Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 02
Ran by Micha (administrator) on HP_NOTEBOOK on 11-01-2014 14:24:55
Running from C:\Users\Micha\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe Code:
GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-11 14:21:44
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST9500325AS rev.0005HPM1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Micha\AppData\Local\Temp\ugdiypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000222700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000222710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe781930e0 7 bytes JMP 00007fff77d402d0
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe78194478 7 bytes JMP 00007fff77d40308
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe782411a8 7 bytes JMP 00007fff77d40340
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffe7824121c 7 bytes JMP 00007fff77d403b0
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffe78241668 7 bytes JMP 00007fff77d40378
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffe782472d0 7 bytes JMP 00007fff77d40260
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe7826d5a4 7 bytes JMP 00007fff77d40228
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe7826d614 7 bytes JMP 00007fff77d40298
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe77d52124 7 bytes JMP 00007fff77d400d8
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffe77d550e8 5 bytes JMP 00007fff77d40180
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe77d552a0 5 bytes JMP 00007fff77d40148
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe77d5a9b0 5 bytes JMP 00007fff77d40110
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffe78537b64 10 bytes JMP 00007fff77d40490
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffe78552910 5 bytes JMP 00007fff77d40420
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffe78554578 5 bytes JMP 00007fff77d40458
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe78554980 9 bytes JMP 00007fff77d403e8
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe787d1500 8 bytes JMP 00007fff77d401b8
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe787d1750 8 bytes JMP 00007fff77d401f0
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffe75f4705c 5 bytes JMP 00007fff75dc00d8
.text C:\WINDOWS\system32\dwm.exe[968] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffe75f47678 5 bytes JMP 00007fff75dc0110
.text C:\WINDOWS\system32\nvvsvc.exe[548] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[548] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[548] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[548] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2108] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2108] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2108] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2108] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2108] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe6ed31f6a 4 bytes [D3, 6E, FE, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2108] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe6ed31f82 4 bytes [D3, 6E, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2492] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2492] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3344] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3344] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3344] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3344] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[4328] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[4328] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[4328] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[4328] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4460] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4460] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4460] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4460] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5072] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5072] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5072] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5072] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4208] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe7852169a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4208] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe785216a2 4 bytes [52, 78, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4208] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe7852181a 4 bytes [52, 78, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4208] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe78521832 4 bytes [52, 78, FE, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [664:688] fffff960008d24d0
Thread C:\WINDOWS\system32\svchost.exe [796:3144] 00007ffe6c2b38e0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1644:1632] 000000000089d1f6
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1644:2812] 00000000739aa7e0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1644:2968] 00000000714a8960
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1644:2972] 00000000714a8960
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1644:2976] 00000000714a8960
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1644:2980] 00000000714a4090
Thread C:\WINDOWS\Explorer.EXE [3272:4448] 00007ffe6288d6bc
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4156:4160] 00000000004020b7
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- --- --- --- Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:24 on 11/01/2014 (Micha)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-:taenzer: |