Infizierte Dateiobjekte in der Registry

Rheingold · 29.01.2013, 22:52

okay hier ist das ergebnis:

Code:

ATTFilter

Farbar Service Scanner Version: 16-01-2013
Ran by Jasmina (administrator) on 29-01-2013 at 22:49:59
Running from "C:\Users\Jasmina.NICOJAS-PC\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=DWORD:1


Action Center:
============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

cosinus · 30.01.2013, 11:08

Hm, ich glaub ich bin das Thema falsch angegangen.

Starte bitte mal regedit über Start/Ausführen.
Navigiere nach HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
Im Rechten Teilfenster bitte auf DisableSR doppelt klicken, den Wert 1 bitte umändern in 0 ("null")

Vgl bitte Windowspage - Tipps - Systemwiederherstellung - Für alle Laufwerke erzwingen/deaktivieren

Starte nachdem du den Wert von 1 auf 0 geändert hast Windows neu und überprüfe ob die SWH noch aktiv ist.

Rheingold · 30.01.2013, 11:24

Hallo Cosinus,
mache ich!

Danke!
Jasmina

Wenn ich den Wert auf 0 setze, sind die Buttons Systemwiederherstellung und Erstellen (Wiederherstellungspunkt) aktiv, Konfigurieren ist inaktiv, Schutz für C "Ein".

Allerdings: nach kurzer Zeit / PC-Aktivität und nach Neustart ist der Wert wieder auf 1 gesetzt und die Systemwiederherstellung ist inaktiv (Wert bei C steht aber auf "Ein")

Viele Grüße
Jasmina

P.s.: mein Pfad dahin ist:
HKEY_LOCAL_MACHINE
Software
Policies
Microsoft
Windows NT
SystemRestore

Ich hoffe, das ist okay.

cosinus · 30.01.2013, 14:34

Irgendwas merkt diese Änderung und macht es wieder rückgängig

Du könntest mal mit dieser Kaspersky Rescue Disk das System scannen => http://www.trojaner-board.de/83997-k...scue-disk.html
Vorteil: Das System wird über ein anderes Betriebssystem gescannt, damit wird sichergestellt, dass kein evtl. aktiver Schädling die Scanergebnisse beeinflussen kann.

Rheingold · 31.01.2013, 07:11

Hallo,
bei dem Scan gestern ist kein Befall festgestellt worden. Das Abspeichern des Berichts habe ich aber nicht hinbekommen. Ich lasse den Scan noch mal durchlaufen und poste dann den Bericht.

Viele Grüße
Jasmina

cosinus · 31.01.2013, 09:20

Bitte mal ein Log mit CF machen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Rheingold · 31.01.2013, 14:57

hier der log von combofix.
Viele Grüße, Jasmina

Code:

