Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Log-Analyse und Auswertung: Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 14.01.2014, 01:14   #1
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Hallo,
Beim Scan mit Malwarebytes wird ein Infizierter Registrierungsschlüssel gemeldet, nach entfernen schreibt er sich sofort wieder neu.
Im Abgesicherten Modus hingegen bleibt er nach Entfernung und Neustart (im Abgesicherten Modus) entfernt.
Wenn ich wieder im Normalmodus starte ist der Eintrag wieder da.
Mein Virenscanner findet kein Problem.
Es gibt auch keine merkbaren Probleme mit dem Rechner.

Übrigens, der Ms Word Excel Cracker ist ein legales Programm zum testen von Passwörtern.Diese Version ist die erste Freigabe auf CNET Download.com. Ich hoffe Ihr seht das auch so

lG Udo

Alt 14.01.2014, 08:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 14.01.2014, 09:24   #3
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02
Ran by Plankton (administrator) on PLANKTON-PC on 13-01-2014 23:35:51
Running from C:\Users\Plankton\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\StartAutorun.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMCONFIG.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMProcess.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\System32\XSrvSetup.exe
(UASSOFT.COM) C:\Program Files\Mouse Driver\KMWDSrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Megatech\MProtect\MPServ.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [KMCONFIG] - C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
HKLM\...\Run: [SSS2009 HotKeys] - C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe [80896 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [SSS2009 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [SSS2009 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [49664 2010-06-22] (Steganos GmbH)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-22] (Piriform Ltd)
HKCU\...\Run: [csrv.exe] - C:\Users\Plankton\AppData\Roaming\hJQMZ3mL\local.exe [375808 2013-10-24] (Company)
MountPoints2: {29787b2f-f88d-11e2-90ff-1c6f654c8f4a} - F:\LGAutoRun.exe
MountPoints2: {a41b7b0a-5c9d-11e0-aa00-1c6f654c8f4a} - G:\LaunchU3.exe -a
MountPoints2: {a64e5b69-9767-11e1-a8b4-1c6f654c8f4a} - G:\NokiaPCIA_Autorun.exe
AppInit_DLLs: C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9A19B427225CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH)
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "backup.ftp", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ftp_port", 7808
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.socks_port", 7808
FF NetworkProxy: "backup.ssl", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ssl_port", 7808
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\maps@ovi.com [2012-04-15]
FF Extension: Toolbar Buttons - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-11-05]
FF Extension: FEBE - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-26]
FF Extension: FT DeepDark - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-01-13]
FF Extension: PrefBar - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2013-08-29]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-12-26]
FF Extension: Context Menu Image Saver - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\cmis@choobin.xpi [2013-12-22]
FF Extension: Fetch Text URL (fix version) - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\fetch.text.url@fix.version.xpi [2013-12-22]
FF Extension: NASA Night Launch - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\nasanightlaunch@example.com.xpi [2013-06-02]
FF Extension: Image Zoom - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: Tab Mix Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-05]
FF Extension: Fetch Text URL [de] - C:\Program Files\Mozilla Firefox\extensions\FetchTextURL_1.6.4_fx+sm_de-DE [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 11\pfplugin [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 11\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 11\spmplugin3 [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-02]

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://de.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()
R2 KMWDSERVICE; C:\Program Files\Mouse Driver\KMWDSrv.exe [204800 2007-09-07] (UASSOFT.COM)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Megatech-Software-Protection; C:\Program Files\Megatech\MProtect\MPServ.EXE [36864 2007-12-12] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2007-01-26] (CACE Technologies)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [53280 2011-08-23] ()
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 gdrv; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
U3 uwtcakod; \??\C:\Users\Plankton\AppData\Local\Temp\uwtcakod.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-13 23:35 - 2014-01-13 23:35 - 00018288 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:03 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-13 22:01 - 2014-01-13 22:01 - 01219584 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 09:56 - 2014-01-13 21:59 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 09:55 - 2014-01-13 21:59 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-13 09:55 - 2014-01-13 21:59 - 00000112 _____ C:\Windows\setupact.log
2014-01-13 09:55 - 2014-01-13 09:55 - 00000000 _____ C:\Windows\setuperr.log
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 21:25 - 2014-01-12 22:18 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:24 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2014-01-12 21:24 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2014-01-12 21:24 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2014-01-12 21:24 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2014-01-12 21:24 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:26 - 2014-01-13 23:19 - 00006428 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:23 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:57 - 2013-12-26 17:58 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:42 - 2013-12-23 17:47 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-21 13:24 - 2013-12-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-15 21:05 - 2013-12-15 21:08 - 00000000 ____D C:\Users\Plankton\Desktop\Schwert

==================== One Month Modified Files and Folders =======

2014-01-13 23:36 - 2014-01-13 23:35 - 00018288 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-13 23:28 - 2011-02-28 23:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-13 23:19 - 2014-01-12 20:26 - 00006428 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-13 23:09 - 2013-10-10 08:17 - 00037066 _____ C:\Windows\WindowsUpdate.log
2014-01-13 22:52 - 2011-07-30 17:05 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:37 - 2011-02-28 22:40 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:06 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 22:06 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 22:03 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-13 22:01 - 2014-01-13 22:01 - 01219584 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 21:59 - 2014-01-13 09:56 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 21:59 - 2014-01-13 09:55 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-13 21:59 - 2014-01-13 09:55 - 00000112 _____ C:\Windows\setupact.log
2014-01-13 21:59 - 2011-07-30 17:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 21:59 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 09:55 - 2014-01-13 09:55 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 00:40 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\vlc
2014-01-12 23:10 - 2013-12-06 21:42 - 00125716 _____ C:\Windows\PFRO.log
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 22:35 - 2011-05-08 12:42 - 00000000 ____D C:\test
2014-01-12 22:18 - 2014-01-12 21:25 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 22:08 - 2011-02-28 23:52 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\R-Wipe&Clean
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:27 - 2011-02-28 23:19 - 00000000 ___HD C:\VritualRoot
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-12 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2014-01-12 17:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:27 - 2011-03-05 22:27 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:26 - 2014-01-04 20:23 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-28 19:04 - 2011-03-20 19:42 - 00000000 ____D C:\Program Files\XnView
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:58 - 2013-12-26 17:57 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-26 16:33 - 2013-11-13 17:05 - 00000812 _____ C:\Users\Plankton\Desktop\Körperfettwaage.txt
2013-12-26 14:39 - 2011-10-09 21:10 - 00000000 ____D C:\Hintergrundbilder
2013-12-26 11:52 - 2011-07-22 21:09 - 00000000 ____D C:\E-Mail-Sich
2013-12-25 16:53 - 2013-08-23 08:51 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\TrueCrypt
2013-12-24 02:10 - 2011-02-28 22:50 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\Free Download Manager
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:47 - 2013-12-23 17:42 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:42 - 2011-02-28 22:37 - 00000000 ____D C:\Users\Plankton
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-22 12:13 - 2012-04-24 22:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:26 - 2013-12-21 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-15 21:08 - 2013-12-15 21:05 - 00000000 ____D C:\Users\Plankton\Desktop\Schwert

Some content of TEMP:
====================
C:\Users\Plankton\AppData\Local\Temp\CoFix.exe
C:\Users\Plankton\AppData\Local\Temp\ComboFix.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 16:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-01-2014 02
Ran by Plankton at 2014-01-13 22:03:31
Running from C:\Users\Plankton\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

7-Zip 9.28 alpha (Version:  - )
Acer eBook Manager (Version: 1.00.3008 - Acer Incorporated)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AnyDVD (Version: 6.7.7.0 - SlySoft)
Application Profiles (Version: 2.0.4148.33974 - ATI Technologies, Inc.)
calibre (Version: 0.8.58 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.04 - Piriform)
CloneDVD2 (Version: 2.9.2.8 - Elaborate Bytes)
CloneSpy 2.7 (Version:  - CloneSpy)
COMODO Internet Security (Version: 5.3.50343.1263 - COMODO Group Inc.)
ConvertXtoDVD 4.1.7.343 (Version: 4.1.7.343 - )
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
Eraser (Version: 5.7 - Heidi Computers Ltd)
EVEREST Home Edition v2.20 (Version: 2.20 - Lavalys Inc)
FileParade Bundle (Version: 1.0.0.0 - FileParade Bundle)
Free Download Manager 3.9.2 (Version:  - FreeDownloadManager.ORG)
FreeCommander 2009.02b (Version: 2009.02 - Marek Jasinski)
Gigabyte Raid Configurer (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Iomega Encryption 3.1.0 (Version: 3.1.0 - Iomega)
Java 7 Update 21 (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 31 (Version: 6.0.310 - Oracle)
JavaFX 2.1.0 (Version: 2.1.0 - Oracle Corporation)
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
LG PC Suite (Version: 5.3.06.20130913 - LG Electronics)
LG United Mobile Drivers (Version: 3.10.1.0 - LG Electronics)
LightScribe System Software (Version: 1.18.24.1 - LightScribe)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (German) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.6458.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Mouse Driver (Version: 5.07.11 - UASSOFT)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Nero 7 Premium (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (Version: 7.1.180.46 - Nokia)
Nokia PC Suite (Version: 7.1.180.46 - Nokia) Hidden
Nokia Suite (Version: 3.8.30.0 - Nokia)
Nokia Suite (Version: 3.8.30.0 - Nokia) Hidden
NVIDIA PhysX (Version: 9.10.0513 - NVIDIA Corporation)
O&O DiskRecovery (Version: 7.0.6476 - O&O Software GmbH)
ON_OFF Charge B10.0427.1 (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (Version: 12.0.109.0 - Nokia)
PixiePack Codec Pack (Version: 1.1.1200.0 - None)
PowerPacket Ethernet Adapter (Version:  - )
Railworks 3 Train Simulator 2012 Deluxe (Version:  - )
Real Alternative 2.0.2 (Version: 2.0.2 - )
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RemoteComms driver (Version: 1.30.0002 - PLX Technology)
R-Wipe&Clean 9.5 (Version:  - R-tools Technology Inc.)
Sniper Ghost Warrior 2 (Version: 1.03 -)
Steganos Privacy Suite 11 (Version: 11.1.5 - Steganos GmbH)
SurfMusik 3.1a (Version: 3.1a -)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
T-Online 6.0 (Version:  - )
TrueCrypt (Version: 7.1a - TrueCrypt Foundation)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.00 beta 5 (32-bit) (Version: 4.00.5 - win.rar GmbH)
XMedia Recode 3.0.7.0 (Version: 3.0.7.0 - Sebastian Dörfler)
XnView 1.97.8 (Version: 1.97.8 - Gougelet Pierre-e)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:04 - 2014-01-12 22:15 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1275B821-930A-46EA-80BE-1443801C3AF0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1CA5EC50-28CC-4FD8-A916-EB3BC5CE6BE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {34648485-54AF-4FD2-9CEF-7956CD9459C7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {42E0DCF4-D306-4279-9539-4DF82845AC29} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {5CA3A2EA-1A29-47F1-9435-1CAE4EF62868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-30] (Google Inc.)
Task: {8E56AAA0-130C-4298-80A1-850EAC640D4B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C85FD613-659B-4F43-BA58-54A9B28184E8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3890508110-2655207991-1190221819-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {E382EEF5-B0F2-4DD7-B9EF-DB435024EB68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-30] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4400} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)

Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2801} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)


System errors:
=============
Error: (01/13/2014 09:59:10 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (01/13/2014 09:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2014 09:59:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2014 10:38:01 AM) (Source: Service Control Manager) (User: )
Description: Dienst "JMB36X" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/13/2014 09:56:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2014 09:56:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473536.

