN AL, 0xeb; NOP }
.text           ntkrnlpa.exe!RtlSidHashLookup + 2DC                                                                                   836BC7EC 4 Bytes  [10, D6, EB, 90] {ADC DH, DL; JMP 0xffffffffffffff94}
.text           ntkrnlpa.exe!RtlSidHashLookup + 2F8                                                                                   836BC808 4 Bytes  [42, 6E, EB, 90] {INC EDX; OUTSB ; JMP 0xffffffffffffff94}
.text           ntkrnlpa.exe!RtlSidHashLookup + 308                                                                                   836BC818 4 Bytes  [60, 87, ED, 90] {PUSHA ; XCHG EBP, EBP; NOP }
.text           ...                                                                                                                   
PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                             837EE291 7 Bytes  JMP 91643790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                    83855FBF 5 Bytes  JMP 9163F1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                      8386FCF3 5 Bytes  JMP 91640CA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
?               System32\Drivers\spmr.sys                                                                                             Das System kann den angegebenen Pfad nicht finden. !
PAGE            PCIIDEX.SYS!DllUnload                                                                                                 8BCBF606 5 Bytes  JMP 85D851D8 
.text           USBPORT.SYS!DllUnload                                                                                                 91701CA0 5 Bytes  JMP 871AC1D8 
.text           afpk4xo0.SYS                                                                                                          91FC8000 12 Bytes  [44, B8, 61, 83, EE, B6, 61, ...]
.text           afpk4xo0.SYS                                                                                                          91FC800D 188 Bytes  [97, 61, 83, 48, BB, 61, 83, ...]
.text           afpk4xo0.SYS                                                                                                          91FC80CA 28 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           afpk4xo0.SYS                                                                                                          91FC80E7 23 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text           afpk4xo0.SYS                                                                                                          91FC80FF 704 Bytes  [4E, 0E, 10, 0F, D2, 0D, 94, ...]
.text           ...                                                                                                                   
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xA7705300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xA7748300, 0x1BEE, 0xE8000020]
.text           user32.dll!UnhookWindowsHookEx                                                                                        75BACC7B 5 Bytes  JMP 64D0BCB0 
.text           user32.dll!UnhookWinEvent                                                                                             75BAD924 5 Bytes  JMP 64D0B8A0 
.text           user32.dll!SetWindowsHookExW                                                                                          75BB210A 5 Bytes  JMP 64D0BB30 
.text           user32.dll!SetWinEventHook                                                                                            75BB507E 5 Bytes  JMP 64D0B720 
.text           user32.dll!SetWindowsHookExA                                                                                          75BD6DFA 5 Bytes  JMP 64D0B9B0 