ATTFilter

ComboFix 13-01-31.01 - Jasmina 31.01.2013  14:27:10.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3990.2139 [GMT 1:00]
ausgeführt von:: c:\users\Jasmina.NICOJAS-PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-28 bis 2013-01-31  ))))))))))))))))))))))))))))))
.
.
2013-01-31 13:30 . 2013-01-31 13:30	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-31 13:30 . 2013-01-31 13:30	--------	d-----w-	c:\users\Nico.NICOJAS-PC\AppData\Local\temp
2013-01-31 13:30 . 2013-01-31 13:30	--------	d-----w-	c:\users\Jasmina\AppData\Local\temp
2013-01-31 13:30 . 2013-01-31 13:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-31 13:30 . 2013-01-31 13:30	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-01-30 16:37 . 2013-01-30 21:35	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-01-30 15:02 . 2013-01-30 15:02	834544	----a-w-	c:\windows\system32\drivers\sptd.sys
2013-01-30 15:02 . 2013-01-30 15:02	--------	d-----w-	c:\program files (x86)\LSoft Technologies
2013-01-30 15:00 . 2013-01-30 15:00	5053696	----a-w-	c:\program files\IsoBurner-Setup.exe
2013-01-30 08:55 . 2013-01-31 06:07	--------	d---a-w-	C:\Navilog1
2013-01-30 08:55 . 2013-01-30 08:57	--------	d-----w-	c:\program files (x86)\Navilog1
2013-01-29 14:25 . 2009-07-13 23:15	246216	----a-w-	c:\windows\SysWow64\wdrvhook.dll
2013-01-29 12:11 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{12095963-45D2-48C9-83D1-8045FF56CE55}\mpengine.dll
2013-01-29 11:06 . 2013-01-29 11:06	--------	d-----w-	C:\Device
2013-01-29 10:41 . 2013-01-29 10:41	--------	d-----w-	c:\users\Administrator\AppData\Local\Programs
2013-01-29 09:15 . 2013-01-29 09:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\TuneUp Software
2013-01-29 09:15 . 2013-01-29 09:24	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-29 08:44 . 2013-01-29 08:44	--------	d-----w-	c:\users\Administrator\AppData\Roaming\SpeedMaxPc
2013-01-29 08:44 . 2013-01-29 08:44	--------	d-----w-	c:\users\Administrator\AppData\Roaming\DriverCure
2013-01-29 08:44 . 2013-01-29 09:17	--------	d-----w-	c:\programdata\SpeedMaxPc
2013-01-28 07:48 . 2013-01-28 07:48	--------	d-----w-	c:\users\Jasmina.NICOJAS-PC\AppData\Local\Diagnostics
2013-01-27 15:58 . 2013-01-27 15:58	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-01-27 08:15 . 2013-01-27 08:15	--------	d-----w-	c:\users\Administrator\AppData\Local\Macromedia
2013-01-27 08:15 . 2013-01-27 08:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\RealNetworks
2013-01-27 07:17 . 2013-01-27 07:17	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Avira
2013-01-24 10:04 . 2013-01-24 10:04	--------	d-----w-	c:\program files\PDF Viewer
2013-01-24 09:57 . 2013-01-24 09:58	19443001	----a-w-	c:\program files\PDFXVwer.exe
2013-01-23 13:20 . 2013-01-23 13:20	--------	d-----w-	c:\program files (x86)\Secunia
2013-01-23 13:14 . 2013-01-23 13:14	3137416	----a-w-	c:\program files\PSISetup6001.exe
2013-01-21 11:13 . 2013-01-21 11:13	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2013-01-20 18:34 . 2013-01-20 18:34	--------	d-----w-	c:\users\Nico.NICOJAS-PC\AppData\Roaming\Avira
2013-01-19 15:22 . 2013-01-19 15:22	4178040	----a-w-	c:\program files\ccsetup326.exe
2013-01-19 15:16 . 2013-01-19 15:16	--------	d-----w-	c:\users\Jasmina.NICOJAS-PC\AppData\Roaming\Avira
2013-01-19 15:12 . 2013-01-19 15:12	--------	d-----w-	c:\programdata\Avira
2013-01-19 15:12 . 2013-01-19 15:12	--------	d-----w-	c:\program files (x86)\Avira
2013-01-19 15:12 . 2012-12-03 14:36	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-01-19 15:12 . 2012-12-03 14:36	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-01-19 15:12 . 2012-11-16 19:17	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-01-18 08:13 . 2013-01-12 02:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-16 20:01 . 2013-01-16 21:16	--------	d-----w-	c:\users\Nico.NICOJAS-PC\AppData\Roaming\Ad-Aware Antivirus
2013-01-16 20:01 . 2013-01-16 20:01	--------	d-----w-	c:\users\Nico.NICOJAS-PC\AppData\Local\adawarebp
2013-01-16 15:42 . 2013-01-16 15:42	--------	d-----w-	c:\program files\Definitions
2013-01-16 15:42 . 2013-01-21 11:14	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-01-14 07:43 . 2013-01-14 07:43	--------	d-----w-	c:\windows\SysWow64\20-20 Technologies
2013-01-10 07:31 . 2013-01-10 07:32	20151664	----a-w-	c:\program files\Firefox Setup 18.0.exe
2013-01-09 14:07 . 2013-01-09 16:15	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-09 05:38 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-06 10:48 . 2012-10-08 09:06	261632	----a-w-	c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2013-01-06 10:43 . 2013-01-06 10:44	--------	d-----w-	c:\windows\SysWow64\kodak
2013-01-06 10:42 . 2013-01-06 10:42	--------	d-----w-	c:\windows\SysWow64\spool
2013-01-06 10:35 . 2013-01-06 10:35	10000984	----a-w-	c:\program files\aio_install.exe
2013-01-04 07:37 . 2013-01-04 07:37	--------	d-----w-	c:\users\Jasmina.NICOJAS-PC\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 15:04 . 2012-02-24 09:35	105661272	----a-w-	c:\program files\avira_free_antivirus_de.exe
2013-01-10 07:29 . 2012-06-11 17:11	17301984	----a-w-	c:\program files\AdobeAIRInstaller.exe
2013-01-09 15:27 . 2012-06-10 11:52	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 15:27 . 2012-06-10 11:52	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 10:58 . 2012-02-24 10:44	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-22 09:27 . 2012-12-22 09:27	16384	----a-w-	c:\program files\wmdmhelper.dll
2012-12-22 09:27 . 2012-12-22 09:27	943344	----a-w-	c:\program files\cddblink.dll
2012-12-22 09:27 . 2012-12-22 09:27	8704	----a-w-	c:\program files\fixrjb.exe
2012-12-22 09:27 . 2012-12-22 09:27	641536	----a-w-	c:\program files\rjbres.dll
2012-12-22 09:27 . 2012-12-22 09:27	45568	----a-w-	c:\program files\ierjplug.dll
2012-12-22 09:27 . 2012-12-22 09:27	370176	----a-w-	c:\program files\rjdlg.dll
2012-12-22 09:27 . 2012-12-22 09:27	31232	----a-w-	c:\program files\rjprog.dll
2012-12-22 09:27 . 2012-12-22 09:27	139264	----a-w-	c:\program files\dunzip32.dll
2012-12-22 09:27 . 2012-12-22 09:27	1115376	----a-w-	c:\program files\cddbmusicid.dll
2012-12-22 09:27 . 2012-12-22 09:27	73216	----a-w-	c:\program files\tsasdk.dll
2012-12-22 09:27 . 2012-12-22 09:27	44544	----a-w-	c:\program files\mmcdda32.dll
2012-12-22 09:27 . 2012-12-22 09:27	22528	----a-w-	c:\program files\tnetdtct.dll
2012-12-22 09:27 . 2012-12-22 09:27	2041072	----a-w-	c:\program files\cddbcontrol.dll
2012-12-22 09:27 . 2012-12-22 09:27	9159680	----a-w-	c:\program files\mediainfo.dll
2012-12-22 09:27 . 2012-12-22 09:27	56320	----a-w-	c:\program files\rpwa3260.dll
2012-12-22 09:27 . 2012-12-22 09:27	48640	----a-w-	c:\program files\tpasdk.dll
2012-12-22 09:27 . 2012-12-22 09:27	44736	----a-w-	c:\program files\rpshellsearch.dll
2012-12-22 09:27 . 2012-12-22 09:27	389272	----a-w-	c:\program files\realcleaner.exe
2012-12-22 09:27 . 2012-12-22 09:27	16296	----a-w-	c:\program files\realtfon.fon
2012-12-22 09:27 . 2012-12-22 09:27	383640	----a-w-	c:\program files\realconverter.exe
2012-12-22 09:27 . 2012-12-22 09:27	354968	----a-w-	c:\program files\convert.exe
2012-12-22 09:27 . 2012-12-22 09:27	719360	----a-w-	c:\program files\dbghelp.dll
2012-12-22 09:27 . 2012-12-22 09:27	69632	----a-w-	c:\program files\rjwmapln.dll
2012-12-22 09:27 . 2012-12-22 09:27	390384	----a-w-	c:\program files\mc_enc_mp4v.dll
2012-12-22 09:27 . 2012-12-22 09:27	389272	----a-w-	c:\program files\realtrimmer.exe
2012-12-22 09:27 . 2012-12-22 09:27	136336	----a-w-	c:\program files\realshare.exe
2012-12-22 09:27 . 2012-12-22 09:27	115200	----a-w-	c:\program files\rpshellextension.dll