Error: (01/13/2014 09:55:55 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (01/13/2014 09:55:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2014 09:55:54 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/13/2014 09:56:07 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (01/13/2014 09:56:02 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.   0xc0041801 (0xc0041801)
2801


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 3325.55 MB
Available physical RAM: 2105.7 MB
Total Pagefile: 6649.4 MB
Available Pagefile: 5098.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1878.63 MB

==================== Drives ================================

Drive c: (CeeeSystem) (Fixed) (Total:198.36 GB) (Free:33.99 GB) NTFS
Drive d: (SpielSystem) (Fixed) (Total:91.67 GB) (Free:3.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:100.71 GB) (Free:55.45 GB) NTFS
Drive g: (Ext 1 SpieleQuelle) (Fixed) (Total:518.36 GB) (Free:140.81 GB) NTFS
Drive h: (Daten) (Fixed) (Total:198.36 GB) (Free:102.17 GB) NTFS
Drive i: (Ext 2 Filme) (Fixed) (Total:292.97 GB) (Free:123.63 GB) NTFS
Drive l: (Ext 4) (Fixed) (Total:292.97 GB) (Free:292.87 GB) NTFS
Drive q: (Spiele Quell) (Fixed) (Total:198.36 GB) (Free:56.22 GB) NTFS
Drive w: (Safe) (Fixed) (Total:144.05 GB) (Free:143.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C33F8195)
Partition 1: (Active) - (Size=92 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=198 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=443 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:42 on 13/01/2014 (Plankton)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.13.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Plankton :: PLANKTON-PC [Administrator]

Schutz: Aktiviert

13.01.2014 23:24:09
MBAM-log-2014-01-13 (23-29-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209140
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________
Alt 14.01.2014, 09:27   #4
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-13 22:50:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EALX-009BA0 rev.15.01H15 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Plankton\AppData\Local\Temp\uwtcakod.sys


---- System - GMER 2.1 ----

SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwAdjustPrivilegesToken [0x91438FB0]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwAlpcConnectPort [0x9143919C]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwConnectPort [0x91438310]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwCreateFile [0x91438C16]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwCreateSection [0x914389CA]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwCreateSymbolicLinkObject [0x91439D14]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwCreateThread [0x91437CFC]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwCreateThreadEx [0x914393CA]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwLoadDriver [0x91439746]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwMakeTemporaryObject [0x914385D8]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwOpenFile [0x91438DF2]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwOpenSection [0x91438872]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwSetSystemInformation [0x91439A32]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwShutdownSystem [0x91438542]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwSystemDebugControl [0x9143875E]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwTerminateProcess [0x91438112]
SSDT   \SystemRoot\System32\DRIVERS\cmdguard.sys                                                                                           ZwTerminateThread [0x91437F00]

