Youtube kann nicht mehr erreicht werden: "Fehler: Server nicht gefunden "
Hallo,
seit heute kann ich mit keinem Browser (FF 6.0.2, Opera) auf Youtube kommen. Es erscheint jedesmal die Fehlermeldung "Fehler: Server nicht gefunden".
Alle anderen Internetseiten scheinen zu funktionieren.
Ich arbeite mit Windows 7 (32bit).
Hier das OTL file:
OTL Logfile: Code:
OTL logfile created on: 16.09.2011 18:07:56 - Run 3
OTL by OldTimer - Version 3.2.28.0 Folder = D:\Users\Alex\Desktop\trojanerboard
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,59% Memory free
4,00 Gb Paging File | 2,94 Gb Available in Paging File | 73,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive D: | 232,88 Gb Total Space | 135,96 Gb Free Space | 58,38% Space Free | Partition Type: NTFS
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Users\Alex\Desktop\trojanerboard\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - D:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - D:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - D:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - D:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - D:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - D:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - D:\Programme\Launchy\Launchy.exe ()
PRC - D:\Programme\NetMeter\NetMeter.exe ()
========== Modules (No Company Name) ==========
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - D:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - D:\Programme\Notepad++\NppShell_04.dll ()
MOD - D:\Programme\Launchy\plugins\calcy.dll ()
MOD - D:\Programme\Launchy\plugins\gcalc.dll ()
MOD - D:\Programme\Launchy\plugins\runner.dll ()
MOD - D:\Programme\Launchy\plugins\weby.dll ()
MOD - D:\Programme\Launchy\Launchy.exe ()
MOD - D:\Programme\Launchy\plugins\verby.dll ()
MOD - D:\Programme\Launchy\plugins\controly.dll ()
MOD - D:\Programme\Launchy\imageformats\qmng4.dll ()
MOD - D:\Programme\Launchy\QtGui4.dll ()
MOD - D:\Programme\Launchy\QtNetwork4.dll ()
MOD - D:\Programme\Launchy\QtCore4.dll ()
MOD - D:\Programme\NetMeter\NetMeter.exe ()
========== Win32 Services (SafeList) ==========
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- D:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- D:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (LBTServ) -- D:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (DAUpdaterSvc) -- D:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (aswSnx) -- D:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- D:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- D:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- D:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- D:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- D:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SbieDrv) -- D:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (vmbus) -- D:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LMouKE) -- D:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- D:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- D:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- D:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- D:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (yukonw7) -- D:\Windows\System32\drivers\yk62x86.sys ()
DRV - (tandpl) -- D:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- D:\Windows\System32\drivers\enodpl.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 77 63 54 75 74 CC 01 [binary data]
IE - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: treestyletab@piro.sakura.ne.jp:0.11.2011021901
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:3.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.16 14:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 18:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.06.05 19:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.07.31 15:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
[2011.05.03 14:05:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2011.05.03 14:05:34 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.02 15:25:55 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions
[2011.08.19 13:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.02 15:25:55 | 000,000,000 | ---D | M] (Ghostery) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\firefox@ghostery.com
[2011.08.17 12:19:07 | 000,000,000 | ---D | M] (Cooliris) -- D:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\zno1o7bb.default\extensions\piclens@cooliris.com
[2011.06.18 14:08:21 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2011.06.05 19:17:54 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.18 14:08:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- D:\USERS\ALEX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZNO1O7BB.DEFAULT\EXTENSIONS\TREESTYLETAB@PIRO.SAKURA.NE.JP.XPI
[2011.09.07 18:05:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- D:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.09.16 17:18:14 | 000,000,000 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Programme\NetMeter\NetMeter.exe ()