2012-12-22 09:27 . 2012-12-22 09:27	47616	----a-w-	c:\program files\rpau3260.dll
2012-12-22 09:27 . 2012-12-22 09:27	30368	----a-w-	c:\program files\rndevicedbbuilder.exe
2012-12-22 09:27 . 2012-12-22 09:27	9216	----a-w-	c:\program files\realjbox.exe
2012-12-22 09:27 . 2012-12-22 09:27	87552	----a-w-	c:\program files\hxaudiodevicehook.dll
2012-12-22 09:27 . 2012-12-22 09:27	86016	----a-w-	c:\program files\rpplugprot.dll
2012-12-22 09:27 . 2012-12-22 09:27	70840	----a-w-	c:\program files\rpshell.dll
2012-12-22 09:27 . 2012-12-22 09:27	17080	----a-w-	c:\program files\rphelperapp.exe
2012-12-22 09:27 . 2012-12-22 09:27	112824	----a-w-	c:\program files\rdsf3260.dll
2012-12-22 09:27 . 2012-12-22 09:27	500888	----a-w-	c:\program files\realplay.exe
2012-12-22 09:27 . 2012-12-22 09:27	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-12-22 09:27 . 2012-12-22 09:27	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-12-22 07:43 . 2012-12-22 07:43	766272	----a-w-	c:\program files\RealPlayer16_de.exe
2012-12-16 17:11 . 2012-12-21 11:57	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:57	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:57	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:57	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-15 12:46 . 2012-12-15 12:46	22916830	----a-w-	c:\program files\vlc-2.0.5-win32.exe
2012-12-01 11:43 . 2012-11-22 08:36	19650144	----a-w-	c:\program files\Thunderbird Setup 17.0.exe
2012-11-30 04:45 . 2013-01-09 05:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-29 09:27 . 2012-02-25 08:16	800824	----a-w-	c:\users\Default\AppData\Roaming\DPInst.exe
2012-11-29 09:27 . 2012-02-25 08:16	36352	----a-w-	c:\users\Default\AppData\Roaming\PnPutil.exe
2012-11-29 09:27 . 2012-02-25 08:16	106496	----a-w-	c:\users\Default\AppData\Roaming\gacutil.exe
2012-11-28 09:35 . 2012-06-11 16:47	859072	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-11-28 09:35 . 2012-02-24 09:55	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-26 12:52 . 2012-02-24 09:16	763408	----a-w-	c:\program files\GoogleEarthSetup.exe
2012-11-22 08:36 . 2012-11-22 08:35	19231504	----a-w-	c:\program files\Firefox Setup 17.0.exe
2012-11-14 07:06 . 2012-12-12 12:38	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 12:38	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 12:38	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 12:38	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 12:38	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 12:38	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 12:38	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 12:38	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 12:38	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 12:38	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 12:38	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 12:38	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 12:38	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 12:38	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 12:38	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 12:38	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 12:38	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 12:38	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 12:38	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 12:38	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 12:38	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 12:38	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-13 10:16 . 2012-11-13 10:16	895464	----a-w-	c:\program files (x86)\jxpiinstall.exe
2012-11-13 09:16 . 2012-11-13 09:15	18090960	----a-w-	c:\program files\Firefox Setup 16.0.2.exe
2012-11-13 09:11 . 2012-11-13 09:11	18580512	----a-w-	c:\program files\Thunderbird Setup 16.0.2.exe
2012-11-09 11:03 . 2012-11-02 12:40	955488	----a-w-	c:\program files\wpsetup-5.18.exe
2012-11-09 05:45 . 2012-12-12 09:56	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:56	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 17:05 . 2012-05-15 11:30	40437664	----a-w-	c:\program files\QuickTimeInstaller.exe
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-11-01 13:39 . 2012-11-01 13:39	9814632	----a-w-	c:\program files\ashampoo_burning_studio_6_free_6.81_3639.exe
2012-10-26 08:20 . 2012-06-12 05:31	13107424	----a-w-	c:\program files\Shockwave_Installer_Full.exe
2012-10-15 14:25 . 2012-10-15 14:25	5922048	----a-w-	c:\program files\m4a-to-mp3-70converter.exe
2012-09-20 05:45 . 2012-09-20 05:45	8782120	----a-w-	c:\program files\radiorecorder-setup.exe
2012-09-11 11:51 . 2012-09-11 11:51	14894636	----a-w-	c:\program files\XnView1991-win-full-de.exe
2012-09-07 05:34 . 2012-09-07 05:33	17653976	----a-w-	c:\program files\Firefox Setup 15.0.1.exe
2012-08-30 05:12 . 2012-08-30 05:12	18365488	----a-w-	c:\program files\Thunderbird Setup 15.0.exe
2012-08-30 05:12 . 2012-08-30 05:10	17655464	----a-w-	c:\program files\Firefox Setup 15.0.exe
2012-08-29 06:44 . 2012-08-29 06:41	15567360	----a-w-	c:\program files\Adobe_AIR_3.4.0.2540_SPS.exe
2012-08-29 06:42 . 2012-08-29 06:42	9672192	----a-w-	c:\program files\Adobe_Flash_Player_AX_11.4.402.265_SPS.exe
2012-08-27 09:13 . 2012-08-27 09:09	152249762	----a-w-	c:\program files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2012-08-25 13:42 . 2012-08-25 13:15	76021168	----a-w-	c:\program files\gimp-2.8.2-setup.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 6129792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 5930112]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\update\realsched.exe" [2012-12-22 295072]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\tray\wintmr.exe" [2009-07-13 6129792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Jasmina.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ksupmgr;File-/Update Service;c:\windows\SysWOW64\ksupmgr.exe [2010-08-25 765592]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 25088]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys [2011-04-12 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-21 14456]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-01-30 834544]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-08 284008]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 85280]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2011-11-18 3673944]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 1225312]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-08-27 1800576]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Chico
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 15:27]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 09:50]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 09:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 3182080]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to iPod Converter - c:\users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jasmina.NICOJAS-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zd0m12fn.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-22 10:27; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Kindersicherung_is1 - c:\program files (x86)\Salfeld\Kisi\unins000.exe
AddRemove-Video Converter - c:\program files (x86)\SweetPacks\VideoConverter\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-31  14:34:12
ComboFix-quarantined-files.txt  2013-01-31 13:34
ComboFix2.txt  2013-01-31 13:19
.
Vor Suchlauf: 16 Verzeichnis(se), 93.262.176.256 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 93.176.926.208 Bytes frei
.
- - End Of File - - 6EABE821B16AF5F9DB44009171FF54EB