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\wininit.exe[752] ntdll.dll!LdrUnloadDll                                                           7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wininit.exe[752] ntdll.dll!LdrLoadDll                                                             7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wininit.exe[752] USER32.dll!UnhookWindowsHookEx                                                   75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wininit.exe[752] USER32.dll!UnhookWinEvent                                                        75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wininit.exe[752] USER32.dll!SetWindowsHookExW                                                     75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wininit.exe[752] USER32.dll!SetWinEventHook                                                       75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wininit.exe[752] USER32.dll!SetWindowsHookExA                                                     75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\services.exe[800] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\services.exe[800] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] ntdll.dll!LdrUnloadDll                                                             7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] ntdll.dll!LdrLoadDll                                                               7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] USER32.dll!UnhookWindowsHookEx                                                     75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] USER32.dll!UnhookWinEvent                                                          75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] USER32.dll!SetWindowsHookExW                                                       75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] USER32.dll!SetWinEventHook                                                         75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsass.exe[824] USER32.dll!SetWindowsHookExA                                                       75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsm.exe[832] ntdll.dll!LdrUnloadDll                                                               7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\lsm.exe[832] ntdll.dll!LdrLoadDll                                                                 7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] ntdll.dll!LdrUnloadDll                                                               7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] ntdll.dll!LdrLoadDll                                                                 7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] USER32.dll!UnhookWindowsHookEx                                                       75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] USER32.dll!UnhookWinEvent                                                            75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] USER32.dll!SetWindowsHookExW                                                         75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] USER32.dll!SetWinEventHook                                                           75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\Dwm.exe[896] USER32.dll!SetWindowsHookExA                                                         75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\winlogon.exe[932] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] ntdll.dll!LdrUnloadDll                                                           7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] ntdll.dll!LdrLoadDll                                                             7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] USER32.dll!UnhookWindowsHookEx                                                   75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] USER32.dll!UnhookWinEvent                                                        75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] USER32.dll!SetWindowsHookExW                                                     75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] USER32.dll!SetWinEventHook                                                       75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1228] USER32.dll!SetWindowsHookExA                                                     75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] user32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] user32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] user32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] user32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1268] user32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1368] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1408] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[1600] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] ntdll.dll!LdrUnloadDll                                 7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] ntdll.dll!LdrLoadDll                                   7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] USER32.dll!UnhookWindowsHookEx                         75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] USER32.dll!UnhookWinEvent                              75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] USER32.dll!SetWindowsHookExW                           75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] USER32.dll!SetWinEventHook                             75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1648] USER32.dll!SetWindowsHookExA                           75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] ntdll.dll!LdrUnloadDll                                                           7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] ntdll.dll!LdrLoadDll                                                             7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] USER32.dll!UnhookWindowsHookEx                                                   75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] USER32.dll!UnhookWinEvent                                                        75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] USER32.dll!SetWindowsHookExW                                                     75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] USER32.dll!SetWinEventHook                                                       75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\nvvsvc.exe[1660] USER32.dll!SetWindowsHookExA                                                     75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1860] kernel32.dll!SetUnhandledExceptionFilter                    75683162 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Windows\System32\spoolsv.exe[2220] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\spoolsv.exe[2220] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\spoolsv.exe[2220] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\spoolsv.exe[2220] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\spoolsv.exe[2220] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\spoolsv.exe[2220] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\spoolsv.exe[2220] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] ntdll.dll!LdrUnloadDll                                                         7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] ntdll.dll!LdrLoadDll                                                           7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] USER32.dll!UnhookWindowsHookEx                                                 75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] USER32.dll!UnhookWinEvent                                                      75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] USER32.dll!SetWindowsHookExW                                                   75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] USER32.dll!SetWinEventHook                                                     75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskhost.exe[2244] USER32.dll!SetWindowsHookExA                                                   75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[2444] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2472] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2472] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2504] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2504] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2532] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] USER32.dll!UnhookWindowsHookEx                                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] USER32.dll!UnhookWinEvent                                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] USER32.dll!SetWindowsHookExW                                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] USER32.dll!SetWinEventHook                                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\taskeng.exe[2616] USER32.dll!SetWindowsHookExA                                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] ntdll.dll!LdrUnloadDll                                               7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] ntdll.dll!LdrLoadDll                                                 7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] USER32.dll!UnhookWindowsHookEx                                       75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] USER32.dll!UnhookWinEvent                                            75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] USER32.dll!SetWindowsHookExW                                         75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] USER32.dll!SetWinEventHook                                           75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchProtocolHost.exe[2712] USER32.dll!SetWindowsHookExA                                         75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] ntdll.dll!LdrUnloadDll                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] ntdll.dll!LdrLoadDll                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] USER32.dll!UnhookWindowsHookEx                                  75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] USER32.dll!UnhookWinEvent                                       75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] USER32.dll!SetWindowsHookExW                                    