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                            8344EA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                              83488212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                                                 8348F46C 4 Bytes  [B0, 8F, 43, 91] {MOV AL, 0x8f; INC EBX; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                                 8348F494 4 Bytes  [9C, 91, 43, 91] {PUSHF ; XCHG ECX, EAX; INC EBX; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                                                 8348F528 4 Bytes  [10, 83, 43, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11AF                                                                                                 8348F544 4 Bytes  [16, 8C, 43, 91] {PUSH SS; MOV [EBX-0x6f], ES}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                 8348F58C 4 Bytes  [CA, 89, 43, 91] {RETF 0x4389; XCHG ECX, EAX}
.text  ...                                                                                                                                 
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                            section is writeable [0x9262B000, 0x136CEC, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\Dwm.exe[364] ntdll.dll!NtAlpcSendWaitReceivePort                                                                77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] ntdll.dll!NtClose                                                                                  77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] ntdll.dll!LdrUnloadDll                                                                             7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] ntdll.dll!LdrLoadDll                                                                               770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] kernel32.dll!CreateProcessW                                                                        755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] kernel32.dll!CreateProcessA                                                                        755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] kernel32.dll!CreateProcessAsUserW                                                                  756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] GDI32.dll!DeleteDC                                                                                 75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] GDI32.dll!GetPixel                                                                                 75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] GDI32.dll!CreateDCA                                                                                75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] GDI32.dll!CreateDCW                                                                                75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\Dwm.exe[364] ADVAPI32.dll!CreateProcessAsUserA                                                                  75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\csrss.exe[500] ntdll.dll!NtAlpcSendWaitReceivePort                                                              77045458 5 Bytes  JMP 75061BA0 C:\Windows\system32\cmdcsr.dll
.text  C:\Windows\system32\csrss.exe[500] ntdll.dll!NtReplyWaitReceivePort                                                                 77046458 5 Bytes  JMP 75061450 C:\Windows\system32\cmdcsr.dll
.text  C:\Windows\system32\csrss.exe[500] ntdll.dll!NtReplyWaitReceivePortEx                                                               77046468 5 Bytes  JMP 750617F0 C:\Windows\system32\cmdcsr.dll
.text  C:\Windows\Explorer.EXE[512] ntdll.dll!NtAlpcSendWaitReceivePort                                                                    77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] ntdll.dll!NtClose                                                                                      77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] ntdll.dll!LdrUnloadDll                                                                                 7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] ntdll.dll!LdrLoadDll                                                                                   770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] kernel32.dll!CreateProcessW                                                                            755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] kernel32.dll!CreateProcessA                                                                            755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] kernel32.dll!CreateProcessAsUserW                                                                      756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] ADVAPI32.dll!CreateProcessAsUserA                                                                      75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] GDI32.dll!DeleteDC                                                                                     75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] GDI32.dll!GetPixel                                                                                     75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] GDI32.dll!CreateDCA                                                                                    75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\Explorer.EXE[512] GDI32.dll!CreateDCW                                                                                    75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] ntdll.dll!NtAlpcSendWaitReceivePort                                                            77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] ntdll.dll!NtClose                                                                              77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] ntdll.dll!LdrUnloadDll                                                                         7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] ntdll.dll!LdrLoadDll                                                                           770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] kernel32.dll!CreateProcessW                                                                    755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] kernel32.dll!CreateProcessA                                                                    755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] kernel32.dll!CreateProcessAsUserW                                                              756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!RegisterRawInputDevices                                                             76F35B52 5 Bytes  JMP 10018F00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SystemParametersInfoA                                                               76F380E0 7 Bytes  JMP 1001C690 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SetParent                                                                           76F38314 5 Bytes  JMP 10018980 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!EnableWindow                                                                        76F38D02 5 Bytes  JMP 10017EA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!MoveWindow                                                                          76F38D29 5 Bytes  JMP 10018C20 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!GetAsyncKeyState                                                                    76F3A256 5 Bytes  JMP 10019120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!RegisterHotKey                                                                      76F3AA19 5 Bytes  JMP 10018140 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!PostThreadMessageA                                                                  76F3AD09 5 Bytes  JMP 1001B980 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendMessageA                                                                        76F3AD60 5 Bytes  JMP 1001B440 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!PostMessageA                                                                        76F3B446 5 Bytes  JMP 1001BEC0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendNotifyMessageW                                                                  76F3C88A 5 Bytes  JMP 1001A160 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SystemParametersInfoW                                                               76F3E09A 7 Bytes  JMP 1001C470 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExW                                                                   76F3E30C 5 Bytes  JMP 1001C8B0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendMessageTimeoutW                                                                 76F3E459 5 Bytes  JMP 1001AC20 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!PostThreadMessageW                                                                  76F3EEFC 5 Bytes  JMP 1001B6E0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SetWinEventHook                                                                     76F424DC 5 Bytes  JMP 1001C160 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!GetKeyState                                                                         76F42B4D 5 Bytes  JMP 100193D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendMessageCallbackW                                                                76F42F7B 5 Bytes  JMP 1001A6A0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!PostMessageW                                                                        76F4447B 5 Bytes  JMP 1001BC20 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendMessageW                                                                        76F45539 5 Bytes  JMP 1001B1A0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!GetClipboardData                                                                    76F52BA7 5 Bytes  JMP 10018370 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendNotifyMessageA                                                                  76F5493C 5 Bytes  JMP 1001A400 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!mouse_event                                                                         76F56209 5 Bytes  JMP 100297C0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SetClipboardViewer                                                                  76F56FF6 5 Bytes  JMP 10018780 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendDlgItemMessageW                                                                 76F570D8 5 Bytes  JMP 10019C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendDlgItemMessageA                                                                 76F57241 5 Bytes  JMP 10019EB0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!GetKeyboardState                                                                    76F66946 5 Bytes  JMP 10019680 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!BlockInput                                                                          76F66A99 5 Bytes  JMP 10018580 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExA                                                                   76F66D0C 5 Bytes  JMP 1001CB20 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendMessageTimeoutA                                                                 76F66DA9 5 Bytes  JMP 1001AEE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendInput                                                                           76F67019 5 Bytes  JMP 10019930 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!ExitWindowsEx                                                                       76F806C7 5 Bytes  JMP 10017C90 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!keybd_event                                                                         76F8EC3B 5 Bytes  JMP 100299D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] USER32.dll!SendMessageCallbackA                                                                76F93E8B 5 Bytes  JMP 1001A960 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!DeleteDC                                                                             75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!BitBlt                                                                               75A972C0 5 Bytes  JMP 10029530 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!GetPixel                                                                             75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!MaskBlt                                                                              75A9C7AD 5 Bytes  JMP 10029280 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!CreateDCA                                                                            75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!CreateDCW                                                                            75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!StretchBlt                                                                           75A9F467 5 Bytes  JMP 10028D50 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] GDI32.dll!PlgBlt                                                                               75AB026A 5 Bytes  JMP 10028FF0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wininit.exe[608] ADVAPI32.dll!CreateProcessAsUserA                                                              75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\csrss.exe[616] ntdll.dll!NtAlpcSendWaitReceivePort                                                              77045458 5 Bytes  JMP 75061BA0 C:\Windows\system32\cmdcsr.dll
.text  C:\Windows\system32\csrss.exe[616] ntdll.dll!NtReplyWaitReceivePort                                                                 77046458 5 Bytes  JMP 75061450 C:\Windows\system32\cmdcsr.dll
.text  C:\Windows\system32\csrss.exe[616] ntdll.dll!NtReplyWaitReceivePortEx                                                               77046468 5 Bytes  JMP 750617F0 C:\Windows\system32\cmdcsr.dll
.text  C:\Windows\system32\taskhost.exe[620] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\taskhost.exe[620] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] services.exe                                                                                  00981608 4 Bytes  [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX}
.text  C:\Windows\system32\services.exe[668] services.exe                                                                                  00981618 4 Bytes  [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX}
.text  C:\Windows\system32\services.exe[668] services.exe                                                                                  00981638 4 Bytes  [40, E5, 01, 10]
.text  C:\Windows\system32\services.exe[668] services.exe                                                                                  00981648 4 Bytes  [80, DF, 01, 10]
.text  C:\Windows\system32\services.exe[668] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] RPCRT4.dll!RpcServerRegisterIfEx                                                              753908A4 5 Bytes  JMP 1001F870 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\services.exe[668] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] ntdll.dll!NtAlpcSendWaitReceivePort                                                              77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] ntdll.dll!NtClose                                                                                77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] ntdll.dll!LdrUnloadDll                                                                           7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] ntdll.dll!LdrLoadDll                                                                             770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateProcessW                                                                      755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateProcessA                                                                      755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] kernel32.dll!CreateProcessAsUserW                                                                756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] GDI32.dll!DeleteDC                                                                               75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] GDI32.dll!GetPixel                                                                               75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] GDI32.dll!CreateDCA                                                                              75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] GDI32.dll!CreateDCW                                                                              75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!CreateProcessAsUserA                                                                75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] ntdll.dll!NtAlpcSendWaitReceivePort                                                                77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] ntdll.dll!NtClose                                                                                  77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] ntdll.dll!LdrUnloadDll                                                                             7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] ntdll.dll!LdrLoadDll                                                                               770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] kernel32.dll!CreateProcessW                                                                        755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] kernel32.dll!CreateProcessA                                                                        755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] kernel32.dll!CreateProcessAsUserW                                                                  756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] GDI32.dll!DeleteDC                                                                                 75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] GDI32.dll!GetPixel                                                                                 75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] GDI32.dll!CreateDCA                                                                                75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] GDI32.dll!CreateDCW                                                                                75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\lsm.exe[736] ADVAPI32.dll!CreateProcessAsUserA                                                                  75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] ntdll.dll!NtAlpcSendWaitReceivePort                                                      77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] ntdll.dll!NtClose                                                                        77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] ntdll.dll!LdrUnloadDll                                                                   7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] ntdll.dll!LdrLoadDll                                                                     770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] kernel32.dll!CreateProcessW                                                              755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] kernel32.dll!CreateProcessA                                                              755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] kernel32.dll!CreateProcessAsUserW                                                        756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] GDI32.dll!DeleteDC                                                                       75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] GDI32.dll!GetPixel                                                                       75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] GDI32.dll!CreateDCA                                                                      75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] GDI32.dll!CreateDCW                                                                      75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wbem\wmiprvse.exe[804] ADVAPI32.dll!CreateProcessAsUserA                                                        75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] ntdll.dll!NtAlpcSendWaitReceivePort                                                            77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] ntdll.dll!NtClose                                                                              77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll                                                                         7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll                                                                           770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessW                                                                    755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessA                                                                    755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessAsUserW                                                              756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] RPCRT4.dll!RpcServerRegisterIfEx                                                               753908A4 5 Bytes  JMP 1001F870 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] GDI32.dll!DeleteDC                                                                             75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] GDI32.dll!GetPixel                                                                             75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] GDI32.dll!CreateDCA                                                                            75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] GDI32.dll!CreateDCW                                                                            75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserA                                                              75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] ntdll.dll!NtAlpcSendWaitReceivePort                                                            77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] ntdll.dll!NtClose                                                                              77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll                                                                         7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll                                                                           770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessW                                                                    755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessA                                                                    755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessAsUserW                                                              756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] RPCRT4.dll!RpcServerRegisterIfEx                                                               753908A4 5 Bytes  JMP 1001F870 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] GDI32.dll!DeleteDC                                                                             75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] GDI32.dll!GetPixel                                                                             75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] GDI32.dll!CreateDCA                                                                            75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] GDI32.dll!CreateDCW                                                                            75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateProcessAsUserA                                                              75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[928] rpcss.dll!CoGetComCatalog                                                                      744935EC 8 Bytes  JMP EDF01001 
.text  C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1000] ntdll.dll!NtAllocateVirtualMemory                               77045318 5 Bytes  JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text  C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1000] ntdll.dll!NtCreateFile                                          77045608 5 Bytes  JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] ntdll.dll!NtAlpcSendWaitReceivePort                      77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] ntdll.dll!NtClose                                        77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] ntdll.dll!LdrUnloadDll                                   7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] ntdll.dll!LdrLoadDll                                     770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] kernel32.dll!CreateProcessW                              755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] kernel32.dll!CreateProcessA                              755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] kernel32.dll!CreateProcessAsUserW                        756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] GDI32.dll!DeleteDC                                       75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] GDI32.dll!GetPixel                                       75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] GDI32.dll!CreateDCA                                      75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] GDI32.dll!CreateDCW                                      75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe[1016] ADVAPI32.dll!CreateProcessAsUserA                        75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] ntdll.dll!NtAlpcSendWaitReceivePort                                                          77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] ntdll.dll!NtClose                                                                            77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] ntdll.dll!LdrUnloadDll                                                                       7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] ntdll.dll!LdrLoadDll                                                                         770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] kernel32.dll!CreateProcessW                                                                  755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] kernel32.dll!CreateProcessA                                                                  755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] kernel32.dll!CreateProcessAsUserW                                                            756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] GDI32.dll!DeleteDC                                                                           75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] GDI32.dll!GetPixel                                                                           75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] GDI32.dll!CreateDCA                                                                          75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] GDI32.dll!CreateDCW                                                                          75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atiesrxx.exe[1120] ADVAPI32.dll!CreateProcessAsUserA                                                            75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] RPCRT4.dll!RpcServerRegisterIfEx                                                              753908A4 5 Bytes  JMP 1001F870 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!NtAlpcSendWaitReceivePort                                                          77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!NtClose                                                                            77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!LdrUnloadDll                                                                       7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!LdrLoadDll                                                                         770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] kernel32.dll!CreateProcessW                                                                  755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] kernel32.dll!CreateProcessA                                                                  755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] kernel32.dll!CreateProcessAsUserW                                                            756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] GDI32.dll!DeleteDC                                                                           75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] GDI32.dll!GetPixel                                                                           75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] GDI32.dll!CreateDCA                                                                          75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] GDI32.dll!CreateDCW                                                                          75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!CreateProcessAsUserA                                                            75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\spoolsv.exe[1760] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] RPCRT4.dll!RpcServerRegisterIfEx                                                              753908A4 5 Bytes  JMP 1001F870 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] ntdll.dll!NtAlpcSendWaitReceivePort                                                77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] ntdll.dll!NtClose                                                                  77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] ntdll.dll!LdrUnloadDll                                                             7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] ntdll.dll!LdrLoadDll                                                               770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] kernel32.dll!CreateProcessW                                                        755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] kernel32.dll!CreateProcessA                                                        755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] kernel32.dll!CreateProcessAsUserW                                                  756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] GDI32.dll!DeleteDC                                                                 75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] GDI32.dll!GetPixel                                                                 75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] GDI32.dll!CreateDCA                                                                75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] GDI32.dll!CreateDCW                                                                75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMConfig.exe[1964] ADVAPI32.dll!CreateProcessAsUserA                                                  75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] ntdll.dll!NtAlpcSendWaitReceivePort  77045458 5 Bytes  JMP 0115B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] ntdll.dll!NtClose                    77045508 5 Bytes  JMP 0114D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] ntdll.dll!LdrUnloadDll               7705C8DE 7 Bytes  JMP 0114D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] ntdll.dll!LdrLoadDll                 770622AE 5 Bytes  JMP 01157F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] kernel32.dll!CreateProcessW          755F204D 5 Bytes  JMP 01155070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] kernel32.dll!CreateProcessA          755F2082 5 Bytes  JMP 01155C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] kernel32.dll!CreateProcessAsUserW    756259FF 5 Bytes  JMP 01153BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] GDI32.dll!DeleteDC                   75A96EAA 5 Bytes  JMP 01158D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] GDI32.dll!GetPixel                   75A9C3D5 5 Bytes  JMP 01158AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] GDI32.dll!CreateDCA                  75A9CCA9 5 Bytes  JMP 01159E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] GDI32.dll!CreateDCW                  75A9CF79 5 Bytes  JMP 01159D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1972] ADVAPI32.dll!CreateProcessAsUserA    75B22642 5 Bytes  JMP 011544D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] ntdll.dll!NtAlpcSendWaitReceivePort                                            77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] ntdll.dll!NtClose                                                              77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] ntdll.dll!LdrUnloadDll                                                         7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] ntdll.dll!LdrLoadDll                                                           770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] kernel32.dll!CreateProcessW                                                    755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] kernel32.dll!CreateProcessA                                                    755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] kernel32.dll!CreateProcessAsUserW                                              756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] GDI32.dll!DeleteDC                                                             75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] GDI32.dll!GetPixel                                                             75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] GDI32.dll!CreateDCA                                                            75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] GDI32.dll!CreateDCW                                                            75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\StartAutorun.exe[1992] ADVAPI32.dll!CreateProcessAsUserA                                              75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] ntdll.dll!NtAlpcSendWaitReceivePort                                               77045458 5 Bytes  JMP 005AB670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] ntdll.dll!NtClose                                                                 77045508 5 Bytes  JMP 0059D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] ntdll.dll!LdrUnloadDll                                                            7705C8DE 7 Bytes  JMP 0059D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] ntdll.dll!LdrLoadDll                                                              770622AE 5 Bytes  JMP 005A7F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] kernel32.dll!CreateProcessW                                                       755F204D 5 Bytes  JMP 005A5070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] kernel32.dll!CreateProcessA                                                       755F2082 5 Bytes  JMP 005A5C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] kernel32.dll!CreateProcessAsUserW                                                 756259FF 5 Bytes  JMP 005A3BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] ADVAPI32.dll!CreateProcessAsUserA                                                 75B22642 5 Bytes  JMP 005A44D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] GDI32.dll!DeleteDC                                                                75A96EAA 5 Bytes  JMP 005A8D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] GDI32.dll!GetPixel                                                                75A9C3D5 5 Bytes  JMP 005A8AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] GDI32.dll!CreateDCA                                                               75A9CCA9 5 Bytes  JMP 005A9E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMProcess.exe[2088] GDI32.dll!CreateDCW                                                               75A9CF79 5 Bytes  JMP 005A9D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] ntdll.dll!NtAlpcSendWaitReceivePort                              77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] ntdll.dll!NtClose                                                77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] ntdll.dll!LdrUnloadDll                                           7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] ntdll.dll!LdrLoadDll                                             770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] kernel32.dll!CreateProcessW                                      755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] kernel32.dll!CreateProcessA                                      755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] kernel32.dll!CreateProcessAsUserW                                756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] ADVAPI32.dll!CreateProcessAsUserA                                75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] GDI32.dll!DeleteDC                                               75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] GDI32.dll!GetPixel                                               75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] GDI32.dll!CreateDCA                                              75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe[2096] GDI32.dll!CreateDCW                                              75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] ntdll.dll!NtAlpcSendWaitReceivePort                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] ntdll.dll!NtClose                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] ntdll.dll!LdrUnloadDll                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] ntdll.dll!LdrLoadDll                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] kernel32.dll!CreateProcessW                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] kernel32.dll!CreateProcessA                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] kernel32.dll!CreateProcessAsUserW                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] ADVAPI32.dll!CreateProcessAsUserA                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] GDI32.dll!DeleteDC                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] GDI32.dll!GetPixel                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] GDI32.dll!CreateDCA                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2112] GDI32.dll!CreateDCW                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] ntdll.dll!NtAlpcSendWaitReceivePort                             77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] ntdll.dll!NtClose                                               77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] ntdll.dll!LdrUnloadDll                                          7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] ntdll.dll!LdrLoadDll                                            770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] KERNEL32.dll!CreateProcessW                                     755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] KERNEL32.dll!CreateProcessA                                     755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] KERNEL32.dll!CreateProcessAsUserW                               756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] GDI32.dll!DeleteDC                                              75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] GDI32.dll!GetPixel                                              75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] GDI32.dll!CreateDCA                                             75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] GDI32.dll!CreateDCW                                             75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2172] ADVAPI32.dll!CreateProcessAsUserA                               75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] ntdll.dll!NtAlpcSendWaitReceivePort                     77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] ntdll.dll!NtClose                                       77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] ntdll.dll!LdrUnloadDll                                  7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] ntdll.dll!LdrLoadDll                                    770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] kernel32.dll!CreateProcessW                             755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] kernel32.dll!CreateProcessA                             755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] kernel32.dll!CreateProcessAsUserW                       756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] GDI32.dll!DeleteDC                                      75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] GDI32.dll!GetPixel                                      75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] GDI32.dll!CreateDCA                                     75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] GDI32.dll!CreateDCW                                     75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe[2188] ADVAPI32.dll!CreateProcessAsUserA                       75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] ntdll.dll!NtAlpcSendWaitReceivePort                                    77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] ntdll.dll!NtClose                                                      77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] ntdll.dll!LdrUnloadDll                                                 7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] ntdll.dll!LdrLoadDll                                                   770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] kernel32.dll!CreateProcessW                                            755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] kernel32.dll!CreateProcessA                                            755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] kernel32.dll!CreateProcessAsUserW                                      756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] GDI32.dll!DeleteDC                                                     75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] GDI32.dll!GetPixel                                                     75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] GDI32.dll!CreateDCA                                                    75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] GDI32.dll!CreateDCW                                                    75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2432] ADVAPI32.dll!CreateProcessAsUserA                                      75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] ntdll.dll!NtAlpcSendWaitReceivePort                                                     77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] ntdll.dll!NtClose                                                                       77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] ntdll.dll!LdrUnloadDll                                                                  7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] ntdll.dll!LdrLoadDll                                                                    770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] kernel32.dll!CreateProcessW                                                             755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] kernel32.dll!CreateProcessA                                                             755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] kernel32.dll!CreateProcessAsUserW                                                       756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] ADVAPI32.dll!CreateProcessAsUserA                                                       75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] GDI32.dll!DeleteDC                                                                      75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] GDI32.dll!GetPixel                                                                      75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] GDI32.dll!CreateDCA                                                                     75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\SearchIndexer.exe[2468] GDI32.dll!CreateDCW                                                                     75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] ntdll.dll!NtAlpcSendWaitReceivePort                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] ntdll.dll!NtClose                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] ntdll.dll!LdrUnloadDll                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] ntdll.dll!LdrLoadDll                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] kernel32.dll!CreateProcessW                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] kernel32.dll!CreateProcessA                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] kernel32.dll!CreateProcessAsUserW                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] ADVAPI32.dll!CreateProcessAsUserA                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] GDI32.dll!DeleteDC                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] GDI32.dll!GetPixel                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] GDI32.dll!CreateDCA                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2500] GDI32.dll!CreateDCW                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2568] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] ntdll.dll!NtAlpcSendWaitReceivePort                                                         77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] ntdll.dll!NtClose                                                                           77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] ntdll.dll!LdrUnloadDll                                                                      7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] ntdll.dll!LdrLoadDll                                                                        770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] kernel32.dll!CreateProcessW                                                                 755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] kernel32.dll!CreateProcessA                                                                 755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] kernel32.dll!CreateProcessAsUserW                                                           756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] GDI32.dll!DeleteDC                                                                          75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] GDI32.dll!GetPixel                                                                          75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] GDI32.dll!CreateDCA                                                                         75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] GDI32.dll!CreateDCW                                                                         75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\XSrvSetup.exe[2608] ADVAPI32.dll!CreateProcessAsUserA                                                           75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] ntdll.dll!NtAlpcSendWaitReceivePort                                                 77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] ntdll.dll!NtClose                                                                   77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] ntdll.dll!LdrUnloadDll                                                              7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] ntdll.dll!LdrLoadDll                                                                770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] kernel32.dll!CreateProcessW                                                         755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] kernel32.dll!CreateProcessA                                                         755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] kernel32.dll!CreateProcessAsUserW                                                   756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] ADVAPI32.dll!CreateProcessAsUserA                                                   75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] GDI32.dll!DeleteDC                                                                  75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] GDI32.dll!GetPixel                                                                  75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] GDI32.dll!CreateDCA                                                                 75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Mouse Driver\KMWDSrv.exe[2644] GDI32.dll!CreateDCW                                                                 75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] ntdll.dll!NtAlpcSendWaitReceivePort                                      77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] ntdll.dll!NtClose                                                        77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] ntdll.dll!LdrUnloadDll                                                   7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] ntdll.dll!LdrLoadDll                                                     770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] kernel32.dll!CreateProcessW                                              755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text