O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1000..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3323950033-3190976883-4005576922-1001..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Maus- und Tastatureinstellungen.lnk = D:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED1F7C9-39F2-436B-AD0D-2AF7254C989C}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) -D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - d:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8d78a650-9433-11e0-ad9a-001a4d40eb99}\Shell - "" = AutoRun
O33 - MountPoints2\{8d78a650-9433-11e0-ad9a-001a4d40eb99}\Shell\AutoRun\command - "" = F:\DS1.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - D:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - State: "bootini" - 2
========== Files/Folders - Created Within 30 Days ==========
[2011.09.16 17:42:02 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\trojanerboard
[2011.09.09 12:15:09 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\vlc
[2011.09.09 12:14:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.09.09 12:14:00 | 000,000,000 | ---D | C] -- D:\Program Files\VideoLAN
[2011.09.09 11:35:58 | 000,000,000 | ---D | C] -- D:\Users\Alex\dwhelper
[2011.08.28 19:45:18 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\Slot_71
[2011.08.28 19:44:01 | 000,000,000 | ---D | C] -- D:\Users\Alex\Desktop\gff4editor-0.5.4
[2011.08.24 12:04:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2011.08.22 12:47:09 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Local\Electronic Arts
[2011.08.22 12:47:01 | 000,000,000 | ---D | C] -- D:\Users\Alex\Documents\Electronic Arts
[2011.08.22 12:44:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.08.22 12:27:48 | 000,000,000 | ---D | C] -- D:\Program Files\Electronic Arts
[2011.08.22 12:19:52 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\Launchy
[2011.08.22 12:19:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launchy
[2011.08.22 12:19:32 | 000,000,000 | ---D | C] -- D:\Program Files\Launchy
[2011.08.18 12:40:44 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Roaming\Opera
[2011.08.18 12:40:44 | 000,000,000 | ---D | C] -- D:\Users\Alex\AppData\Local\Opera
[2011.08.18 12:40:39 | 000,000,000 | ---D | C] -- D:\Program Files\Opera
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.09.16 17:54:12 | 000,016,704 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.16 17:54:12 | 000,016,704 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.16 17:46:52 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011.09.16 17:46:48 | 1609,424,896 | -HS- | M] () -- D:\hiberfil.sys
[2011.09.16 17:43:16 | 000,000,156 | ---- | M] () -- D:\Users\Alex\defogger_reenable
[2011.09.16 17:18:14 | 000,000,000 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2011.09.15 12:17:11 | 000,036,236 | ---- | M] () -- D:\Users\Alex\Desktop\Werften von Antiga (4).SC2Replay
[2011.09.14 13:46:59 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2011.09.14 13:46:59 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011.09.14 13:46:59 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2011.09.14 13:46:59 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011.08.29 16:09:42 | 000,003,584 | ---- | M] () -- D:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.28 19:53:01 | 000,001,645 | ---- | M] () -- D:\Users\Alex\Desktop\Angel_console_fix_fonts_er-1110.zip
[2011.08.28 19:43:29 | 018,668,802 | ---- | M] () -- D:\Users\Alex\Desktop\gff4editor-0.5.4.zip
[2011.08.22 12:19:33 | 000,000,971 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.09.16 17:43:15 | 000,000,156 | ---- | C] () -- D:\Users\Alex\defogger_reenable
[2011.09.15 12:17:09 | 000,036,236 | ---- | C] () -- D:\Users\Alex\Desktop\Werften von Antiga (4).SC2Replay
[2011.08.29 16:09:42 | 000,003,584 | ---- | C] () -- D:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.28 19:52:59 | 000,001,645 | ---- | C] () -- D:\Users\Alex\Desktop\Angel_console_fix_fonts_er-1110.zip
[2011.08.28 19:42:19 | 018,668,802 | ---- | C] () -- D:\Users\Alex\Desktop\gff4editor-0.5.4.zip
[2011.08.24 16:08:15 | 002,344,694 | ---- | C] () -- D:\Users\Alex\Desktop\BILD1260.JPG
[2011.08.22 12:19:33 | 000,000,971 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2011.08.18 12:40:41 | 000,001,791 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.08.16 11:36:54 | 000,007,552 | ---- | C] () -- D:\Windows\System32\drivers\enodpl.sys
[2011.08.16 11:36:54 | 000,004,736 | ---- | C] () -- D:\Windows\System32\drivers\tandpl.sys
[2011.06.24 12:47:44 | 000,000,193 | ---- | C] () -- D:\Windows\hppsapp.INI
[2011.05.03 14:54:03 | 000,001,548 | ---- | C] () -- D:\Windows\Sandboxie.ini
[2011.04.29 11:47:38 | 000,007,615 | ---- | C] () -- D:\Users\Alex\AppData\Local\Resmon.ResmonCfg
[2011.04.27 23:03:56 | 000,306,688 | ---- | C] () -- D:\Windows\System32\Lffpx7.dll
[2011.04.27 23:03:56 | 000,095,232 | ---- | C] () -- D:\Windows\System32\Lfkodak.dll
