Oh das wusste ich nicht
GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-22 01:37:00
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d TOSHIBA_MQ01ABD100 rev.AX003J 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\uwtoqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb44c3257c 8 bytes JMP 000007fc442703b0
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb44c36b10 9 bytes JMP 000007fc44270308
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb44cb5658 7 bytes JMP 000007fc44270260
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb44cb5778 7 bytes JMP 000007fc442702d0
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb44cd1564 7 bytes JMP 000007fc44270340
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb44ce40e4 7 bytes JMP 000007fc44270298
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb44ce4178 8 bytes JMP 000007fc44270228
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb44ce479c 8 bytes JMP 000007fc44270378
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb442b28a0 7 bytes JMP 000007fc442700d8
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb442b28e8 5 bytes JMP 000007fc44270180
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb442cf590 6 bytes JMP 000007fc44270148
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb442cf8ac 5 bytes JMP 000007fc44270110
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb4701c5b0 7 bytes JMP 000007fc44270490
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb470231f0 9 bytes JMP 000007fc442703e8
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb470233e0 5 bytes JMP 000007fc44270458
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb47027160 5 bytes JMP 000007fc44270420
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb456f1070 8 bytes JMP 000007fc442701f0
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb45710c10 8 bytes JMP 000007fc442701b8
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\dwm.exe[1140] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1244] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1252] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1252] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1252] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1252] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb449c177a 4 bytes [9C, 44, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[1252] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb449c1782 4 bytes [9C, 44, FB, 07]
.text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb449c177a 4 bytes [9C, 44, FB, 07]
.text C:\Windows\System32\spoolsv.exe[1772] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb449c1782 4 bytes [9C, 44, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[2648] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[2648] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[2648] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\taskhostex.exe[2700] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\taskhostex.exe[2700] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\taskhostex.exe[2700] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\Explorer.EXE[2732] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\Explorer.EXE[2732] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\Explorer.EXE[2732] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[3256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[3256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[3256] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3296] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3296] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\igfxext.exe[3728] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\igfxext.exe[3728] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\igfxext.exe[3728] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1380] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1380] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1380] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4540] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4540] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb31831b32 4 bytes [83, 31, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4540] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb31831b3a 4 bytes [83, 31, FB, 07]
.text C:\Windows\System32\igfxtray.exe[4548] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\igfxtray.exe[4548] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\igfxtray.exe[4548] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\hkcmd.exe[4556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\hkcmd.exe[4556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\hkcmd.exe[4556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4632] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4632] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[4632] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb449c177a 4 bytes [9C, 44, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4672] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb449c1782 4 bytes [9C, 44, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4672] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4872] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4872] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4872] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5052] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[5052] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb449c177a 4 bytes [9C, 44, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb449c1782 4 bytes [9C, 44, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007fb31831b32 4 bytes [83, 31, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007fb31831b3a 4 bytes [83, 31, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\WindowsMobile\wmdcBase.exe[5116] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\svchost.exe[2316] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb31831b32 4 bytes [83, 31, FB, 07]
.text C:\Windows\system32\svchost.exe[2316] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb31831b3a 4 bytes [83, 31, FB, 07]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE[4416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE[4416] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE[4416] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[5496] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb449c177a 4 bytes [9C, 44, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[5496] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb449c1782 4 bytes [9C, 44, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[5612] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[5612] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[5612] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Windows\system32\igfxsrvc.exe[4228] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[5192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[5192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[5192] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2440] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb3f861532 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2440] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb3f86153a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[2440] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb3f86165a 4 bytes [86, 3F, FB, 07]
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb449c177a 4 bytes [9C, 44, FB, 07]
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[5376] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb449c1782 4 bytes [9C, 44, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [676:704] fffff960008955e8
Thread C:\Windows\system32\csrss.exe [676:708] fffff960008955e8
---- Processes - GMER 2.1 ----