Alt 14.01.2014, 09:31   #5
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Code:
ATTFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] kernel32.dll!CreateProcessA                                              755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] kernel32.dll!CreateProcessAsUserW                                        756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] ADVAPI32.dll!CreateProcessAsUserA                                        75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] GDI32.dll!DeleteDC                                                       75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] GDI32.dll!GetPixel                                                       75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] GDI32.dll!CreateDCA                                                      75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2680] GDI32.dll!CreateDCW                                                      75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] ntdll.dll!NtAlpcSendWaitReceivePort                                             77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] ntdll.dll!NtClose                                                               77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] ntdll.dll!LdrUnloadDll                                                          7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] ntdll.dll!LdrLoadDll                                                            770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] kernel32.dll!CreateProcessW                                                     755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] kernel32.dll!CreateProcessA                                                     755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] kernel32.dll!CreateProcessAsUserW                                               756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] GDI32.dll!DeleteDC                                                              75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] GDI32.dll!GetPixel                                                              75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] GDI32.dll!CreateDCA                                                             75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] GDI32.dll!CreateDCW                                                             75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Megatech\MProtect\MPServ.EXE[2784] ADVAPI32.dll!CreateProcessAsUserA                                               75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] ntdll.dll!NtAlpcSendWaitReceivePort                          77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] ntdll.dll!NtClose                                            77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] ntdll.dll!LdrUnloadDll                                       7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] ntdll.dll!LdrLoadDll                                         770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] kernel32.dll!CreateProcessW                                  755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] kernel32.dll!CreateProcessA                                  755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] kernel32.dll!CreateProcessAsUserW                            756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] GDI32.dll!DeleteDC                                           75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] GDI32.dll!GetPixel                                           75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] GDI32.dll!CreateDCA                                          75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] GDI32.dll!CreateDCW                                          75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[2892] ADVAPI32.dll!CreateProcessAsUserA                            75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\svchost.exe[2924] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] ntdll.dll!NtAlpcSendWaitReceivePort                                  77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] ntdll.dll!NtClose                                                    77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] ntdll.dll!LdrUnloadDll                                               7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] ntdll.dll!LdrLoadDll                                                 770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] kernel32.dll!CreateProcessW                                          755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] kernel32.dll!CreateProcessA                                          755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] kernel32.dll!CreateProcessAsUserW                                    756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] GDI32.dll!DeleteDC                                                   75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] GDI32.dll!GetPixel                                                   75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] GDI32.dll!CreateDCA                                                  75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] GDI32.dll!CreateDCW                                                  75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe[3428] ADVAPI32.dll!CreateProcessAsUserA                                    75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] ntdll.dll!NtAlpcSendWaitReceivePort                                        77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] ntdll.dll!NtClose                                                          77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] ntdll.dll!LdrUnloadDll                                                     7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] ntdll.dll!LdrLoadDll                                                       770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] kernel32.dll!CreateProcessW                                                755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] kernel32.dll!CreateProcessA                                                755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] kernel32.dll!CreateProcessAsUserW                                          756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] ADVAPI32.dll!CreateProcessAsUserA                                          75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] GDI32.dll!DeleteDC                                                         75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] GDI32.dll!GetPixel                                                         75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] GDI32.dll!CreateDCA                                                        75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\Windows Media Player\wmpnetwk.exe[3708] GDI32.dll!CreateDCW                                                        75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] ntdll.dll!NtAlpcSendWaitReceivePort                             77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] ntdll.dll!NtClose                                               77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] ntdll.dll!LdrUnloadDll                                          7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] ntdll.dll!LdrLoadDll                                            770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] KERNEL32.dll!CreateProcessW                                     755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] KERNEL32.dll!CreateProcessA                                     755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] KERNEL32.dll!CreateProcessAsUserW                               756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] GDI32.dll!DeleteDC                                              75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] GDI32.dll!GetPixel                                              75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] GDI32.dll!CreateDCA                                             75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] GDI32.dll!CreateDCW                                             75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3852] ADVAPI32.dll!CreateProcessAsUserA                               75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] ntdll.dll!NtAlpcSendWaitReceivePort                                              77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] ntdll.dll!NtClose                                                                77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] ntdll.dll!LdrUnloadDll                                                           7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] ntdll.dll!LdrLoadDll                                                             770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] kernel32.dll!CreateProcessW                                                      755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] kernel32.dll!CreateProcessA                                                      755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] kernel32.dll!CreateProcessAsUserW                                                756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] GDI32.dll!DeleteDC                                                               75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] GDI32.dll!GetPixel                                                               75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] GDI32.dll!CreateDCA                                                              75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] GDI32.dll!CreateDCW                                                              75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Users\Plankton\Desktop\gmer_2.1.19163.exe[4476] ADVAPI32.dll!CreateProcessAsUserA                                                75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\AUDIODG.EXE[4592] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] ntdll.dll!NtAlpcSendWaitReceivePort                                                          77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] ntdll.dll!NtClose                                                                            77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] ntdll.dll!LdrUnloadDll                                                                       7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] ntdll.dll!LdrLoadDll                                                                         770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] kernel32.dll!CreateProcessW                                                                  755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] kernel32.dll!CreateProcessA                                                                  755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] kernel32.dll!CreateProcessAsUserW                                                            756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] ADVAPI32.dll!CreateProcessAsUserA                                                            75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] GDI32.dll!DeleteDC                                                                           75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] GDI32.dll!GetPixel                                                                           75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] GDI32.dll!CreateDCA                                                                          75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\System32\WUDFHost.exe[5088] GDI32.dll!CreateDCW                                                                          75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] ntdll.dll!NtAlpcSendWaitReceivePort                                                           77045458 5 Bytes  JMP 1002B670 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] ntdll.dll!NtClose                                                                             77045508 5 Bytes  JMP 1001D120 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] ntdll.dll!LdrUnloadDll                                                                        7705C8DE 7 Bytes  JMP 1001D240 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] ntdll.dll!LdrLoadDll                                                                          770622AE 5 Bytes  JMP 10027F40 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] kernel32.dll!CreateProcessW                                                                   755F204D 5 Bytes  JMP 10025070 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] kernel32.dll!CreateProcessA                                                                   755F2082 5 Bytes  JMP 10025C00 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] kernel32.dll!CreateProcessAsUserW                                                             756259FF 5 Bytes  JMP 10023BA0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] GDI32.dll!DeleteDC                                                                            75A96EAA 5 Bytes  JMP 10028D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] GDI32.dll!GetPixel                                                                            75A9C3D5 5 Bytes  JMP 10028AE0 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] GDI32.dll!CreateDCA                                                                           75A9CCA9 5 Bytes  JMP 10029E10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] GDI32.dll!CreateDCW                                                                           75A9CF79 5 Bytes  JMP 10029D10 C:\Windows\system32\guard32.dll
.text  C:\Windows\system32\wuauclt.exe[5096] ADVAPI32.dll!CreateProcessAsUserA                                                             75B22642 5 Bytes  JMP 100244D0 C:\Windows\system32\guard32.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d0c19d                                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167d0c19d@001979817fe1                                            0x86 0xCB 0x1E 0x8C ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d0c19d (not active ControlSet)                                     
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167d0c19d@001979817fe1                                                0x86 0xCB 0x1E 0x8C ...
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                               
Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL                                               C1002811EB406DA0548B8892F2111378B2F4977D6F4261C5F5B329B0C141760DF11FBF0620FEA63C1551616203C51C58D1DE7B8493CDFBFDA5D953B5B82CA1369FA308B92B926F8F8195A7A19C589E9572F4CE5A6D56B40DB5335E9BF215748680073A9F4FCBEFBCD4CF1EA7D6279EC86DC87F5985E8881E428E81E589D5825F15F3F37ED470777A8AA5EAA24804C19CE11FDAB6E4059772AA6F526A973A06361A4BB6F20B3A7711E4F51894123854D0B0F216779B2027DC900B50D43C83FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933BA7FD869164D67942CD01325DFAD96B88F9D946D858BAC1601E06E5663C3BD3D01011C4A947AF54CB68D753AE9C28AE312BFA4A75D47BA8E0D4839F19340670675F149016F3E393542139839AF44DA1D024ADDB82BA9B97D58110C770ADCDED3022035219CE05921F197F750BC2E2D117D087B11C257E0DC16BC803203810F0D135FFDF164AE8F058CE752E781D3ADDE43DB7ED15C456D1720E0F7A39F69638B3D9B83EF6F471A47FCE12818D05A0A1B373829D116BE9E8F742696FE66A5CB9E35536C4DCDA1B942D279C12E613CF4CC61A6821CEDE2B61A314AC4A940983E88D496A1EC7104B446BF36A7ADCE4724F1ED42D5EEC9A37E009C1