[2011.04.27 13:43:11 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011.06.11 20:17:51 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
[2011.05.06 14:54:22 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\GrabPro
[2011.07.24 18:23:37 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\IrfanView
[2011.08.22 12:20:05 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Launchy
[2011.04.27 14:39:57 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Leadertech
[2011.05.24 17:51:00 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Mp3tag
[2011.05.15 20:19:45 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\NetMeter
[2011.04.27 14:49:24 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Notepad++
[2011.08.18 12:40:44 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Opera
[2011.06.28 16:00:59 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Orbit
[2011.04.27 14:50:30 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\ProgSense
[2011.05.03 14:05:33 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\Thunderbird
[2011.05.15 20:19:45 | 000,000,000 | ---D | M] -- D:\Users\Alex\AppData\Roaming\TS3Client
[2011.09.11 16:47:24 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.08.28 12:00:28 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2011.07.16 16:08:18 | 000,000,000 | -HSD | M] -- D:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2011.04.27 14:50:30 | 000,000,000 | ---D | M] -- D:\Downloads
[2011.04.27 14:30:04 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2011.09.09 12:14:00 | 000,000,000 | R--D | M] -- D:\Program Files
[2011.06.13 17:36:33 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Programme
[2011.04.27 13:39:31 | 000,000,000 | -HSD | M] -- D:\Recovery
[2011.05.03 14:57:59 | 000,000,000 | R--D | M] -- D:\Sandbox
[2011.09.16 17:54:32 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2011.05.03 14:57:18 | 000,000,000 | R--D | M] -- D:\Users
[2011.07.16 14:35:46 | 000,000,000 | ---D | M] -- D:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: REGEDIT.EXE >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- D:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
< MD5 for: USERINIT.EXE >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 10:30:40
< End of report >
--- --- ---
[/CODE]
Gruß
Hab jetzt erst gesehen, dass das gmer-logfile nicht hochgeladen wurde.... Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-16 18:28:17
Windows 6.1.7601 Service Pack 1
Running: gmer.exe; Driver: D:\Users\Alex\AppData\Local\Temp\kxldrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE43202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E774D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE457F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE45848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE4595E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE45746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DE45898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE4579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE4590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE43226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E774E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DE42FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE4324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE45D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE43CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE45820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE45870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE45988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE45772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE458D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE457C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE45936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E774ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE43BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE4326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE43292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE4304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE43186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE43162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE431AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE432B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E78A398]
Code 95DFFBFC ZwTraceEvent
Code 95DFFBFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C3E349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C7ED80 4 Bytes [02, 32, E4, 8D] {ADD DH, [EDX]; IN AL, 0x8d}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C7EDA8 4 Bytes [8C, 4D, 77, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C7EE5C 2 Bytes [F0, 57]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AA 82C7EE5F 5 Bytes [8D, 48, 58, E4, 8D] {LEA ECX, [EAX+0x58]; IN AL, 0x8d}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C7EE68 4 Bytes [5E, 59, E4, 8D] {POP ESI; POP ECX; IN AL, 0x8d}
.text ...