cosinus · 31.01.2013, 15:03

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Dirlook::
C:\Device

File::
c:\windows\system32\drivers\dgderdrv.sys

Driver::
dgderdrv

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Rheingold · 31.01.2013, 15:47

hier der logfile.
Avira hat sich beim Neustart automatisch wieder geöffnet. Ich hoffe, das ist kein Problem.

Code:

ATTFilter

ComboFix 13-01-31.01 - Jasmina 31.01.2013  15:30:09.4.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3990.2306 [GMT 1:00]
ausgeführt von:: C:\Users\Jasmina.NICOJAS-PC\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\Users\Jasmina.NICOJAS-PC\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\dgderdrv.sys"


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Windows\SysWow64\SWCTL.DLL


(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_dgderdrv


(((((((((((((((((((((((   Dateien erstellt von 2012-12-28 bis 2013-01-31  ))))))))))))))))))))))))))))))


2013-01-31 14:35:27 . 2013-01-31 14:35:27	--------	d-----w-	C:\Users\UpdatusUser\AppData\Local\temp
2013-01-31 14:35:27 . 2013-01-31 14:35:27	--------	d-----w-	C:\Users\Nico.NICOJAS-PC\AppData\Local\temp
2013-01-31 14:35:27 . 2013-01-31 14:35:27	--------	d-----w-	C:\Users\Jasmina\AppData\Local\temp
2013-01-31 14:35:27 . 2013-01-31 14:35:27	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2013-01-31 14:35:27 . 2013-01-31 14:35:27	--------	d-----w-	C:\Users\Administrator\AppData\Local\temp
2013-01-30 16:37:33 . 2013-01-30 21:35:26	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-01-30 15:02:13 . 2013-01-30 15:02:13	834544	----a-w-	C:\Windows\system32\drivers\sptd.sys
2013-01-30 15:02:04 . 2013-01-30 15:02:04	--------	d-----w-	C:\Program Files (x86)\LSoft Technologies
2013-01-30 15:00:48 . 2013-01-30 15:00:50	5053696	----a-w-	C:\Program Files\IsoBurner-Setup.exe
2013-01-30 08:55:05 . 2013-01-31 06:07:59	--------	d---a-w-	C:\Navilog1
2013-01-30 08:55:05 . 2013-01-30 08:57:31	--------	d-----w-	C:\Program Files (x86)\Navilog1
2013-01-29 14:25:41 . 2009-07-13 23:15:34	246216	----a-w-	C:\Windows\SysWow64\wdrvhook.dll
2013-01-29 12:11:45 . 2013-01-08 05:32:08	9161176	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12095963-45D2-48C9-83D1-8045FF56CE55}\mpengine.dll
2013-01-29 11:06:05 . 2013-01-29 11:06:05	--------	d-----w-	C:\Device
2013-01-29 10:41:09 . 2013-01-29 10:41:09	--------	d-----w-	C:\Users\Administrator\AppData\Local\Programs
2013-01-29 09:15:46 . 2013-01-29 09:15:46	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\TuneUp Software
2013-01-29 09:15:18 . 2013-01-29 09:24:34	--------	d-sh--w-	C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-01-29 08:44:12 . 2013-01-29 08:44:12	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
2013-01-29 08:44:12 . 2013-01-29 08:44:12	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\DriverCure
2013-01-29 08:44:01 . 2013-01-29 09:17:55	--------	d-----w-	C:\ProgramData\SpeedMaxPc
2013-01-28 07:48:25 . 2013-01-28 07:48:25	--------	d-----w-	C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Diagnostics
2013-01-27 15:58:41 . 2013-01-27 15:58:41	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-01-27 08:15:44 . 2013-01-27 08:15:44	--------	d-----w-	C:\Users\Administrator\AppData\Local\Macromedia
2013-01-27 08:15:11 . 2013-01-27 08:15:11	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\RealNetworks
2013-01-27 07:17:31 . 2013-01-27 07:17:31	--------	d-----w-	C:\Users\Administrator\AppData\Roaming\Avira
2013-01-24 10:04:22 . 2013-01-24 10:04:28	--------	d-----w-	C:\Program Files\PDF Viewer
2013-01-24 09:57:31 . 2013-01-24 09:58:04	19443001	----a-w-	C:\Program Files\PDFXVwer.exe
2013-01-23 13:20:46 . 2013-01-23 13:20:46	--------	d-----w-	C:\Program Files (x86)\Secunia
2013-01-23 13:14:20 . 2013-01-23 13:14:26	3137416	----a-w-	C:\Program Files\PSISetup6001.exe
2013-01-21 11:13:31 . 2013-01-21 11:13:31	--------	d-----w-	C:\Program Files (x86)\Toolbar Cleaner
2013-01-20 18:34:16 . 2013-01-20 18:34:16	--------	d-----w-	C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Avira
2013-01-19 15:22:17 . 2013-01-19 15:22:18	4178040	----a-w-	C:\Program Files\ccsetup326.exe
2013-01-19 15:16:26 . 2013-01-19 15:16:26	--------	d-----w-	C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Avira
2013-01-19 15:12:28 . 2013-01-19 15:12:28	--------	d-----w-	C:\ProgramData\Avira
2013-01-19 15:12:28 . 2013-01-19 15:12:28	--------	d-----w-	C:\Program Files (x86)\Avira
2013-01-19 15:12:28 . 2012-12-03 14:36:36	129216	----a-w-	C:\Windows\system32\drivers\avipbb.sys
2013-01-19 15:12:28 . 2012-12-03 14:36:35	99912	----a-w-	C:\Windows\system32\drivers\avgntflt.sys
2013-01-19 15:12:28 . 2012-11-16 19:17:15	27800	----a-w-	C:\Windows\system32\drivers\avkmgr.sys
2013-01-18 08:13:07 . 2013-01-12 02:30:18	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-16 20:01:01 . 2013-01-16 21:16:04	--------	d-----w-	C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Ad-Aware Antivirus
2013-01-16 20:01:00 . 2013-01-16 20:01:02	--------	d-----w-	C:\Users\Nico.NICOJAS-PC\AppData\Local\adawarebp
2013-01-16 15:42:46 . 2013-01-16 15:42:46	--------	d-----w-	C:\Program Files\Definitions
2013-01-16 15:42:12 . 2013-01-21 11:14:10	14456	----a-w-	C:\Windows\system32\drivers\gfibto.sys
2013-01-14 07:43:58 . 2013-01-14 07:43:58	--------	d-----w-	C:\Windows\SysWow64\20-20 Technologies
2013-01-10 07:31:56 . 2013-01-10 07:32:39	20151664	----a-w-	C:\Program Files\Firefox Setup 18.0.exe
2013-01-09 14:07:32 . 2013-01-09 16:15:10	--------	d-----w-	C:\Program Files (x86)\Mozilla Thunderbird
2013-01-09 05:38:46 . 2012-11-30 05:41:07	424448	----a-w-	C:\Windows\system32\KernelBase.dll
2013-01-06 10:48:16 . 2012-10-08 09:06:12	261632	----a-w-	C:\Windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2013-01-06 10:43:42 . 2013-01-06 10:44:05	--------	d-----w-	C:\Windows\SysWow64\kodak
2013-01-06 10:42:15 . 2013-01-06 10:42:15	--------	d-----w-	C:\Windows\SysWow64\spool
2013-01-06 10:35:42 . 2013-01-06 10:35:52	10000984	----a-w-	C:\Program Files\aio_install.exe
2013-01-04 07:37:05 . 2013-01-04 07:37:05	--------	d-----w-	C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Programs
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-19 15:04:21 . 2012-02-24 09:35:22	105661272	----a-w-	C:\Program Files\avira_free_antivirus_de.exe
2013-01-10 07:29:37 . 2012-06-11 17:11:49	17301984	----a-w-	C:\Program Files\AdobeAIRInstaller.exe
2013-01-09 15:27:29 . 2012-06-10 11:52:15	74248	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 15:27:29 . 2012-06-10 11:52:15	697864	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 10:58:19 . 2012-02-24 10:44:46	67599240	----a-w-	C:\Windows\system32\MRT.exe
2012-12-22 09:27:43 . 2012-12-22 09:27:43	16384	----a-w-	C:\Program Files\wmdmhelper.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	943344	----a-w-	C:\Program Files\cddblink.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	8704	----a-w-	C:\Program Files\fixrjb.exe
2012-12-22 09:27:42 . 2012-12-22 09:27:42	641536	----a-w-	C:\Program Files\rjbres.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	45568	----a-w-	C:\Program Files\ierjplug.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	370176	----a-w-	C:\Program Files\rjdlg.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	31232	----a-w-	C:\Program Files\rjprog.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	139264	----a-w-	C:\Program Files\dunzip32.dll
2012-12-22 09:27:42 . 2012-12-22 09:27:42	1115376	----a-w-	C:\Program Files\cddbmusicid.dll
2012-12-22 09:27:41 . 2012-12-22 09:27:41	73216	----a-w-	C:\Program Files\tsasdk.dll
2012-12-22 09:27:41 . 2012-12-22 09:27:41	44544	----a-w-	C:\Program Files\mmcdda32.dll
2012-12-22 09:27:41 . 2012-12-22 09:27:41	22528	----a-w-	C:\Program Files\tnetdtct.dll