---- EOF - GMER 2.1 ----
Sorry, aber ich hatte das Rautesymbol nicht gefunden.
Ich melde mich erst heute Abend wieder, habe Spätschicht.
Danke schonmal für die Mühe.
lG Udo


Alt 15.01.2014, 09:14   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu

Alt 15.01.2014, 09:33   #7
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Guten Morgen,
ComboFix meckert wirklich: "c:\ComboFix\CF23163.3XE konnte nicht gefunden werden."
In dem Ordner ComboFix gibts nur die Datei CF18153.3XE.

Gruß Udo

Alt 16.01.2014, 08:25   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Combofix löschen und neu laden, auf den Desktop, und bitte nochmal versuchen. Klappt es nit bitte ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.01.2014, 21:51   #9
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Klappt leider nicht mit ComboFix.
Hier ein neues FRST log
Gruß Udo

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03
Ran by Plankton (administrator) on PLANKTON-PC on 16-01-2014 21:42:30
Running from C:\Users\Plankton\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [SSS2009 HotKeys] - C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe [80896 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [SSS2009 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKCU\...\Run: [SSS2009 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [49664 2010-06-22] (Steganos GmbH)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-22] (Piriform Ltd)
HKCU\...\Run: [csrv.exe] - C:\Users\Plankton\AppData\Roaming\hJQMZ3mL\local.exe [375808 2013-10-24] (Company)
MountPoints2: {29787b2f-f88d-11e2-90ff-1c6f654c8f4a} - F:\LGAutoRun.exe
MountPoints2: {a41b7b0a-5c9d-11e0-aa00-1c6f654c8f4a} - G:\LaunchU3.exe -a
MountPoints2: {a64e5b69-9767-11e1-a8b4-1c6f654c8f4a} - G:\NokiaPCIA_Autorun.exe
AppInit_DLLs: C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9A19B427225CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "backup.ftp", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ftp_port", 7808
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.socks_port", 7808
FF NetworkProxy: "backup.ssl", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ssl_port", 7808
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\maps@ovi.com [2012-04-15]
FF Extension: Toolbar Buttons - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-11-05]
FF Extension: FEBE - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-26]
FF Extension: FT DeepDark - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-01-13]
FF Extension: PrefBar - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2014-01-15]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013-12-26]
FF Extension: Context Menu Image Saver - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\cmis@choobin.xpi [2013-12-22]
FF Extension: Fetch Text URL (fix version) - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\fetch.text.url@fix.version.xpi [2013-12-22]
FF Extension: NASA Night Launch - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\nasanightlaunch@example.com.xpi [2013-06-02]
FF Extension: Image Zoom - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: Tab Mix Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-05]
FF Extension: Fetch Text URL [de] - C:\Program Files\Mozilla Firefox\extensions\FetchTextURL_1.6.4_fx+sm_de-DE [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 11\pfplugin [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 11\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 11\spmplugin3 [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-02]

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://de.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2007-01-26] (CACE Technologies)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [53280 2011-08-23] ()
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 gdrv; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-16 21:42 - 2014-01-16 21:42 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-16 21:41 - 2014-01-16 21:41 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 21:40 - 2014-01-16 21:41 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:40 - 2014-01-16 21:40 - 00000056 _____ C:\Windows\setupact.log
2014-01-16 21:40 - 2014-01-16 21:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-15 23:17 - 2014-01-16 00:45 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:34 - 2014-01-15 22:40 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:41 - 2014-01-15 00:42 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-15 10:25 - 00000757 _____ C:\Windows\general.log
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 23:24 - 2014-01-15 10:25 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2014-01-14 22:54 - 2014-01-14 22:55 - 00000000 ____D C:\ProgramData\MicroWorld
2014-01-14 22:52 - 2014-01-14 22:53 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-13 23:48 - 2014-01-14 01:16 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000478 _____ C:\Users\Plankton\Desktop\defogger_disable.log
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 23:35 - 2014-01-16 21:42 - 00015776 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:03 - 2014-01-16 21:42 - 00000000 ____D C:\FRST
2014-01-13 22:03 - 2014-01-13 22:18 - 00020069 _____ C:\Users\Plankton\Desktop\Addition.txt
2014-01-13 22:01 - 2014-01-16 21:42 - 01221120 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 21:25 - 2014-01-12 22:18 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:24 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2014-01-12 21:24 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2014-01-12 21:24 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2014-01-12 21:24 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2014-01-12 21:24 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:26 - 2014-01-16 10:43 - 00013987 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:23 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:57 - 2013-12-26 17:58 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:42 - 2013-12-23 17:47 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-21 13:24 - 2013-12-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-16 21:42 - 2014-01-16 21:42 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-16 21:42 - 2014-01-13 23:35 - 00015776 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-16 21:42 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-16 21:42 - 2014-01-13 22:01 - 01221120 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-16 21:41 - 2014-01-16 21:41 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 21:41 - 2014-01-16 21:40 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:41 - 2011-07-30 17:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 21:40 - 2014-01-16 21:40 - 00000056 _____ C:\Windows\setupact.log
2014-01-16 21:40 - 2014-01-16 21:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 21:40 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 10:52 - 2013-10-10 08:17 - 00009247 _____ C:\Windows\WindowsUpdate.log
2014-01-16 10:52 - 2011-02-28 23:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-16 10:51 - 2011-07-30 17:05 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 10:44 - 2011-02-28 23:52 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\R-Wipe&Clean
2014-01-16 10:43 - 2014-01-12 20:26 - 00013987 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-16 09:51 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 09:51 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 09:49 - 2011-02-28 22:40 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 00:45 - 2014-01-15 23:17 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-15 22:40 - 2014-01-15 22:34 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:25 - 2014-01-14 23:34 - 00000757 _____ C:\Windows\general.log
2014-01-15 10:25 - 2014-01-14 23:24 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:42 - 2014-01-15 00:41 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:34 - 2009-07-14 03:04 - 00000425 _____ C:\Windows\win.ini
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2014-01-14 22:54 - 00000000 ____D C:\ProgramData\MicroWorld
2014-01-14 22:53 - 2014-01-14 22:52 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-14 01:16 - 2014-01-13 23:48 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000478 _____ C:\Users\Plankton\Desktop\defogger_disable.log
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:42 - 2011-02-28 22:37 - 00000000 ____D C:\Users\Plankton
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:18 - 2014-01-13 22:03 - 00020069 _____ C:\Users\Plankton\Desktop\Addition.txt
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 00:40 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\vlc
2014-01-12 23:10 - 2013-12-06 21:42 - 00125716 _____ C:\Windows\PFRO.log
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 22:35 - 2011-05-08 12:42 - 00000000 ____D C:\test
2014-01-12 22:18 - 2014-01-12 21:25 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:27 - 2011-02-28 23:19 - 00000000 ___HD C:\VritualRoot
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-12 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2014-01-12 17:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:27 - 2011-03-05 22:27 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:26 - 2014-01-04 20:23 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-28 19:04 - 2011-03-20 19:42 - 00000000 ____D C:\Program Files\XnView
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:58 - 2013-12-26 17:57 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-26 16:33 - 2013-11-13 17:05 - 00000812 _____ C:\Users\Plankton\Desktop\Körperfettwaage.txt
2013-12-26 14:39 - 2011-10-09 21:10 - 00000000 ____D C:\Hintergrundbilder
2013-12-26 11:52 - 2011-07-22 21:09 - 00000000 ____D C:\E-Mail-Sich
2013-12-25 16:53 - 2013-08-23 08:51 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\TrueCrypt
2013-12-24 02:10 - 2011-02-28 22:50 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\Free Download Manager
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:47 - 2013-12-23 17:42 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-22 12:13 - 2012-04-24 22:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:26 - 2013-12-21 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 16:16