.text ntkrnlpa.exe!NtTraceEvent 82CC765A 5 Bytes JMP 95DFFC00
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E0BBE8 5 Bytes JMP 8E785D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E241B8 5 Bytes JMP 8E78780A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E392FF 4 Bytes CALL 8DE4434B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82E3E96D 5 Bytes JMP 95DFFD40
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82E52FB1 5 Bytes JMP 95DFFDE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E530D1 4 Bytes CALL 8DE44361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestPort + 2 82E814DF 5 Bytes JMP 95DFFCA0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EDCF10 7 Bytes JMP 8E78A39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text user32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes [E9, 0A, 5C, 67, 8A] {JMP 0xffffffff8a675c0f}
.text user32.dll!UnhookWinEvent 75C7B750 5 Bytes [E9, A7, 4C, 67, 8A] {JMP 0xffffffff8a674cac}
.text user32.dll!SetWindowsHookExW 75C7E30C 5 Bytes [E9, F3, 24, 67, 8A] {JMP 0xffffffff8a6724f8}
.text user32.dll!SetWinEventHook 75C824DC 5 Bytes [E9, 17, DD, 66, 8A] {JMP 0xffffffff8a66dd1c}
.text user32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes [E9, EF, 98, 64, 8A] {JMP 0xffffffff8a6498f4}
.text kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001503FC
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001501F8
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00300A08
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003003FC
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00300804
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003001F8
.text D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[372] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00300600
.text D:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\wininit.exe[488] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000303FC
.text D:\Windows\system32\wininit.exe[488] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000301F8
.text D:\Windows\system32\wininit.exe[488] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\wininit.exe[488] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00050A08
.text D:\Windows\system32\wininit.exe[488] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000503FC
.text D:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00050804
.text D:\Windows\system32\wininit.exe[488] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000501F8
.text D:\Windows\system32\wininit.exe[488] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00050600
.text D:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[504] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[504] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[504] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00420A08
.text D:\Windows\system32\svchost.exe[504] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 004203FC
.text D:\Windows\system32\svchost.exe[504] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00420804
.text D:\Windows\system32\svchost.exe[504] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 004201F8
.text D:\Windows\system32\svchost.exe[504] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00420600
.text D:\Windows\system32\services.exe[540] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\services.exe[540] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\services.exe[540] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\lsass.exe[560] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\lsass.exe[560] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\lsass.exe[560] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00100A08
.text D:\Windows\system32\lsass.exe[560] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001003FC
.text D:\Windows\system32\lsass.exe[560] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00100804
.text D:\Windows\system32\lsass.exe[560] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001001F8
.text D:\Windows\system32\lsass.exe[560] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00100600
.text D:\Windows\system32\lsm.exe[568] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\lsm.exe[568] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\lsm.exe[568] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000303FC
.text D:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000301F8
.text D:\Windows\system32\winlogon.exe[624] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 000C0A08
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000C03FC
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 000C0804
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000C01F8
.text D:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 000C0600
.text D:\Windows\system32\svchost.exe[716] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[716] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[716] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\nvvsvc.exe[788] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Windows\system32\nvvsvc.exe[788] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Windows\system32\nvvsvc.exe[788] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Windows\system32\nvvsvc.exe[788] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00510A08
.text D:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 005103FC
.text D:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00510804
.text D:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 005101F8
.text D:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00510600
.text D:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00370A08
.text D:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003703FC
.text D:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00370804
.text D:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003701F8
.text D:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00370600
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001703FC
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001701F8
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00300A08
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003003FC
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00300804
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003001F8
.text D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1004] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00300600
.text D:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00B10A08
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 00B103FC
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00B10804
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 00B101F8
.text D:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00B10600
.text D:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001E0A08
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001E03FC
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001E0804
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001E01F8
.text D:\Windows\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001E0600
.text D:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 000F0A08
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000F03FC
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 000F0804
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000F01F8
.text D:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 000F0600
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000903FC
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000901F8
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00140A08
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001403FC
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00140804
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001401F8
.text D:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00140600
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Windows\system32\nvvsvc.exe[1296] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1464] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00990A08
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 009903FC
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00990804
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 009901F8
.text D:\Windows\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00990600
.text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 75A1F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\spoolsv.exe[1916] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\System32\spoolsv.exe[1916] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\System32\spoolsv.exe[1916] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00190A08