75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] USER32.dll!SetWinEventHook                                      75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2724] USER32.dll!SetWindowsHookExA                                    75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] ntdll.dll!LdrUnloadDll                               7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] ntdll.dll!LdrLoadDll                                 7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] USER32.dll!UnhookWindowsHookEx                       75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] USER32.dll!UnhookWinEvent                            75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] USER32.dll!SetWindowsHookExW                         75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] USER32.dll!SetWinEventHook                           75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2764] USER32.dll!SetWindowsHookExA                         75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] ntdll.dll!LdrUnloadDll                                                     7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] ntdll.dll!LdrLoadDll                                                       7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] USER32.dll!UnhookWindowsHookEx                                             75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] USER32.dll!UnhookWinEvent                                                  75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] USER32.dll!SetWindowsHookExW                                               75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] USER32.dll!SetWinEventHook                                                 75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\PixArt\Pac207\Monitor.exe[2776] USER32.dll!SetWindowsHookExA                                               75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] ntdll.dll!LdrUnloadDll                 7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] ntdll.dll!LdrLoadDll                   7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] USER32.dll!UnhookWindowsHookEx         75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] USER32.dll!UnhookWinEvent              75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] USER32.dll!SetWindowsHookExW           75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] USER32.dll!SetWinEventHook             75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2888] USER32.dll!SetWindowsHookExA           75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] ntdll.dll!LdrUnloadDll                            7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] ntdll.dll!LdrLoadDll                              7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] USER32.dll!UnhookWindowsHookEx                    75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] USER32.dll!UnhookWinEvent                         75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] USER32.dll!SetWindowsHookExW                      75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] USER32.dll!SetWinEventHook                        75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2920] USER32.dll!SetWindowsHookExA                      75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2956] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[2956] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] ntdll.dll!LdrUnloadDll                                                            7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] ntdll.dll!LdrLoadDll                                                              7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] USER32.dll!UnhookWindowsHookEx                                                    75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] USER32.dll!UnhookWinEvent                                                         75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] USER32.dll!SetWindowsHookExW                                                      75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] USER32.dll!SetWinEventHook                                                        75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnat.exe[3072] USER32.dll!SetWindowsHookExA                                                      75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[3112] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[3112] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] ntdll.dll!LdrUnloadDll                  7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] ntdll.dll!LdrLoadDll                    7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] USER32.dll!UnhookWindowsHookEx          75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] USER32.dll!UnhookWinEvent               75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] USER32.dll!SetWindowsHookExW            75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] USER32.dll!SetWinEventHook              75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3136] USER32.dll!SetWindowsHookExA            75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] ntdll.dll!LdrUnloadDll                              7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] ntdll.dll!LdrLoadDll                                7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] USER32.dll!UnhookWindowsHookEx                      75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] USER32.dll!UnhookWinEvent                           75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] USER32.dll!SetWindowsHookExW                        75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] USER32.dll!SetWinEventHook                          75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\VMware\VMware Workstation\vmware-authd.exe[3252] USER32.dll!SetWindowsHookExA                        75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] ntdll.dll!LdrUnloadDll                                                        7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] ntdll.dll!LdrLoadDll                                                          7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] USER32.dll!UnhookWindowsHookEx                                                75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] USER32.dll!UnhookWinEvent                                                     75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] USER32.dll!SetWindowsHookExW                                                  75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] USER32.dll!SetWinEventHook                                                    75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\vmnetdhcp.exe[3408] USER32.dll!SetWindowsHookExA                                                  75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] ntdll.dll!LdrUnloadDll                 7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] ntdll.dll!LdrLoadDll                   7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] USER32.dll!UnhookWindowsHookEx         75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] USER32.dll!UnhookWinEvent              75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] USER32.dll!SetWindowsHookExW           75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] USER32.dll!SetWinEventHook             75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3644] USER32.dll!SetWindowsHookExA           75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] ntdll.dll!LdrUnloadDll                             7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] ntdll.dll!LdrLoadDll                               7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] USER32.dll!UnhookWindowsHookEx                     75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] USER32.dll!UnhookWinEvent                          75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] USER32.dll!SetWindowsHookExW                       75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] USER32.dll!SetWinEventHook                         75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3652] USER32.dll!SetWindowsHookExA                       75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] ntdll.dll!LdrUnloadDll                                                                  7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] ntdll.dll!LdrLoadDll                                                                    7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] USER32.dll!UnhookWindowsHookEx                                                          75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] USER32.dll!UnhookWinEvent                                                               75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] USER32.dll!SetWindowsHookExW                                                            75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] USER32.dll!SetWinEventHook                                                              75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\Explorer.EXE[3748] USER32.dll!SetWindowsHookExA                                                            75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] ntdll.dll!LdrUnloadDll                                                         7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] ntdll.dll!LdrLoadDll                                                           7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] USER32.dll!UnhookWindowsHookEx                                                 75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] USER32.dll!UnhookWinEvent                                                      75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] USER32.dll!SetWindowsHookExW                                                   75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] USER32.dll!SetWinEventHook                                                     75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\WUDFHost.exe[3752] USER32.dll!SetWindowsHookExA                                                   75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] ntdll.dll!LdrUnloadDll                                                    7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] ntdll.dll!LdrLoadDll                                                      