==================== End Of Log ============================
--- --- ---
Alt 17.01.2014, 17:02   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.01.2014, 22:41   #11
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Hallo,
wie gewünscht hier die log-files
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Plankton :: PLANKTON-PC [Administrator]

Schutz: Aktiviert

17.01.2014 20:20:47
mbam-log-2014-01-17 (20-20-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306508
Laufzeit: 39 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 17/01/2014 um 21:13:41
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Plankton - PLANKTON-PC
# Gestartet von : C:\Users\Plankton\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\prefs.js ]


[ Datei : C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\sajtvatg.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Plankton\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [1071 octets] - [17/01/2014 21:12:12]
AdwCleaner[S1].txt - [994 octets] - [17/01/2014 21:13:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1053 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Plankton on 17.01.2014 at 21:30:51,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Plankton\AppData\Roaming\mozilla\firefox\profiles\sajtvatg.default\prefs.js

user_pref("browser.bdtoolbar.search_searchbar", false);
Successfully deleted the following from C:\Users\Plankton\AppData\Roaming\mozilla\firefox\profiles\febeprof.papa\prefs.js

user_pref("browser.bdtoolbar.search_searchbar", false);
Emptied folder: C:\Users\Plankton\AppData\Roaming\mozilla\firefox\profiles\febeprof.papa\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2014 at 22:13:56,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Plankton (administrator) on PLANKTON-PC on 17-01-2014 22:17:13
Running from C:\Users\Plankton\Desktop
Microsoft Windows 7 Ultimate  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\System32\XSrvSetup.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Steganos GmbH) C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [SSS2009 HotKeys] - C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe [80896 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [SSS2009 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKCU\...\Run: [SSS2009 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [49664 2010-06-22] (Steganos GmbH)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-22] (Piriform Ltd)
HKCU\...\Run: [csrv.exe] - C:\Users\Plankton\AppData\Roaming\hJQMZ3mL\local.exe [375808 2013-10-24] (Company)
MountPoints2: {29787b2f-f88d-11e2-90ff-1c6f654c8f4a} - F:\LGAutoRun.exe
MountPoints2: {a41b7b0a-5c9d-11e0-aa00-1c6f654c8f4a} - G:\LaunchU3.exe -a
MountPoints2: {a64e5b69-9767-11e1-a8b4-1c6f654c8f4a} - G:\NokiaPCIA_Autorun.exe
AppInit_DLLs: C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9A19B427225CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "backup.ftp", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ftp_port", 7808
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.socks_port", 7808
FF NetworkProxy: "backup.ssl", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ssl_port", 7808
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\maps@ovi.com [2012-04-15]
FF Extension: Toolbar Buttons - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-11-05]
FF Extension: FEBE - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-26]
FF Extension: FT DeepDark - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-01-16]
FF Extension: PrefBar - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2014-01-15]
FF Extension: Context Menu Image Saver - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\cmis@choobin.xpi [2013-12-22]
FF Extension: Fetch Text URL (fix version) - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\fetch.text.url@fix.version.xpi [2013-12-22]
FF Extension: NASA Night Launch - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\nasanightlaunch@example.com.xpi [2013-06-02]
FF Extension: Image Zoom - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: Tab Mix Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-05]
FF Extension: Fetch Text URL [de] - C:\Program Files\Mozilla Firefox\extensions\FetchTextURL_1.6.4_fx+sm_de-DE [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 11\pfplugin [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 11\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 11\spmplugin3 [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-02]

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://de.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2007-01-26] (CACE Technologies)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [53280 2011-08-23] ()
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 gdrv; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 22:17 - 2014-01-17 22:17 - 00016751 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-17 22:17 - 2014-01-17 22:17 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-17 22:13 - 2014-01-17 22:13 - 00001199 _____ C:\Users\Plankton\Desktop\JRT.txt
2014-01-17 21:24 - 2014-01-17 21:24 - 01037068 _____ (Thisisu) C:\Users\Plankton\Desktop\JRT.exe
2014-01-17 21:21 - 2014-01-17 21:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 21:19 - 2014-01-17 21:19 - 00001133 _____ C:\Users\Plankton\Desktop\AdwCleaner[S1].txt
2014-01-17 21:11 - 2014-01-17 21:13 - 00000000 ____D C:\AdwCleaner
2014-01-17 20:23 - 2014-01-17 20:23 - 01236282 _____ C:\Users\Plankton\Desktop\adwcleaner.exe
2014-01-17 20:13 - 2014-01-17 21:15 - 00000168 _____ C:\Windows\setupact.log
2014-01-17 20:13 - 2014-01-17 20:13 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-15 23:17 - 2014-01-17 00:57 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:34 - 2014-01-15 22:40 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:41 - 2014-01-15 00:42 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-15 10:25 - 00000757 _____ C:\Windows\general.log
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 23:24 - 2014-01-15 10:25 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2014-01-14 22:54 - 2014-01-14 22:55 - 00000000 ____D C:\Users\All Users\MicroWorld
2014-01-14 22:52 - 2014-01-14 22:53 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-13 23:48 - 2014-01-14 01:16 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000478 _____ C:\Users\Plankton\Desktop\defogger_disable.log
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:03 - 2014-01-17 22:17 - 00000000 ____D C:\FRST
2014-01-13 22:03 - 2014-01-13 22:18 - 00020069 _____ C:\Users\Plankton\Desktop\Addition.txt
2014-01-13 22:01 - 2014-01-17 22:17 - 01220608 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 21:25 - 2014-01-12 22:18 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:24 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2014-01-12 21:24 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2014-01-12 21:24 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2014-01-12 21:24 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2014-01-12 21:24 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:26 - 2014-01-17 21:33 - 00018147 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:23 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:57 - 2013-12-26 17:58 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:42 - 2013-12-23 17:47 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-21 13:24 - 2013-12-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-17 22:17 - 2014-01-17 22:17 - 00016751 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-17 22:17 - 2014-01-17 22:17 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-17 22:17 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-17 22:17 - 2014-01-13 22:01 - 01220608 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-17 22:15 - 2011-02-28 23:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-17 22:13 - 2014-01-17 22:13 - 00001199 _____ C:\Users\Plankton\Desktop\JRT.txt
2014-01-17 21:51 - 2011-07-30 17:05 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 21:33 - 2014-01-12 20:26 - 00018147 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-17 21:31 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 21:31 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 21:24 - 2014-01-17 21:24 - 01037068 _____ (Thisisu) C:\Users\Plankton\Desktop\JRT.exe
2014-01-17 21:21 - 2014-01-17 21:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 21:20 - 2011-02-28 22:40 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 21:19 - 2014-01-17 21:19 - 00001133 _____ C:\Users\Plankton\Desktop\AdwCleaner[S1].txt
2014-01-17 21:19 - 2013-10-10 08:17 - 00038996 _____ C:\Windows\WindowsUpdate.log
2014-01-17 21:15 - 2014-01-17 20:13 - 00000168 _____ C:\Windows\setupact.log
2014-01-17 21:15 - 2011-07-30 17:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 21:15 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 21:13 - 2014-01-17 21:11 - 00000000 ____D C:\AdwCleaner
2014-01-17 21:08 - 2013-12-06 21:42 - 00126262 _____ C:\Windows\PFRO.log
2014-01-17 21:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-17 21:03 - 2013-08-24 12:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-17 20:23 - 2014-01-17 20:23 - 01236282 _____ C:\Users\Plankton\Desktop\adwcleaner.exe
2014-01-17 20:13 - 2014-01-17 20:13 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 10:36 - 2011-02-28 23:52 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\R-Wipe&Clean
2014-01-17 00:57 - 2014-01-15 23:17 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-15 22:40 - 2014-01-15 22:34 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:25 - 2014-01-14 23:34 - 00000757 _____ C:\Windows\general.log
2014-01-15 10:25 - 2014-01-14 23:24 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:42 - 2014-01-15 00:41 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:34 - 2009-07-14 03:04 - 00000425 _____ C:\Windows\win.ini
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2014-01-14 22:54 - 00000000 ____D C:\Users\All Users\MicroWorld
2014-01-14 22:53 - 2014-01-14 22:52 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-14 01:16 - 2014-01-13 23:48 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000478 _____ C:\Users\Plankton\Desktop\defogger_disable.log
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:42 - 2011-02-28 22:37 - 00000000 ____D C:\Users\Plankton
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 22:50 - 2014-01-13 22:50 - 00130499 _____ C:\Users\Plankton\Desktop\gmer.txt
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:18 - 2014-01-13 22:03 - 00020069 _____ C:\Users\Plankton\Desktop\Addition.txt
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 00:40 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\vlc
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 22:35 - 2011-05-08 12:42 - 00000000 ____D C:\test
2014-01-12 22:18 - 2014-01-12 21:25 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:27 - 2011-02-28 23:19 - 00000000 ___HD C:\VritualRoot
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-12 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2014-01-12 17:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:27 - 2011-03-05 22:27 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:26 - 2014-01-04 20:23 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-28 19:04 - 2011-03-20 19:42 - 00000000 ____D C:\Program Files\XnView
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:58 - 2013-12-26 17:57 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-26 16:33 - 2013-11-13 17:05 - 00000812 _____ C:\Users\Plankton\Desktop\Körperfettwaage.txt
2013-12-26 14:39 - 2011-10-09 21:10 - 00000000 ____D C:\Hintergrundbilder
2013-12-26 11:52 - 2011-07-22 21:09 - 00000000 ____D C:\E-Mail-Sich
2013-12-25 16:53 - 2013-08-23 08:51 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\TrueCrypt
2013-12-24 02:10 - 2011-02-28 22:50 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\Free Download Manager
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:47 - 2013-12-23 17:42 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-22 12:13 - 2012-04-24 22:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:26 - 2013-12-21 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 16:16