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001903FC
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00190804
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001901F8
.text D:\Windows\System32\spoolsv.exe[1916] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00190600
.text D:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\svchost.exe[1944] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\svchost.exe[1944] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 000E0A08
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000E03FC
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 000E0804
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000E01F8
.text D:\Windows\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 000E0600
.text D:\Windows\system32\Dwm.exe[2192] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\Dwm.exe[2192] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\Dwm.exe[2192] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00080A08
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000803FC
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00080804
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000801F8
.text D:\Windows\system32\Dwm.exe[2192] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00080600
.text D:\Windows\Explorer.EXE[2216] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Windows\Explorer.EXE[2216] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Windows\Explorer.EXE[2216] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\Explorer.EXE[2216] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00150A08
.text D:\Windows\Explorer.EXE[2216] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001503FC
.text D:\Windows\Explorer.EXE[2216] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00150804
.text D:\Windows\Explorer.EXE[2216] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001501F8
.text D:\Windows\Explorer.EXE[2216] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00150600
.text D:\Windows\system32\taskhost.exe[2268] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000503FC
.text D:\Windows\system32\taskhost.exe[2268] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000501F8
.text D:\Windows\system32\taskhost.exe[2268] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00120A08
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001203FC
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00120804
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001201F8
.text D:\Windows\system32\taskhost.exe[2268] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00120600
.text D:\Windows\system32\AUDIODG.EXE[2516] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00200A08
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002003FC
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00200804
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002001F8
.text D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2776] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00200600
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00300A08
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003003FC
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00300804
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003001F8
.text D:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00300600
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00250A08
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002503FC
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00250804
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002501F8
.text D:\Program Files\Logitech\SetPointP\SetPoint.exe[2876] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00250600
.text D:\Program Files\AVAST Software\Avast\AvastUI.exe[2900] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001703FC
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001701F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00210A08
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002103FC
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00210804
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002101F8
.text D:\Program Files\Common Files\Java\Java Update\jusched.exe[2916] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00210600
.text D:\Program Files\NetMeter\NetMeter.exe[2924] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\NetMeter\NetMeter.exe[2924] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\NetMeter\NetMeter.exe[2924] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00200A08
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002003FC
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00200804
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002001F8
.text D:\Program Files\NetMeter\NetMeter.exe[2924] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00200600
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00130A08
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001303FC
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00130804
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001301F8
.text D:\Program Files\Sandboxie\SbieCtrl.exe[2936] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00130600
.text D:\Program Files\Launchy\Launchy.exe[3120] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001703FC
.text D:\Program Files\Launchy\Launchy.exe[3120] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001701F8
.text D:\Program Files\Launchy\Launchy.exe[3120] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00230A08
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002303FC
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00230804
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002301F8
.text D:\Program Files\Launchy\Launchy.exe[3120] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00230600
.text D:\Windows\system32\SearchIndexer.exe[3212] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Windows\system32\SearchIndexer.exe[3212] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Windows\system32\SearchIndexer.exe[3212] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00100A08
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001003FC
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00100804
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001001F8
.text D:\Windows\system32\SearchIndexer.exe[3212] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00100600
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 001F0A08
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 001F03FC
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 001F0804
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 001F01F8
.text D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3244] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 001F0600
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000603FC
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000601F8
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 00090A08
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 000903FC
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 00090804
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 000901F8
.text D:\Program Files\Windows Media Player\wmpnetwk.exe[3516] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 00090600
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 001603FC
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 001601F8
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 002F0A08
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 002F03FC
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 002F0804
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 002F01F8
.text D:\Users\Alex\Desktop\trojanerboard\gmer.exe[3584] USER32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 002F0600
.text D:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrUnloadDll 7738C8DE 5 Bytes JMP 000A03FC
.text D:\Windows\System32\svchost.exe[3860] ntdll.dll!LdrLoadDll 773922B8 5 Bytes JMP 000A01F8
.text D:\Windows\System32\svchost.exe[3860] kernel32.dll!GetBinaryTypeW + 70 75A369F4 1 Byte [62]
.text D:\Windows\System32\svchost.exe[3860] user32.dll!UnhookWindowsHookEx 75C7ADF9 5 Bytes JMP 003A0A08
.text D:\Windows\System32\svchost.exe[3860] user32.dll!UnhookWinEvent 75C7B750 5 Bytes JMP 003A03FC
.text D:\Windows\System32\svchost.exe[3860] user32.dll!SetWindowsHookExW 75C7E30C 5 Bytes JMP 003A0804
.text D:\Windows\System32\svchost.exe[3860] user32.dll!SetWinEventHook 75C824DC 5 Bytes JMP 003A01F8
.text D:\Windows\System32\svchost.exe[3860] user32.dll!SetWindowsHookExA 75CA6D0C 5 Bytes JMP 003A0600
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Gruß |