7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!UnhookWindowsHookEx                                            75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!UnhookWinEvent                                                 75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!SetWindowsHookExW                                              75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!SetWinEventHook                                                75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!SetWindowsHookExA                                              75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] ntdll.dll!LdrUnloadDll                                                    7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] ntdll.dll!LdrLoadDll                                                      7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] USER32.dll!UnhookWindowsHookEx                                            75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] USER32.dll!UnhookWinEvent                                                 75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] USER32.dll!SetWindowsHookExW                                              75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] USER32.dll!SetWinEventHook                                                75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchIndexer.exe[4012] USER32.dll!SetWindowsHookExA                                              75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!LdrUnloadDll                                             7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] ntdll.dll!LdrLoadDll                                               7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!UnhookWindowsHookEx                                     75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!UnhookWinEvent                                          75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!SetWindowsHookExW                                       75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!SetWinEventHook                                         75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4284] USER32.dll!SetWindowsHookExA                                       75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] ntdll.dll!LdrUnloadDll                                                      7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] ntdll.dll!LdrLoadDll                                                        7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] USER32.dll!UnhookWindowsHookEx                                              75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] USER32.dll!UnhookWinEvent                                                   75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] USER32.dll!SetWindowsHookExW                                                75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] USER32.dll!SetWinEventHook                                                  75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Users\Simon\Desktop\eo2ni5qj.exe[5220] USER32.dll!SetWindowsHookExA                                                75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] ntdll.dll!LdrUnloadDll                                                    7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] ntdll.dll!LdrLoadDll                                                      7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] USER32.dll!UnhookWindowsHookEx                                            75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] USER32.dll!UnhookWinEvent                                                 75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] USER32.dll!SetWindowsHookExW                                              75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] USER32.dll!SetWinEventHook                                                75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\wbem\wmiprvse.exe[5400] USER32.dll!SetWindowsHookExA                                              75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[5600] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\System32\svchost.exe[5600] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] ntdll.dll!LdrUnloadDll                                                 7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] ntdll.dll!LdrLoadDll                                                   7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] USER32.dll!UnhookWindowsHookEx                                         75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] USER32.dll!UnhookWinEvent                                              75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] USER32.dll!SetWindowsHookExW                                           75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] USER32.dll!SetWinEventHook                                             75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\SearchFilterHost.exe[5756] USER32.dll!SetWindowsHookExA                                           75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[5988] ntdll.dll!LdrUnloadDll                                                          7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Windows\system32\svchost.exe[5988] ntdll.dll!LdrLoadDll                                                            7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] ntdll.dll!LdrUnloadDll                                       7723BF1F 5 Bytes  JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] ntdll.dll!LdrLoadDll                                         7723F625 5 Bytes  JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] USER32.dll!UnhookWindowsHookEx                               75BACC7B 5 Bytes  JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] USER32.dll!UnhookWinEvent                                    75BAD924 5 Bytes  JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] USER32.dll!SetWindowsHookExW                                 75BB210A 5 Bytes  JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] USER32.dll!SetWinEventHook                                   75BB507E 5 Bytes  JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[6000] USER32.dll!SetWindowsHookExA                                 75BD6DFA 5 Bytes  JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                              [8BA8B90E] \SystemRoot\System32\Drivers\spmr.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                             [8BA8BF9C] \SystemRoot\System32\Drivers\spmr.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                             [8BA8B3E6] \SystemRoot\System32\Drivers\spmr.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                      [8BA8C178] \SystemRoot\System32\Drivers\spmr.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                       [8BA8B1D4] \SystemRoot\System32\Drivers\spmr.sys
IAT             \SystemRoot\System32\Drivers\afpk4xo0.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx]                                 6A1A6A00
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                   [90EC3100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                    [90EC290E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                             [90EC106C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                               [90EC2AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                              [90EC2AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                  [90EC3100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                   [90EC290E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [90EC106C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                               [90EC2AB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                             [90EC106C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                   [90EC3100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                    [90EC290E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                       [73E82494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                  [73E65624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                 [73E656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                        [73E8250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                              [73E78573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                [73E74D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                               [73E750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                              [73E751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                     [73E766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                               [73E782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                          [73E78819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                        [73E7907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                              [73E7E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3748] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                  [73E74C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                86A831F8
Device                                                                                                                                Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                                        tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device                                                                                                                                86FAD1F8
Device                                                                                                                                fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                                     snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                               VMkbd.sys
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                                                     snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                               VMkbd.sys
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                                                     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                  85D811F8