==================== End Of Log ============================
--- --- ---


Nach einem Neustart habe ich Malwarebytes nochmal laufen lassen, hier das logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Plankton :: PLANKTON-PC [Administrator]

Schutz: Aktiviert

17.01.2014 22:27:15
mbam-log-2014-01-17 (22-27-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197906
Laufzeit: 5 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 18.01.2014, 16:57   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.01.2014, 14:01   #13
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Hallo Schrauber,
hier die nächsten logs:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56fe62e41d37ca43a917282c3a91fce4
# engine=16709
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-19 12:29:08
# local_time=2014-01-19 01:29:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3074 16777213 100 100 5795 91520910 0 0
# compatibility_mode=5893 16776574 100 94 16033794 141765739 0 0
# scanned=110084
# found=0
# cleaned=0
# scan_time=4375
Code:
ATTFilter
Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 CloneSpy 2.7    
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.0    
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 31  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 	11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe 
 Comodo Firewall cfp.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014
Ran by Plankton (administrator) on PLANKTON-PC on 19-01-2014 13:42:06
Running from C:\Users\Plankton\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [SSS2009 HotKeys] - C:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe [80896 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [SSS2009 File Redirection Starter] - C:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-06-22] (Steganos GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKCU\...\Run: [SSS2009 Browser Monitor] - C:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [49664 2010-06-22] (Steganos GmbH)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [CCleaner Monitoring] - C:\Program Files\CCleaner\CCleaner.exe [3643160 2013-07-22] (Piriform Ltd)
HKCU\...\Run: [csrv.exe] - C:\Users\Plankton\AppData\Roaming\hJQMZ3mL\local.exe.lnk
MountPoints2: {29787b2f-f88d-11e2-90ff-1c6f654c8f4a} - F:\LGAutoRun.exe
MountPoints2: {a41b7b0a-5c9d-11e0-aa00-1c6f654c8f4a} - G:\LaunchU3.exe -a
MountPoints2: {a64e5b69-9767-11e1-a8b4-1c6f654c8f4a} - G:\NokiaPCIA_Autorun.exe
AppInit_DLLs: C:\Windows\system32\guard32.dll => C:\Windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9A19B427225CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll (Steganos GmbH)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-comodo&p=
FF NetworkProxy: "backup.ftp", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ftp_port", 7808
FF NetworkProxy: "backup.gopher", "127.0.0.1"
FF NetworkProxy: "backup.gopher_port", 8080
FF NetworkProxy: "backup.socks", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.socks_port", 7808
FF NetworkProxy: "backup.ssl", "198.27.97.214.vpsrealm.com"
FF NetworkProxy: "backup.ssl_port", 7808
FF NetworkProxy: "ftp", "119.30.39.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "119.30.39.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "119.30.39.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "119.30.39.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdrmv2.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Nokia Maps 3D browser plugin - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\maps@ovi.com [2012-04-15]
FF Extension: Toolbar Buttons - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2011-11-05]
FF Extension: FEBE - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-06-26]
FF Extension: FT DeepDark - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-01-16]
FF Extension: PrefBar - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2014-01-15]
FF Extension: Context Menu Image Saver - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\cmis@choobin.xpi [2013-12-22]
FF Extension: Fetch Text URL (fix version) - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\fetch.text.url@fix.version.xpi [2013-12-22]
FF Extension: NASA Night Launch - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\nasanightlaunch@example.com.xpi [2013-06-02]
FF Extension: Image Zoom - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-16]
FF Extension: Adblock Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-15]
FF Extension: Tab Mix Plus - C:\Users\Plankton\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.papa\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-11-05]
FF Extension: Fetch Text URL [de] - C:\Program Files\Mozilla Firefox\extensions\FetchTextURL_1.6.4_fx+sm_de-DE [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files\Steganos Privacy Suite 11\pfplugin [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files\Steganos Privacy Suite 11\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files\Steganos Privacy Suite 11\spmplugin3 [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-02]

Chrome: 
=======
CHR HomePage: hxxp://de.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://de.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