2012-12-22 09:27:41 . 2012-12-22 09:27:41	2041072	----a-w-	C:\Program Files\cddbcontrol.dll
2012-12-22 09:27:40 . 2012-12-22 09:27:40	9159680	----a-w-	C:\Program Files\mediainfo.dll
2012-12-22 09:27:40 . 2012-12-22 09:27:40	56320	----a-w-	C:\Program Files\rpwa3260.dll
2012-12-22 09:27:40 . 2012-12-22 09:27:40	48640	----a-w-	C:\Program Files\tpasdk.dll
2012-12-22 09:27:40 . 2012-12-22 09:27:40	44736	----a-w-	C:\Program Files\rpshellsearch.dll
2012-12-22 09:27:40 . 2012-12-22 09:27:40	389272	----a-w-	C:\Program Files\realcleaner.exe
2012-12-22 09:27:40 . 2012-12-22 09:27:40	16296	----a-w-	C:\Program Files\realtfon.fon
2012-12-22 09:27:31 . 2012-12-22 09:27:31	383640	----a-w-	C:\Program Files\realconverter.exe
2012-12-22 09:27:31 . 2012-12-22 09:27:31	354968	----a-w-	C:\Program Files\convert.exe
2012-12-22 09:27:23 . 2012-12-22 09:27:23	719360	----a-w-	C:\Program Files\dbghelp.dll
2012-12-22 09:27:23 . 2012-12-22 09:27:23	69632	----a-w-	C:\Program Files\rjwmapln.dll
2012-12-22 09:27:23 . 2012-12-22 09:27:23	390384	----a-w-	C:\Program Files\mc_enc_mp4v.dll
2012-12-22 09:27:23 . 2012-12-22 09:27:23	389272	----a-w-	C:\Program Files\realtrimmer.exe
2012-12-22 09:27:23 . 2012-12-22 09:27:23	136336	----a-w-	C:\Program Files\realshare.exe
2012-12-22 09:27:23 . 2012-12-22 09:27:23	115200	----a-w-	C:\Program Files\rpshellextension.dll
2012-12-22 09:27:22 . 2012-12-22 09:27:22	47616	----a-w-	C:\Program Files\rpau3260.dll
2012-12-22 09:27:18 . 2012-12-22 09:27:18	30368	----a-w-	C:\Program Files\rndevicedbbuilder.exe
2012-12-22 09:27:17 . 2012-12-22 09:27:17	9216	----a-w-	C:\Program Files\realjbox.exe
2012-12-22 09:27:17 . 2012-12-22 09:27:17	87552	----a-w-	C:\Program Files\hxaudiodevicehook.dll
2012-12-22 09:27:17 . 2012-12-22 09:27:17	86016	----a-w-	C:\Program Files\rpplugprot.dll
2012-12-22 09:27:17 . 2012-12-22 09:27:17	70840	----a-w-	C:\Program Files\rpshell.dll
2012-12-22 09:27:17 . 2012-12-22 09:27:17	17080	----a-w-	C:\Program Files\rphelperapp.exe
2012-12-22 09:27:17 . 2012-12-22 09:27:17	112824	----a-w-	C:\Program Files\rdsf3260.dll
2012-12-22 09:27:16 . 2012-12-22 09:27:16	500888	----a-w-	C:\Program Files\realplay.exe
2012-12-22 09:27:13 . 2012-12-22 09:27:13	499712	----a-w-	C:\Windows\SysWow64\msvcp71.dll
2012-12-22 09:27:13 . 2012-12-22 09:27:13	348160	----a-w-	C:\Windows\SysWow64\msvcr71.dll
2012-12-22 07:43:16 . 2012-12-22 07:43:14	766272	----a-w-	C:\Program Files\RealPlayer16_de.exe
2012-12-16 17:11:22 . 2012-12-21 11:57:09	46080	----a-w-	C:\Windows\system32\atmlib.dll
2012-12-16 14:45:03 . 2012-12-21 11:57:08	367616	----a-w-	C:\Windows\system32\atmfd.dll
2012-12-16 14:13:28 . 2012-12-21 11:57:08	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 . 2012-12-21 11:57:09	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-15 12:46:35 . 2012-12-15 12:46:18	22916830	----a-w-	C:\Program Files\vlc-2.0.5-win32.exe
2012-12-01 11:43:32 . 2012-11-22 08:36:25	19650144	----a-w-	C:\Program Files\Thunderbird Setup 17.0.exe
2012-11-30 04:45:10 . 2013-01-09 05:38:45	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2012-11-29 09:27:38 . 2012-02-25 08:16:44	800824	----a-w-	C:\Users\Default\AppData\Roaming\DPInst.exe
2012-11-29 09:27:38 . 2012-02-25 08:16:44	36352	----a-w-	C:\Users\Default\AppData\Roaming\PnPutil.exe
2012-11-29 09:27:38 . 2012-02-25 08:16:44	106496	----a-w-	C:\Users\Default\AppData\Roaming\gacutil.exe
2012-11-28 09:35:43 . 2012-06-11 16:47:33	859072	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-11-28 09:35:38 . 2012-02-24 09:55:37	779704	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-11-26 12:52:49 . 2012-02-24 09:16:36	763408	----a-w-	C:\Program Files\GoogleEarthSetup.exe
2012-11-22 08:36:18 . 2012-11-22 08:35:36	19231504	----a-w-	C:\Program Files\Firefox Setup 17.0.exe
2012-11-14 07:06:18 . 2012-12-12 12:38:11	17811968	----a-w-	C:\Windows\system32\mshtml.dll
2012-11-14 06:32:33 . 2012-12-12 12:38:10	10925568	----a-w-	C:\Windows\system32\ieframe.dll
2012-11-14 06:11:44 . 2012-12-12 12:38:14	2312704	----a-w-	C:\Windows\system32\jscript9.dll
2012-11-14 06:04:44 . 2012-12-12 12:38:15	1346048	----a-w-	C:\Windows\system32\urlmon.dll
2012-11-14 06:04:11 . 2012-12-12 12:38:14	1392128	----a-w-	C:\Windows\system32\wininet.dll
2012-11-14 06:02:49 . 2012-12-12 12:38:14	1494528	----a-w-	C:\Windows\system32\inetcpl.cpl
2012-11-14 06:02:04 . 2012-12-12 12:38:15	237056	----a-w-	C:\Windows\system32\url.dll
2012-11-14 05:59:52 . 2012-12-12 12:38:14	85504	----a-w-	C:\Windows\system32\jsproxy.dll
2012-11-14 05:58:36 . 2012-12-12 12:38:13	816640	----a-w-	C:\Windows\system32\jscript.dll
2012-11-14 05:57:46 . 2012-12-12 12:38:13	599040	----a-w-	C:\Windows\system32\vbscript.dll
2012-11-14 05:57:35 . 2012-12-12 12:38:15	173056	----a-w-	C:\Windows\system32\ieUnatt.exe
2012-11-14 05:55:45 . 2012-12-12 12:38:13	2144768	----a-w-	C:\Windows\system32\iertutil.dll
2012-11-14 05:55:26 . 2012-12-12 12:38:14	729088	----a-w-	C:\Windows\system32\msfeeds.dll
2012-11-14 05:53:22 . 2012-12-12 12:38:16	96768	----a-w-	C:\Windows\system32\mshtmled.dll
2012-11-14 05:52:40 . 2012-12-12 12:38:16	2382848	----a-w-	C:\Windows\system32\mshtml.tlb
2012-11-14 05:46:25 . 2012-12-12 12:38:15	248320	----a-w-	C:\Windows\system32\ieui.dll
2012-11-14 02:09:22 . 2012-12-12 12:38:13	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 . 2012-12-12 12:38:15	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 . 2012-12-12 12:38:14	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 . 2012-12-12 12:38:15	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 . 2012-12-12 12:38:15	420864	----a-w-	C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 . 2012-12-12 12:38:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-11-13 10:16:10 . 2012-11-13 10:16:01	895464	----a-w-	C:\Program Files (x86)\jxpiinstall.exe
2012-11-13 09:16:02 . 2012-11-13 09:15:40	18090960	----a-w-	C:\Program Files\Firefox Setup 16.0.2.exe
2012-11-13 09:11:53 . 2012-11-13 09:11:21	18580512	----a-w-	C:\Program Files\Thunderbird Setup 16.0.2.exe
2012-11-09 11:03:02 . 2012-11-02 12:40:21	955488	----a-w-	C:\Program Files\wpsetup-5.18.exe
2012-11-09 05:45:09 . 2012-12-12 09:56:37	2048	----a-w-	C:\Windows\system32\tzres.dll
2012-11-09 04:42:49 . 2012-12-12 09:56:37	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-11-08 17:05:38 . 2012-05-15 11:30:33	40437664	----a-w-	C:\Program Files\QuickTimeInstaller.exe
2012-11-08 10:29:12 . 2012-11-08 10:29:12	1402312	----a-w-	C:\Windows\SysWow64\msxml4.dll
2012-11-01 13:39:33 . 2012-11-01 13:39:24	9814632	----a-w-	C:\Program Files\ashampoo_burning_studio_6_free_6.81_3639.exe
2012-10-26 08:20:23 . 2012-06-12 05:31:47	13107424	----a-w-	C:\Program Files\Shockwave_Installer_Full.exe
2012-10-15 14:25:53 . 2012-10-15 14:25:45	5922048	----a-w-	C:\Program Files\m4a-to-mp3-70converter.exe
2012-09-20 05:45:52 . 2012-09-20 05:45:49	8782120	----a-w-	C:\Program Files\radiorecorder-setup.exe
2012-09-11 11:51:29 . 2012-09-11 11:51:11	14894636	----a-w-	C:\Program Files\XnView1991-win-full-de.exe
2012-09-07 05:34:07 . 2012-09-07 05:33:50	17653976	----a-w-	C:\Program Files\Firefox Setup 15.0.1.exe
2012-08-30 05:12:36 . 2012-08-30 05:12:27	18365488	----a-w-	C:\Program Files\Thunderbird Setup 15.0.exe
2012-08-30 05:12:16 . 2012-08-30 05:10:52	17655464	----a-w-	C:\Program Files\Firefox Setup 15.0.exe
2012-08-29 06:44:01 . 2012-08-29 06:41:24	15567360	----a-w-	C:\Program Files\Adobe_AIR_3.4.0.2540_SPS.exe
2012-08-29 06:42:11 . 2012-08-29 06:42:01	9672192	----a-w-	C:\Program Files\Adobe_Flash_Player_AX_11.4.402.265_SPS.exe
2012-08-27 09:13:03 . 2012-08-27 09:09:16	152249762	----a-w-	C:\Program Files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2012-08-25 13:42:05 . 2012-08-25 13:15:13	76021168	----a-w-	C:\Program Files\gimp-2.8.2-setup.exe