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                                                     snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy5                                                                     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\usbohci \Device\USBPDO-0                                                                                      871AD1F8

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy6                                                                     snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\usbehci \Device\USBPDO-1                                                                                      871BF1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{843999C8-7B17-4446-9E73-4BD59660D8ED}                                              86F361F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device                                                                                                                                usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device                                                                                                                                85D811F8

AttachedDevice                                                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000064                                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\cdrom \Device\CdRom0                                                                                          86F041F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                           85D831F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                           85D831F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    85D831F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    85D831F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                    85D831F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                    85D831F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                           85D831F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel0                                                                            85D841F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel1                                                                            85D841F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel2                                                                            85D841F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel3                                                                            85D841F8
Device          \Driver\cdrom \Device\CdRom1                                                                                          86F041F8
Device          \Driver\cdrom \Device\CdRom2                                                                                          86F041F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               86F361F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{5FBE9E24-E34C-4E8A-97AF-A9C3EDEF6458}                                              86F361F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                      871AD1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{45E6EB47-354D-4531-A907-A6BE68C4E644}                                              86F361F8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                      871BF1F8
Device          \Driver\PCI_PNP7408 \Device\0000006e                                                                                  spmr.sys
Device          \Driver\sptd \Device\911341408                                                                                        spmr.sys
Device          \Driver\NetBT \Device\NetBT_Tcpip_{204F26A0-D351-4027-BCEF-5D03503C775B}                                              86F361F8
Device          \Driver\afpk4xo0 \Device\Scsi\afpk4xo01                                                                               86ACE400
Device          \Driver\afpk4xo0 \Device\Scsi\afpk4xo01Port4Path0Target0Lun0                                                          86ACE400
Device          \Driver\USBSTOR \Device\0000008d                                                                                      86F111F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011679eb92d                                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                    2
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x73 0xE5 0x01 0x40 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0xCF 0xD7 0x43 0xA8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x64 0x89 0x60 0x3A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0x8E 0x87 0x42 0xCD ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011679eb92d (not active ControlSet)                       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x73 0xE5 0x01 0x40 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0xCF 0xD7 0x43 0xA8 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x64 0x89 0x60 0x3A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       1
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x8E 0x87 0x42 0xCD ...

---- EOF - GMER 1.0.15 ----
         

Grüße
Sem17

Alt 27.01.2011, 21:48   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Zitat:
Ist das mit der Windows-Firewall auch möglich?
Mit der erweiterten ab Vista ist das möglich aber nicht unbedingt sinnvoll. Es gibt keine verlässliche Routine, ausgehenden Traffic sicher zu blocken. Was raus will, kann auch raus.
Wozu willst du Programmen das verbieten? Warum nutzt du diese Programme wenn du ihnen offensichtlich nicht vertraust?

Warum postest du ein GMER-Log wo ich doch MBAM und OTL schrieb?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.01.2011, 21:53   #9
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Naja ist eigentlich auch egal, weil ich sowieso immer fast alles raus gelassen habe, außer in speziellen Fällen.

Weil es in der Anleitung vom alten Thread stand... :S

Alt 28.01.2011, 05:56   #10
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Hier der Malwarebytes Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5623

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.01.2011 23:59:06
mbam-log-2011-01-27 (23-59-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 757292
Laufzeit: 2 Stunde(n), 22 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Also anscheinend alles sauber..

OTL-Log kommt am Nachmittag..


Gruß
Sem17

Alt 28.01.2011, 16:03   #11
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Und hier noch die OTL Logs:
Code:
ATTFilter
OTL logfile created on: 28.01.2011 15:49:32 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\XXX\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,91 Gb Total Space | 28,83 Gb Free Space | 28,86% Space Free | Partition Type: NTFS
Drive D: | 381,15 Gb Total Space | 41,37 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive E: | 14,99 Gb Total Space | 2,94 Gb Free Space | 19,62% Space Free | Partition Type: FAT32
Drive F: | 100,01 Gb Total Space | 36,42 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\XXX\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe (LearnPulse)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Sermcvc) --  File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (SOURCENEXT)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (appliandMP) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228) -- C:\Windows\system32\DRIVERS\tdrpm228.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (vserial) -- C:\Windows\System32\drivers\vserial.sys ()
DRV - (vsbus) -- C:\Windows\System32\drivers\vsb.sys ()
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (FANTOM) -- C:\Windows\System32\drivers\fantom.sys (National Instruments Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 9E C4 FD AA 8F CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/ | hxxp://www.dsi-homebrew.com/ | hxxp://www.pspking.de/forum/news-archiv.php | www.wiifreak.de | hxxp://bestboyz.de/ | www.youtube.de | https://twitter.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.7
FF - prefs.js..extensions.enabledItems: de_AT@dicts.j3e.de:20101229
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.23 20:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.20 19:08:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.20 19:08:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.23 20:06:53 | 000,000,000 | ---D | M]
 