========================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\System32\DRIVERS\lgandnetdiag2.sys [23168 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2013-06-28] (LG Electronics Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2007-01-26] (CACE Technologies)
R3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [53280 2011-08-23] ()
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
R3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31752 2009-09-11] (Logitech Inc.)
S3 gdrv; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 13:42 - 2014-01-19 13:42 - 00015616 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-19 13:34 - 2014-01-19 13:34 - 00987425 _____ C:\Users\Plankton\Desktop\SecurityCheck.exe
2014-01-19 12:09 - 2014-01-19 12:09 - 00000000 ____D C:\Program Files\ESET
2014-01-19 11:58 - 2014-01-19 11:58 - 02347384 _____ (ESET) C:\Users\Plankton\Desktop\esetsmartinstaller_enu.exe
2014-01-17 22:17 - 2014-01-19 13:41 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-17 21:24 - 2014-01-17 21:24 - 01037068 _____ (Thisisu) C:\Users\Plankton\Desktop\JRT.exe
2014-01-17 21:21 - 2014-01-17 21:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 21:11 - 2014-01-17 21:13 - 00000000 ____D C:\AdwCleaner
2014-01-17 20:23 - 2014-01-17 20:23 - 01236282 _____ C:\Users\Plankton\Desktop\adwcleaner.exe
2014-01-17 20:13 - 2014-01-19 11:45 - 00000280 _____ C:\Windows\setupact.log
2014-01-17 20:13 - 2014-01-17 20:13 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-15 23:17 - 2014-01-19 01:13 - 00000227 _____ C:\service.log
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:34 - 2014-01-15 22:40 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:41 - 2014-01-15 00:42 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-15 10:25 - 00000757 _____ C:\Windows\general.log
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 23:24 - 2014-01-15 10:25 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2014-01-14 22:54 - 2014-01-14 22:55 - 00000000 ____D C:\ProgramData\MicroWorld
2014-01-14 22:52 - 2014-01-14 22:53 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-13 23:48 - 2014-01-14 01:16 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 22:03 - 2014-01-19 13:41 - 00000000 ____D C:\FRST
2014-01-13 22:01 - 2014-01-19 13:41 - 01221120 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 21:25 - 2014-01-12 22:18 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:24 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\Windows\system32\Agent.OMZ.Fix.exe
2014-01-12 21:24 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\Windows\system32\IEDFix.C.exe
2014-01-12 21:24 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\Windows\system32\o4Patch.exe
2014-01-12 21:24 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\Windows\system32\SrchSTS.exe
2014-01-12 21:24 - 2003-06-05 21:13 - 00053248 _____ (hxxp://www.beyondlogic.org) C:\Windows\system32\Process.exe
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:26 - 2014-01-17 22:40 - 00018591 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:23 - 2014-01-04 20:26 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:57 - 2013-12-26 17:58 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:42 - 2013-12-23 17:47 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-21 13:24 - 2013-12-21 13:26 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-19 13:42 - 2014-01-19 13:42 - 00015616 _____ C:\Users\Plankton\Desktop\FRST.txt
2014-01-19 13:41 - 2014-01-17 22:17 - 00000000 ____D C:\Users\Plankton\Desktop\FRST-OlderVersion
2014-01-19 13:41 - 2014-01-13 22:03 - 00000000 ____D C:\FRST
2014-01-19 13:41 - 2014-01-13 22:01 - 01221120 _____ (Farbar) C:\Users\Plankton\Desktop\FRST.exe
2014-01-19 13:34 - 2014-01-19 13:34 - 00987425 _____ C:\Users\Plankton\Desktop\SecurityCheck.exe
2014-01-19 13:34 - 2011-02-28 23:03 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-19 12:51 - 2011-07-30 17:05 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 12:09 - 2014-01-19 12:09 - 00000000 ____D C:\Program Files\ESET
2014-01-19 12:08 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 12:08 - 2009-07-14 05:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 11:58 - 2014-01-19 11:58 - 02347384 _____ (ESET) C:\Users\Plankton\Desktop\esetsmartinstaller_enu.exe
2014-01-19 11:49 - 2011-02-28 22:40 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 11:48 - 2013-10-10 08:17 - 00069210 _____ C:\Windows\WindowsUpdate.log
2014-01-19 11:45 - 2014-01-17 20:13 - 00000280 _____ C:\Windows\setupact.log
2014-01-19 11:45 - 2011-07-30 17:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 11:45 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 01:13 - 2014-01-15 23:17 - 00000227 _____ C:\service.log
2014-01-18 13:23 - 2013-08-21 09:40 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\WinMedia
2014-01-18 13:22 - 2013-10-24 10:14 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\hJQMZ3mL
2014-01-18 13:22 - 2013-08-24 13:13 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\hJQMZ3mL00
2014-01-17 22:40 - 2014-01-12 20:26 - 00018591 _____ C:\Users\Plankton\AppData\Roaming\csrv.exe
2014-01-17 21:24 - 2014-01-17 21:24 - 01037068 _____ (Thisisu) C:\Users\Plankton\Desktop\JRT.exe
2014-01-17 21:21 - 2014-01-17 21:21 - 00000000 ____D C:\Windows\ERUNT
2014-01-17 21:13 - 2014-01-17 21:11 - 00000000 ____D C:\AdwCleaner
2014-01-17 21:08 - 2013-12-06 21:42 - 00126262 _____ C:\Windows\PFRO.log
2014-01-17 21:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-17 21:03 - 2013-08-24 12:56 - 00000000 ____D C:\Program Files\CCleaner
2014-01-17 20:23 - 2014-01-17 20:23 - 01236282 _____ C:\Users\Plankton\Desktop\adwcleaner.exe
2014-01-17 20:13 - 2014-01-17 20:13 - 00294080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00064152 _____ C:\Users\Plankton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 20:13 - 2014-01-17 20:13 - 00000000 _____ C:\Windows\setuperr.log
2014-01-17 10:36 - 2011-02-28 23:52 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\R-Wipe&Clean
2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Program Files\Bloody5
2014-01-15 22:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-15 22:40 - 2014-01-15 22:34 - 00000000 ____D C:\Users\Plankton\Downloads\Bloody Mouse Software
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\rundll16.exe
2014-01-15 10:28 - 2014-01-15 10:28 - 00000000 ____D C:\Windows\logo1_.exe
2014-01-15 10:25 - 2014-01-14 23:34 - 00000757 _____ C:\Windows\general.log
2014-01-15 10:25 - 2014-01-14 23:24 - 00000054 _____ C:\Windows\Lic.xxx
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ___SD C:\32788R22FWJFW
2014-01-15 10:23 - 2014-01-15 10:23 - 00000000 ____D C:\ComboFix
2014-01-15 10:22 - 2014-01-15 10:22 - 05165717 ____R (Swearware) C:\Users\Plankton\Desktop\ComboFix.exe
2014-01-15 09:27 - 2014-01-15 09:27 - 00000000 _____ C:\Users\Plankton\Desktop\Neues Textdokument.txt
2014-01-15 00:42 - 2014-01-15 00:41 - 11823536 _____ C:\Windows\REGBK00.ZIP
2014-01-14 23:34 - 2014-01-14 23:34 - 00000456 _____ C:\Windows\UPDLL.LOG
2014-01-14 23:34 - 2009-07-14 03:04 - 00000425 _____ C:\Windows\win.ini
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\VDLL.DLL
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\system32\runouce.exe
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\RUNDL132.EXE
2014-01-14 23:33 - 2014-01-14 23:33 - 00000000 ____D C:\Windows\logo_1.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2014-01-14 22:55 - 2014-01-14 22:55 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
2014-01-14 22:55 - 2014-01-14 22:55 - 00000000 ____D C:\Program Files\Common Files\MicroWorld
2014-01-14 22:55 - 2014-01-14 22:54 - 00000000 ____D C:\ProgramData\MicroWorld
2014-01-14 22:53 - 2014-01-14 22:52 - 99334664 _____ C:\Users\Plankton\Desktop\mwav.exe
2014-01-14 01:16 - 2014-01-13 23:48 - 00000605 _____ C:\Users\Plankton\Desktop\Troja-Board.txt
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 _____ C:\Users\Plankton\defogger_reenable
2014-01-13 23:42 - 2011-02-28 22:37 - 00000000 ____D C:\Users\Plankton
2014-01-13 23:40 - 2014-01-13 23:40 - 00050477 _____ C:\Users\Plankton\Desktop\Defogger.exe
2014-01-13 22:34 - 2014-01-13 22:34 - 00377856 _____ C:\Users\Plankton\Desktop\gmer_2.1.19163.exe
2014-01-13 10:32 - 2014-01-13 10:32 - 00000332 _____ C:\Start_.cmd
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Windows\erdnt
2014-01-13 10:31 - 2014-01-13 10:31 - 00000000 ____D C:\Qoobox
2014-01-13 00:40 - 2013-01-13 20:06 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\vlc
2014-01-12 22:40 - 2014-01-12 22:40 - 01233962 _____ C:\Users\Plankton\Downloads\adwcleaner_3.016.exe
2014-01-12 22:35 - 2011-05-08 12:42 - 00000000 ____D C:\test
2014-01-12 22:18 - 2014-01-12 21:25 - 00000000 _____ C:\Windows\system32\tmp.txt
2014-01-12 21:23 - 2014-01-12 21:23 - 01885088 _____ C:\Users\Plankton\Downloads\SmitfraudFix_v2.423.exe
2014-01-12 20:27 - 2011-02-28 23:19 - 00000000 ___HD C:\VritualRoot
2014-01-12 20:24 - 2014-01-12 20:24 - 00002403 _____ C:\Users\Plankton\AppData\Roaming\csrv.PIF
2014-01-12 17:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\security
2014-01-12 17:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\L2Schemas
2014-01-11 18:27 - 2014-01-11 18:27 - 00001038 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-11 18:27 - 2011-03-05 22:27 - 00000000 ____D C:\Program Files\VideoLAN
2014-01-11 18:25 - 2014-01-11 18:25 - 24097311 _____ C:\Users\Plankton\Downloads\vlc-2.1.2-win32.exe
2014-01-04 20:26 - 2014-01-04 20:23 - 00000000 ____D C:\Users\Plankton\Desktop\Sicherung TOR Safe
2014-01-03 15:12 - 2014-01-03 15:12 - 00000000 ____D C:\Users\Plankton\Downloads\CNC im Modellbau Magazin Januar 01-2014
2013-12-28 23:14 - 2013-12-28 23:14 - 00000000 ____D C:\Users\Plankton\Downloads\Neuer Ordner
2013-12-28 19:04 - 2011-03-20 19:42 - 00000000 ____D C:\Program Files\XnView
2013-12-27 01:14 - 2013-12-27 01:14 - 00001255 _____ C:\Users\Plankton\Desktop\taskmgr.exe - Verknüpfung.lnk
2013-12-26 19:22 - 2013-12-26 19:22 - 00000695 _____ C:\Users\Plankton\Desktop\Tor Browser.lnk
2013-12-26 17:59 - 2013-12-26 17:59 - 00000000 ____D C:\Users\Plankton\Desktop\Tor Browser
2013-12-26 17:58 - 2013-12-26 17:57 - 24185920 _____ C:\Users\Plankton\Downloads\torbrowser-install-3.5_de.exe
2013-12-26 16:33 - 2013-11-13 17:05 - 00000812 _____ C:\Users\Plankton\Desktop\Körperfettwaage.txt
2013-12-26 14:39 - 2011-10-09 21:10 - 00000000 ____D C:\Hintergrundbilder
2013-12-26 11:52 - 2011-07-22 21:09 - 00000000 ____D C:\E-Mail-Sich
2013-12-25 16:53 - 2013-08-23 08:51 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\TrueCrypt
2013-12-24 02:10 - 2011-02-28 22:50 - 00000000 ___HD C:\Users\Plankton\AppData\Roaming\Free Download Manager
2013-12-23 19:23 - 2013-12-23 19:23 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Ms_Word_Excel_Cracker-ORG-10656419.exe
2013-12-23 19:07 - 2013-12-23 19:07 - 00923784 _____ (CNET Download.com) C:\Users\Plankton\Downloads\cbsidlm-cbsi145-Excel_Tool_VBA_Password_Recovery-ORG-75206791.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00128000 _____ C:\Windows\system32\ppa_service.exe
2013-12-23 18:34 - 2013-12-23 18:34 - 00043008 _____ C:\Windows\system32\ppa_service.dll
2013-12-23 18:34 - 2013-12-23 18:34 - 00000566 _____ C:\Windows\system32\ppa_service.log
2013-12-23 18:34 - 2013-12-23 18:34 - 00000530 _____ C:\Windows\system32\ppa_service.dat
2013-12-23 18:34 - 2013-12-23 18:34 - 00000004 _____ C:\Windows\system32\ppa_service.rc
2013-12-23 18:28 - 2013-12-23 18:28 - 00000000 ____D C:\Program Files\ElcomSoft
2013-12-23 17:47 - 2013-12-23 17:42 - 00044430 _____ C:\Users\Plankton\ovpntray.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 ____D C:\Users\Plankton\AppData\Roaming\PrivateTunnel
2013-12-23 17:41 - 2013-12-23 17:41 - 05814784 _____ C:\Users\Plankton\Downloads\privatetunnel.msi
2013-12-22 12:13 - 2012-04-24 22:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 13:26 - 2013-12-21 13:24 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 16:16

==================== End Of Log ============================
--- --- ---


abschließend habe ich wieder mit Malwarebytes gescannt,
immer noch das selbe Problem.
Worauf deutet deiner Meinung nach dieser Reg Eintrag hin, und warum erkennt NUR
Malwarebytes diesen Eintrag ?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Plankton :: PLANKTON-PC [Administrator]

Schutz: Deaktiviert

19.01.2014 13:45:19
mbam-log-2014-01-19 (13-45-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197834
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Gruß Udo

Alt 20.01.2014, 12:09   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Java und Adobe updaten.

Wenn Du den Fund mit MBAM entfernst ist er bei einem neuen Scan wieder da?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.01.2014, 16:12   #15
Udo69
 
Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Standard

Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


Hallo Schrauber,
Java und Adobe ist up to date.
Und Ja, wie schon in der Überschrift und im ersten Post beschrieben ,
schreibt er sich gleich wieder neu.

Gruß Udo

Antwort
Seite 1 von 2 1 2

Themen zu Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu
abgesicherte, abgesicherten, cracker, eintrag, entferne, entfernen, entfernung, excel, freigabe, hoffe, legales programm, malwarebytes, modus, neu, neustart, normalmodus, passwörter, probleme, programm, scan, scanner, sofort, starte, testen, version, virenscan, virenscanner


« Win 7 64BIT TR/Crypt.XPACK.Gen2' [trojan] | Windows 8.1: Spam Email mit anhang geöffnet ! »


Ähnliche Themen: Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu


  1. HEUR/QVM10.1.Malware.Gen, 500MB Junk Files Installieren sich immer wieder neu.
    Log-Analyse und Auswertung - 17.10.2015 (5)
  2. Win32:Malware-gen taucht immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (15)
  3. Musik Player harkt immer, die Seiten bauen sich langsam auf, immer wieder scheint der PC insgesamt zu harken
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (3)
  4. Secure Banking 1.5.1 meldet immer wieder Malware
    Log-Analyse und Auswertung - 12.10.2012 (4)
  5. Malware Trace, HEUR/HTML.Malware
    Log-Analyse und Auswertung - 02.12.2011 (30)
  6. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  7. Trojaner schreibt sich immer neu in Registry!
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (15)
  8. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  9. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  10. USB Schlüssel - Malware
    Diskussionsforum - 29.09.2010 (15)
  11. Internet geblockt - Bifrose.Trace/Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (13)
  12. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  13. PC meldet sich sofort wieder ab,Trace.File.Bancos!A2 in x:\i386\system32\network.exe
    Log-Analyse und Auswertung - 27.02.2010 (0)
  14. Notebook friert immer wieder ein!!! mögliche malware
    Plagegeister aller Art und deren Bekämpfung - 06.11.2009 (23)
  15. immer wieder HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (3)
  16. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  17. Registry Trace installiert sich bei Systemstart immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 07.05.2006 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu - Hallo, Beim Scan mit Malwarebytes wird ein Infizierter Registrierungsschlüssel gemeldet, nach entfernen schreibt er sich sofort wieder neu. Im Abgesicherten Modus hingegen bleibt er nach Entfernung und Neustart (im Abgesicherten - Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu...
Archiv
Du betrachtest: Malware.Trace in Reg.-Schlüssel schreibt sich immer wieder neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55