((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- Directory of C:\Device ----



((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="C:\Windows\tray\wintmr.exe" [2009-07-13 23:15:34 6129792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 20:56:08 59280]
"ChicoSys"="C:\Windows\SysWOW64\cc32\webtmr.exe" [2009-07-13 23:15:34 5930112]
"AccuWeatherWidget"="C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 10:50:58 968048]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 02:12:14 421888]
"TkBellExe"="C:\Program Files\update\realsched.exe" [2012-12-22 09:27:15 295072]
"EKStatusMonitor"="C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 10:58:24 2844608]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 09:06:08 3182080]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 14:36:48 384800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="C:\Windows\tray\wintmr.exe" [2009-07-13 23:15:34 6129792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 14:01:34 2235840]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
OpenOffice.org 3.4.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [2012-11-26 573024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"

R1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 ksupmgr;File-/Update Service;C:\Windows\SysWOW64\ksupmgr.exe [2010-08-25 08:56:38 765592]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 14:09:20 659040]
R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);C:\Windows\system32\DRIVERS\HPMo4DE3.sys [2011-03-09 09:44:44 25088]
R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);C:\Windows\system32\Drivers\HPub4DE3.sys [2011-04-12 10:45:50 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
S0 gfibto;gfibto;C:\Windows\system32\drivers\gfibto.sys [2013-01-21 11:14:10 14456]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 09:42:36 30056]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2013-01-30 15:02:13 834544]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 10:05:12 21616]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys [2012-11-16 19:17:15 27800]
S1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys [2012-10-08 09:42:14 284008]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-04 11:13:51 85280]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 13:51:08 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 10:58:22 779200]
S2 Radio.fx;Radio.fx Server;D:\Tobit Radio.fx\Server\rfx-server.exe [2011-11-18 12:51:12 3673944]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 19:31:04 38608]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2012-11-26 14:09:22 1225312]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 11:15:38 382824]
S3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys [2010-12-13 07:34:14 27760]
S3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\system32\DRIVERS\AVer7231_x64.sys [2010-08-27 09:42:00 1800576]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-15 00:13:00 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 09:51:30 175168]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 18:45:00 60416]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 12:52:34 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 12:52:34 181760]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 08:30:58 17976]
S3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys [2010-07-02 00:46:58 29288]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 05:34:52 539240]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - Chico

Inhalt des "geplante Tasks" Ordners

2013-01-31 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 11:52:15 . 2013-01-09 15:27:30]

2013-01-31 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 09:50:39 . 2012-02-24 09:50:37]

2013-01-31 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 09:50:39 . 2012-02-24 09:50:37]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-02-12 04:15:48 167960]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-02-12 04:15:38 391704]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-02-12 04:15:44 418328]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"DellStage"="C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 10:50:02 2195824]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 05:27:44 444904]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2012-10-08 09:06:08 3182080]

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zd0m12fn.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-22 10:27; {34712C68-7391-4c47-94F3-8F88D49AD632}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Kindersicherung_is1 - C:\Program Files (x86)\Salfeld\Kisi\unins000.exe
AddRemove-Video Converter - C:\Program Files (x86)\SweetPacks\VideoConverter\uninstall.exe

cosinus · 31.01.2013, 15:59

Ist die SWH nun wieder aktiv und bleibt sie es auch?

Rheingold · 31.01.2013, 16:19

Hallo Cosinus,
System und Sicherheit/System/Computerschutz/Systemeigenschaften steht der Schutz für Laufwerk C und D auf „ein“
Konfigurieren ist nicht möglich.

Unter Systemsteuerung/Alle Systemsteuerungselemente/Wiederherstellung ist der Button "Systemwiederherstellung" nicht aktiv.
Allerdings kann ich über den Button "Erweiterte Wiederherstellungsmethoden" entweder
"Windwos neu installieren" oder den Button "Verwenden Sie ein zuvor erstelltes Systemabbild, um den Computer wiederherzustellen" auswählen. Beide sind aktiv. Aber ich habe nichts ausgeführt.