[2009.12.16 21:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2011.01.27 19:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions
[2010.04.10 13:01:10 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.01.27 19:35:37 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.02.22 16:45:41 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010.04.12 15:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.01.22 21:08:12 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.03.04 16:03:43 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.11.24 16:08:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.11 19:19:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.11 17:30:35 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.12.24 11:25:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.09 16:37:46 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011.01.04 16:41:35 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-AT), Hunspell-unterstützt) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\de_AT@dicts.j3e.de
[2010.09.24 16:49:07 | 000,000,000 | ---D | M] (Long URL Please) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\longurlplease@darragh.curran
[2010.05.22 12:15:17 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\maps@ovi.com
[2010.03.04 16:03:57 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lqtgxbym.default\extensions\noia2_option@kk.noia
[2010.12.23 14:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.03 13:31:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 15:38:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.20 14:28:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 14:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.17 17:11:19 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2009.12.19 21:17:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.06.03 13:31:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 15:38:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.20 14:28:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.23 14:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.17 17:11:19 | 000,000,000 | ---D | M] (afurladvisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2011.01.23 20:06:52 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.02.02 17:41:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.02 17:41:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.02 17:41:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.02 17:41:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.02 17:41:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.02 13:39:13 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [SystemBGImage]  File not found
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Screenpresso] C:\Users\XXX\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe (LearnPulse)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.200
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4ad3a4ab-4623-11df-a76a-40618601b1bc}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad3a4ab-4623-11df-a76a-40618601b1bc}\Shell\AutoRun\command - "" = H:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.28 15:48:20 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011.01.27 20:10:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.01.27 20:10:48 | 000,000,000 | ---D | C] -- C:\Programme\HiJackThis
[2011.01.27 19:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011.01.23 20:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011.01.23 11:55:28 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\SISContents
[2011.01.22 21:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.01.22 20:50:02 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[2011.01.22 20:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011.01.22 20:40:17 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\BDREBUILDER
[2011.01.22 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Haenlein-Software
[2011.01.22 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Haenlein-Software
[2011.01.22 12:56:18 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Phone Browser
[2011.01.21 17:40:11 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Handy
[2011.01.16 17:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011.01.15 22:29:52 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011.01.15 22:29:48 | 000,000,000 | ---D | C] -- C:\Programme\Hotspot Shield
[2011.01.15 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\DVD Profiler
[2011.01.15 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\DVD Profiler
[2011.01.13 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\My Streaming Media
[2011.01.13 18:06:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Replay Media Catcher 4
[2011.01.13 18:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
[2011.01.13 18:06:13 | 000,000,000 | ---D | C] -- C:\Programme\Replay Media Catcher 4
[2011.01.13 17:51:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Jaksta_Technologies_Pty_L
[2011.01.13 16:22:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2011.01.13 13:28:50 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.13 13:28:47 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.01.13 13:28:47 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.01.13 13:28:47 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.01.13 13:28:47 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.01.13 13:28:47 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.01.13 13:28:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.01.13 13:28:46 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.01.13 13:28:46 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.01.13 13:28:46 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.01.13 13:28:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.01.13 13:28:46 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.01.13 13:28:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.01.13 13:28:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.01.13 13:28:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.01.13 13:28:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.01.09 15:56:41 | 000,000,000 | ---D | C] -- C:\Programme\Undelete360
[2011.01.09 15:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360
[2011.01.05 15:09:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Stereoscopic Player
[2010.12.30 17:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience (Anno 1404)
[2010.12.30 17:29:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Ubisoft
[2010.12.29 18:10:29 | 000,000,000 | ---D | C] -- C:\Programme\TagRename
[2010.12.29 18:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename
[2010.12.29 17:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2010.04.11 10:21:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5060.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.28 15:51:16 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.28 15:51:16 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.28 15:48:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011.01.28 15:46:22 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.01.28 15:45:06 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.01.28 15:45:05 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.28 15:43:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.28 15:43:29 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.28 05:02:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.26 19:31:13 | 346,882,188 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.26 15:46:12 | 000,754,572 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.26 15:46:12 | 000,699,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.26 15:46:12 | 000,166,212 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.26 15:46:12 | 000,135,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.25 01:17:36 | 000,021,584 | ---- | M] () -- C:\Windows\System32\drivers\atapi.bad
[2011.01.25 01:17:36 | 000,021,584 | ---- | M] () -- C:\Users\XXX\Desktop\atapi.bad
[2011.01.23 20:09:54 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011.01.23 12:25:03 | 003,775,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.01.23 12:23:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2011.01.22 10:00:16 | 000,029,482 | ---- | M] () -- C:\Users\XXX\Desktop\CFW.docx
[2011.01.19 13:52:12 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.01.19 13:52:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.01.13 15:04:34 | 000,000,172 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.01.13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.01.13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.01.13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.01.13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.01.13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.01.13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.01.13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.01.05 14:21:17 | 000,000,124 | ---- | M] () -- C:\Users\XXX\Documents\ax_files.xml
[2011.01.05 13:54:12 | 000,057,344 | ---- | M] () -- C:\Users\XXX\Desktop\TetrisMelodie.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\XXX\*.tmp files -> C:\Users\XXX\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.27 20:29:23 | 000,021,584 | ---- | C] () -- C:\Users\XXX\Desktop\atapi.bad
[2011.01.26 19:28:25 | 346,882,188 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.01.23 20:09:54 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011.01.23 12:23:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2011.01.22 10:00:15 | 000,029,482 | ---- | C] () -- C:\Users\XXX\Desktop\CFW.docx
[2011.01.17 18:49:46 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.12.26 16:15:47 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2010.12.12 13:09:15 | 000,000,017 | ---- | C] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg
[2010.11.20 17:43:44 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.11.10 21:29:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.10 21:29:56 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.11.10 15:55:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.09.21 18:39:23 | 000,036,864 | ---- | C] () -- C:\Windows\System32\IDUNINST.DLL
[2010.08.19 14:43:24 | 000,000,132 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.06.21 16:34:24 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010.06.21 16:34:24 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010.06.21 16:34:24 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010.06.21 16:34:24 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010.04.06 17:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010.02.18 13:05:33 | 000,026,624 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.17 12:59:35 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010.01.10 17:44:11 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010.01.10 17:30:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.28 10:59:28 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.28 10:59:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.20 12:42:01 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL
[2009.12.19 12:07:46 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.19 11:45:33 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.07.23 23:29:16 | 000,047,744 | ---- | C] () -- C:\Windows\System32\drivers\vserial.sys
[2008.07.23 23:29:16 | 000,015,264 | ---- | C] () -- C:\Windows\System32\drivers\vsb.sys
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2005.01.25 15:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:9D1B94FD

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 28.01.2011 15:49:32 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\XXX\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,91 Gb Total Space | 28,83 Gb Free Space | 28,86% Space Free | Partition Type: NTFS
Drive D: | 381,15 Gb Total Space | 41,37 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Drive E: | 14,99 Gb Total Space | 2,94 Gb Free Space | 19,62% Space Free | Partition Type: FAT32
Drive F: | 100,01 Gb Total Space | 36,42 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{088C8B98-3D9F-4CBD-B37B-A32D9580C4EE}" = LEGO MINDSTORMS NXT Driver
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D79E5F9-A5BA-4162-AAF4-D1BC8C5A83FF}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41B02081-FE64-4DB9-83F0-F5D15EBF8FF9}" = Replay Media Catcher 4
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038704}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038705}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038706}" = Grand Theft Auto: Episodes from Liberty City
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{6D08D180-EC52-4093-9B50-59E7AB3C3CF4}" = DVR-Studio HD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}" = TMPGEnc DVD Author 3 with DivX Authoring
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{947D11E4-5ACB-449F-BA0E-33ABCF5FADD9}" = PrestigoSync
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1D8E398-E403-4CB6-9B07-FF912A35D7FF}" = LEGO MINDSTORMS NXT Software v1.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A55DECC1-5BA3-42C7-A084-3B21DB4F9C43}" = TMPGEnc Authoring Works 4
"{A6903FF6-895A-4EA6-BDCC-BE1DD911103A}" = PC Camer@
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB212B59-FF45-4C18-B369-F630CB268DAF}" = TMPGEnc 4.0 XPress
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB9C8F84-9773-4FC8-8C06-891DA384389F}_is1" = TaskMate Pro 1.94
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD60F72D-3F1F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis*True*Image*Home
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{d577626e-b00f-4864-8844-673840b30f46}" = Nero 9
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.11 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface
"Allway Sync_is1" = Allway Sync version 9.4.5
"AnyDVD" = AnyDVD
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter-Strike 1.6 V40" = Counter-Strike 1.6 V40
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Setup.divx.com" = DivX-Setup
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3631 [2010-11-15]
"Foxit Reader" = Foxit Reader
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Glary Utilities_is1" = Glary Utilities Pro 2.30.0.1066
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"ImgBurn" = ImgBurn
"InstallShield_{A6903FF6-895A-4EA6-BDCC-BE1DD911103A}" = PC Camer@
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.0
"JAFSetup" = JAF Setup
"JDownloader" = JDownloader
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobiola Web Camera for S60_is1" = Mobiola Web Camera for S60 3.0.15
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mp3tag" = Mp3tag v2.47b
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Series 60 Theme Studio" = Series 60 Theme Studio
"Tag&Rename_is1" = Tag&Rename 3.5.7
"TrueCrypt" = TrueCrypt
"Undelete 360_is1" = Undelete 360
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"VMware_Workstation" = VMware Workstation
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinAVI Video Converter 10.0_is1" = WinAVI Video Converter
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"QUICKMEDIACONVERTER" = QMC
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Screenpresso" = Screenpresso
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Vielen Dank für deine Hilfe!!