Kompliziert finde ich.

cosinus · 31.01.2013, 16:22

Downloade dir bitte Farbar's Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- SecurityCenter / ActionCenter
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Rheingold · 31.01.2013, 16:41

So, hier ist der log von FSS:

Code:

ATTFilter

Farbar Service Scanner Version: 30-01-2013
Ran by Jasmina (administrator) on 31-01-2013 at 16:38:57
Running from "C:\Users\Jasmina.NICOJAS-PC\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=DWORD:1


Action Center:
============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

cosinus · 31.01.2013, 17:00

Bitte mach nun ein Log mit GMER und poste es

Rheingold · 31.01.2013, 17:48

Habe ich gemacht. Hier das Ergebnis!
Uuups, das sind zu viele Zeichen. Ich poste das jetzt einfach in zwei Teilen.

Code:

ATTFilter

GMER 2.0.18454 - http://www.gmer.net
Rootkit scan 2013-01-31 17:41:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.D005SDM1 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\JASMIN~1.NIC\AppData\Local\Temp\awliyfob.sys


---- Kernel code sections - GMER 2.0 ----

.text   C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                                                                                                            fffff8800ff6fd64 12 bytes {MOV RAX, 0xfffffa80055422a0; JMP RAX}

---- User code sections - GMER 2.0 ----

.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                   0000000075811401 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                     0000000075811419 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                   0000000075811431 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                   000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                      00000000758114dd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                               00000000758114f5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                      000000007581150d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                               0000000075811525 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                     000000007581153d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                          0000000075811555 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                   000000007581156d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                     0000000075811585 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                        000000007581159d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                     00000000758115b5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                   00000000758115cd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                               00000000758116b2 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                               00000000758116bd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000075811401 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000075811419 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000075811431 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                   00000000758114dd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            00000000758114f5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                   000000007581150d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000075811525 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  000000007581153d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                       0000000075811555 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                000000007581156d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000075811585 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                     000000007581159d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  00000000758115b5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                00000000758115cd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            00000000758116b2 2 bytes [81, 75]
.text   C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            00000000758116bd 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                   0000000075fd87b1 5 bytes JMP 0000000100641870
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                        0000000075811401 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                          0000000075811419 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                        0000000075811431 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                        000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                           00000000758114dd 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                    00000000758114f5 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                           000000007581150d 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                    0000000075811525 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                          000000007581153d 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                               0000000075811555 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                        000000007581156d 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                          0000000075811585 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                             000000007581159d 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                          00000000758115b5 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                        00000000758115cd 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                    00000000758116b2 2 bytes [81, 75]
.text   D:\Tobit Radio.fx\Server\rfx-server.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                    00000000758116bd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                    0000000075811401 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                      0000000075811419 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                    0000000075811431 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                    000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                       00000000758114dd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                00000000758114f5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                       000000007581150d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                0000000075811525 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                      000000007581153d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                           0000000075811555 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                    000000007581156d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                      0000000075811585 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                         000000007581159d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                      00000000758115b5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                    00000000758115cd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                00000000758116b2 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                00000000758116bd 2 bytes [81, 75]
.text   C:\Windows\system32\taskhost.exe[2368] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                                               000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                             0000000075811401 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                               0000000075811419 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                             0000000075811431 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                             000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                00000000758114dd 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                         00000000758114f5 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                000000007581150d 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                         0000000075811525 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                               000000007581153d 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                    0000000075811555 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                             000000007581156d 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                               0000000075811585 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                  000000007581159d 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                               00000000758115b5 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                             00000000758115cd 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                         00000000758116b2 2 bytes [81, 75]
.text   C:\Windows\SysWOW64\cchservice.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                         00000000758116bd 2 bytes [81, 75]
.text   C:\Windows\system32\Dwm.exe[2708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                                                    000007fefd349aa5 3 bytes [65, 65, 21]
.text   C:\Windows\Explorer.EXE[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                                                        000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Windows\System32\hkcmd.exe[3452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                                                  000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Windows\System32\igfxpers.exe[3460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                                               000007fefd349aa5 3 bytes [65, 65, 82]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3528] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                                  000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                               000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                         000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                                                                       0000000075fd7a17 6 bytes {JMP QWORD [RIP+0x71a6001e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                                                                      0000000075fed7ea 6 bytes {JMP QWORD [RIP+0x71ac001e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\kernel32.dll!SuspendThread                                                                                                                         0000000075ff7d66 6 bytes {JMP QWORD [RIP+0x71a3001e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                                0000000075312c91 4 bytes {CALL QWORD [RIP+0x1e000a]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                0000000075811401 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                  0000000075811419 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                0000000075811431 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                   00000000758114dd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                            00000000758114f5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                   000000007581150d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                            0000000075811525 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                  000000007581153d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                       0000000075811555 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                000000007581156d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                  0000000075811585 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                     000000007581159d 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                  00000000758115b5 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                00000000758115cd 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                            00000000758116b2 2 bytes [81, 75]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                            00000000758116bd 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3480] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                                                           0000000075fd7a17 6 bytes {JMP QWORD [RIP+0x71a6001e]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3480] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                                                          0000000075fed7ea 6 bytes {JMP QWORD [RIP+0x71ac001e]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3480] C:\Windows\syswow64\kernel32.dll!SuspendThread                                                                                                             0000000075ff7d66 6 bytes {JMP QWORD [RIP+0x71a3001e]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3480] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                    0000000075312c91 4 bytes {CALL QWORD [RIP+0x26000a]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                                                           0000000075fd7a17 6 bytes {JMP QWORD [RIP+0x71a7001e]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                                                          0000000075fed7ea 6 bytes {JMP QWORD [RIP+0x71ad001e]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\kernel32.dll!SuspendThread                                                                                                             0000000075ff7d66 6 bytes {JMP QWORD [RIP+0x71a4001e]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                    0000000075312c91 4 bytes {CALL QWORD [RIP+0x2fc000a]}
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                    0000000075811401 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                      0000000075811419 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                    0000000075811431 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                    000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                       00000000758114dd 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                00000000758114f5 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                       000000007581150d 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                0000000075811525 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                      000000007581153d 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                           0000000075811555 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                    000000007581156d 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                      0000000075811585 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                         000000007581159d 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                      00000000758115b5 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                    00000000758115cd 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                00000000758116b2 2 bytes [81, 75]
.text   C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                00000000758116bd 2 bytes [81, 75]
.text   C:\Program Files\Update\realsched.exe[3232] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                                                                                 0000000075fd7a17 6 bytes {JMP QWORD [RIP+0x71a8001e]}
.text   C:\Program Files\Update\realsched.exe[3232] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                                                     0000000075fd87b1 5 bytes [33, C0, C2, 04, 00]
.text   C:\Program Files\Update\realsched.exe[3232] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                                                                                0000000075fed7ea 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text   C:\Program Files\Update\realsched.exe[3232] C:\Windows\syswow64\kernel32.dll!SuspendThread                                                                                                                                   0000000075ff7d66 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text   C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe[148] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                         000007fefd349aa5 3 bytes [65, 65, 06]
.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3704] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                                                                0000000075fd7a17 6 bytes {JMP QWORD [RIP+0x71a8001e]}
.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3704] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                                                               0000000075fed7ea 6 bytes {JMP QWORD [RIP+0x71ae001e]}
.text   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3704] C:\Windows\syswow64\kernel32.dll!SuspendThread                                                                                                                  0000000075ff7d66 6 bytes {JMP QWORD [RIP+0x71a5001e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\kernel32.dll!TerminateThread                                                                                              0000000075fd7a17 6 bytes {JMP QWORD [RIP+0x71a0001e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\kernel32.dll!TerminateProcess                                                                                             0000000075fed7ea 6 bytes {JMP QWORD [RIP+0x71ac001e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\kernel32.dll!SuspendThread                                                                                                0000000075ff7d66 6 bytes {JMP QWORD [RIP+0x719d001e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                       0000000075312c91 4 bytes {CALL QWORD [RIP+0x57000a]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                       0000000075811401 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                         0000000075811419 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                       0000000075811431 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                       000000007581144a 2 bytes [81, 75]
.text   ...                                                                                                                                                                                                                          * 9
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                          00000000758114dd 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                   00000000758114f5 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                          000000007581150d 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                   0000000075811525 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                         000000007581153d 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                              0000000075811555 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                       000000007581156d 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                         0000000075811585 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                            000000007581159d 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                         00000000758115b5 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                       00000000758115cd 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                   00000000758116b2 2 bytes [81, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                   00000000758116bd 2 bytes [81, 75]

---- Kernel IAT/EAT - GMER 2.0 ----

IAT     C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                                                                                                [fffff880010bb650] \SystemRoot\System32\Drivers\sprn.sys [unknown section]
IAT     C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                                                                                             [fffff880010bb5dc] \SystemRoot\System32\Drivers\sprn.sys [unknown section]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                                                                               [fffff8800108635c] \SystemRoot\System32\Drivers\sprn.sys [unknown section]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                                                                                      [fffff88001086224] \SystemRoot\System32\Drivers\sprn.sys [unknown section]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                                                                                     [fffff88001086a24] \SystemRoot\System32\Drivers\sprn.sys [unknown section]
IAT     C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                                                                              [fffff88001086ba0] \SystemRoot\System32\Drivers\sprn.sys [unknown section]

---- User IAT/EAT - GMER 2.0 ----

IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\taskhost.exe[KERNEL32.dll!TerminateProcess]                                                                                                                     [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                        [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                     [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread]                                                                                                                      [80030000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                        [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateThread]                                                                                                                        [80030000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                      [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\System32\PlaySndSrv.dll[KERNEL32.dll!TerminateProcess]                                                                                                                   [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\WINMM.dll[KERNEL32.dll!TerminateProcess]                                                                                                                        [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess]                                                                                                                      [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\dsrole.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\MMDevAPI.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                     [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!TerminateProcess]                                                                                                                      [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\wdmaud.drv[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                     [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\AUDIOSES.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                     [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\msacm32.drv[KERNEL32.dll!TerminateProcess]                                                                                                                      [80000000] 
IAT     C:\Windows\system32\taskhost.exe[2368] @ C:\Windows\system32\midimap.dll[KERNEL32.dll!TerminateProcess]                                                                                                                      [80000000] 
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]                                              [7fef71a2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]                                          [7fef71a2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]                                  [7fef71a7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]                                           [7fef71a8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]                                   [7fef71a1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]                                            [7fef71a1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]                                           [7fef71a81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                                                   [7fef71a2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]                                     [7fef71a7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement]                                             [7fef71a6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]                                      [7fef71a77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]                                         [7fef71a7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]                                          [7fef71a6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2664] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]                                            [7fef71a5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\Dwm.exe[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\Dwm.exe[KERNEL32.dll!TerminateThread]                                                                                                                                [80030000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                             [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                            [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                             [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dwmredir.dll[KERNEL32.dll!TerminateThread]                                                                                                                           [80030000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dwmredir.dll[KERNEL32.dll!TerminateProcess]                                                                                                                          [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dwmcore.dll[KERNEL32.dll!TerminateThread]                                                                                                                            [80030000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dwmcore.dll[KERNEL32.dll!TerminateProcess]                                                                                                                           [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!TerminateThread]                                                                                                                      [80030000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!TerminateProcess]                                                                                                                     [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\d3d10_1.dll[KERNEL32.dll!TerminateProcess]                                                                                                                           [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\d3d10_1core.dll[KERNEL32.dll!TerminateProcess]                                                                                                                       [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dxgi.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!TerminateProcess]                                                                                                                           [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateProcess]                                                                                                                            [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateThread]                                                                                                                             [80030000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\PSAPI.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                             [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\uDWM.dll[KERNEL32.dll!TerminateThread]                                                                                                                               [80030000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\uDWM.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\system32\Dwm.exe[2708] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess]                                                                                                                           [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE[KERNEL32.dll!TerminateProcess]                                                                                                                                       [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE[KERNEL32.dll!TerminateThread]                                                                                                                                        [80030000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                 [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!TerminateThread]                                                                                                                               [80030000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\EXPLORERFRAME.dll[KERNEL32.dll!TerminateProcess]                                                                                                                         [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                 [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                 [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\IMM32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                 [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!TerminateThread]                                                                                                                                 [80030000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll[KERNEL32.dll!TerminateProcess]                                           [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\PROPSYS.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WINSTA.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!TerminateThread]                                                                                                                          [80030000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WindowsCodecs.dll[KERNEL32.dll!TerminateProcess]                                                                                                                         [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!TerminateProcess]                                                                                                                           [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\IconCodecService.dll[KERNEL32.dll!TerminateProcess]                                                                                                                      [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\SndVolSSO.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                             [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\HID.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                                   [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\MMDevApi.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\timedate.cpl[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ATL.DLL[KERNEL32.dll!TerminateProcess]                                                                                                                                   [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!TerminateThread]                                                                                                                                [80030000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\shdocvw.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!TerminateProcess]                                                                                                                              [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\gameux.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\XmlLite.dll[KERNEL32.dll!TerminateProcess]                                                                                                                               [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\System32\wer.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                   [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Windows\system32\msls31.dll[KERNEL32.dll!TerminateProcess]                                                                                                                                [80000000] 
IAT     C:\Windows\Explorer.EXE[2704] @ C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll[KERNEL32.dll!TerminateProcess]

31.01.2013, 15:59	#55
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Infizierte Dateiobjekte in der Registry Ist die SWH nun wieder aktiv und bleibt sie es auch? __________________ Logfiles bitte immer in CODE-Tags posten

31.01.2013, 17:00	#59
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Infizierte Dateiobjekte in der Registry Bitte mach nun ein Log mit GMER und poste es __________________ Logfiles bitte immer in CODE-Tags posten

Infizierte Dateiobjekte in der Registry

Plagegeister aller Art und deren Bekämpfung: Infizierte Dateiobjekte in der Registry