Alt 28.01.2011, 19:31   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Warum wir dauf deinem Rechner die adobe-Aktivierung gesperrt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.01.2011, 11:11   #13
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Wenn ich ehrlich bin keine Ahnung!

Lassen sich keine bösartigen Sachen finden?

Alt 30.01.2011, 13:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit



Zitat:
Adobe Update Manager CS4
Vllt möchtest du erklären aus welcher Quelle dein installiertes Adobe CS4 stammt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.01.2011, 14:15   #15
Sem17
 
atapi.sys - Rootkit - Standard

atapi.sys - Rootkit




Danke für die Hilfe!!

Antwort

Themen zu atapi.sys - Rootkit
alarm, atapi.sys, avast, avast!, bluescree, booten, entferne, forum, gefunde, neu, rootkit, rootkit entfernen, schei, schlägt, thema, windows, windows 7, ähnliches



Ähnliche Themen: atapi.sys - Rootkit


  1. - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (13)
  2. GMER - Rootkit Scanner - VMAUTHSERVICE Rootkit
    Log-Analyse und Auswertung - 27.10.2013 (5)
  3. Rootkit, Bootkit, Rootkit.win32.tdss.ld4 - ich weiss nicht weiter..
    Log-Analyse und Auswertung - 18.03.2013 (1)
  4. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  5. Rootkit.0Access / Rootkit.Agent
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  6. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  7. Verdacht auf Rootkit: SYS-Dateien **LOCKED** + ntkrnlpa.exe + \Driver\atapi
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (4)
  8. Starforce? Rootkit Rootkit.TDSS! Bluescreens und Mbr laufend beschädigt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (9)
  9. Absturz durch Rootkit beim GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (4)
  10. Pc Absturz durch Rootkit bei GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  11. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  12. atapi.sys-Rootkit (TDSS) und weiterer Befall
    Plagegeister aller Art und deren Bekämpfung - 22.05.2010 (3)
  13. Nach Rootkit-Entfernung (TDSS) aus atapi.sys startet der Rechner nicht (Bluescreen)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (17)
  14. C:\WINDOWS\system32\drivers\atapi.sys verdächtig / Werbefenster / Vorgeschichte
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (7)
  15. Ist 'TR/Rootkit.Gen' ein Rootkit, oder nicht?
    Log-Analyse und Auswertung - 06.03.2010 (41)
  16. AVG findet Rootkit-Pakes.U in C:\WINDOWS\system32\drivers\atapi.sys
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (10)
  17. Bluescreen Atapi.sys
    Alles rund um Windows - 06.05.2009 (1)

Zum Thema atapi.sys - Rootkit - Hallo Forum! Ich bin neu hier und habe gleich einmal eine Frage. Mein avast! schlägt immer wegen einer "atapi.sys" Alarm, kann sie aber anscheinend nie entfernen. Nun habe ich in - atapi.sys - Rootkit...
Archiv
Du betrachtest: atapi.sys - Rootkit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.