Process C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (FILE NOT FOUND) 0000000000400000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006d9c0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000070c70000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006d5d0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156](2015-02-10 21:00:30) 00000000715e0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 00000000042f0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdq1bgf.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156](2015-02-21 23:39:39) 0000000004610000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006b3b0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 00000000697e0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000695c0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000069360000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c4a0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156](2015-02-10 21:00:30) 00000000715a0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006c470000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006a9e0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006a990000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156](2015-02-10 21:00:28) 000000006a8b0000
Library C:\Users\*****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe [5156](2015-02-10 21:00:28) 000000006a870000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by ***** (administrator) on NOTEBOOK on 22-02-2015 01:09:35
Running from C:\Users\*****\Downloads
Loaded Profiles: UpdatusUser & ***** (Available profiles: UpdatusUser & *****)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Mintcastnetworks-bogard\Mintcastnetworks-bogard.exe
() C:\Program Files\Mintcastnetworks-bogard\Mintcastnetworks-bogard_updater_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Users\*****\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-22] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2013-04-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\MountPoints2: {443bf3b3-ac7c-11e3-be7f-7c0507dc2047} - "E:\Startme.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-233447492-2476977513-3596007070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-233447492-2476977513-3596007070-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-233447492-2476977513-3596007070-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-233447492-2476977513-3596007070-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-233447492-2476977513-3596007070-1003 -> DefaultScope {67321360-E134-46C2-929C-FAA7428E19EE} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKU\S-1-5-21-233447492-2476977513-3596007070-1003 -> {67321360-E134-46C2-929C-FAA7428E19EE} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zz5az9nc.default
FF Homepage: hxxp://angler-sattelschwein.info/
FF NetworkProxy: "ftp", "64.120.142.140"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "64.120.142.140"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "64.120.142.140"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "64.120.142.140"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zz5az9nc.default\user.js
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zz5az9nc.default\searchplugins\absearch-search.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zz5az9nc.default\searchplugins\google-bersetzer.xml
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\zz5az9nc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-07]
CHR Extension: (Avast Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-22] (Avast Software)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-12-07] (ELAN Microelectronics Corp.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Mintcastnetworks-bogard; C:\Program Files\Mintcastnetworks-bogard\Mintcastnetworks-bogard.exe [16384 2015-01-30] () [File not signed]
R2 Mintcastnetworks-bogard_updater_service; C:\Program Files\Mintcastnetworks-bogard\Mintcastnetworks-bogard_updater_service.exe [12288 2015-01-30] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-07-09] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-22] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-09] (Dritek System Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-22] (Avast Software)
R2 WinDivert64; C:\Windows\system32\drivers\WinDivert64.sys [35376 2013-12-03] (Basil Projects)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 01:09 - 2015-02-22 01:10 - 00019502 _____ () C:\Users\*****\Downloads\FRST.txt
2015-02-22 01:09 - 2015-02-22 01:09 - 00000000 ____D () C:\FRST
2015-02-22 01:08 - 2015-02-22 01:08 - 02086912 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2015-02-22 01:07 - 2015-02-22 01:07 - 00000474 _____ () C:\Users\*****\Downloads\defogger_disable.log
2015-02-22 01:07 - 2015-02-22 01:07 - 00000000 _____ () C:\Users\*****\defogger_reenable
2015-02-22 01:06 - 2015-02-22 01:06 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2015-02-22 01:06 - 2015-02-22 01:06 - 00000247 _____ () C:\Windows\system32\2015-02-22-00-06-47.023-aswFe.exe-1744.log
2015-02-22 01:02 - 2015-02-22 01:06 - 00000247 _____ () C:\Windows\system32\2015-02-22-00-02-30.047-aswFe.exe-3084.log
2015-02-22 01:02 - 2015-02-22 01:02 - 00000197 _____ () C:\Windows\system32\2015-02-22-00-02-28.075-AvastVBoxSVC.exe-5376.log
2015-02-22 00:40 - 2015-02-22 00:41 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-22 00:40 - 2015-02-22 00:41 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-22 00:36 - 2015-02-22 00:36 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-22 00:36 - 2015-02-22 00:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-22 00:36 - 2015-02-22 00:36 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-22 00:22 - 2015-02-22 00:22 - 00939560 _____ () C:\Users\*****\Downloads\Universal Keygen Generator 2014.rar
2015-02-22 00:22 - 2015-02-22 00:22 - 00000000 ____D () C:\Program Files\Mintcastnetworks-bogard
2015-02-22 00:22 - 2013-12-03 09:31 - 00035376 _____ (Basil Projects) C:\Windows\system32\Drivers\WinDivert64.sys
2015-02-21 20:07 - 2015-02-21 20:07 - 00000000 __RHD () C:\ESD
2015-02-21 19:57 - 2015-02-21 23:39 - 00000000 ____D () C:\Users\*****\Desktop\Neuer Ordner (3)
2015-02-21 13:57 - 2015-02-21 13:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-02-21 13:56 - 2015-02-21 13:56 - 00004388 _____ () C:\Windows\DPINST.LOG
2015-02-21 13:56 - 2015-02-21 13:56 - 00000000 ____D () C:\Program Files\DIFX
2015-02-21 13:55 - 2015-02-21 13:55 - 00002115 _____ () C:\Users\Public\Desktop\IRISPen 7.lnk
2015-02-21 13:55 - 2015-02-21 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IRISPen7
2015-02-21 13:53 - 2015-02-21 13:58 - 00000000 ____D () C:\ProgramData\IRISpen
2015-02-21 13:53 - 2015-02-21 13:53 - 00000000 ____D () C:\Program Files (x86)\IRIS
2015-02-20 22:13 - 2015-02-20 22:13 - 05995160 _____ (Wargaming.net ) C:\Users\*****\Downloads\WoT_internet_install_eu(1).exe
2015-02-20 22:13 - 2015-02-20 22:13 - 00000773 _____ () C:\Users\*****\Desktop\World of Tanks.lnk
2015-02-20 22:13 - 2015-02-20 22:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 01:07 - 2013-09-28 00:48 - 00000000 ____D () C:\Users\*****
2015-02-22 01:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 00:44 - 2013-09-27 19:30 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-233447492-2476977513-3596007070-1003
2015-02-22 00:43 - 2013-07-09 14:57 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2015-02-22 00:43 - 2013-07-09 14:57 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2015-02-22 00:43 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-22 00:42 - 2014-05-11 21:05 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2015-02-22 00:39 - 2014-01-04 20:04 - 00000000 ___RD () C:\Users\*****\Dropbox
2015-02-22 00:39 - 2014-01-04 20:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2015-02-22 00:38 - 2014-02-12 20:03 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 00:38 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 00:37 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-22 00:36 - 2014-06-26 19:45 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-22 00:36 - 2014-06-26 19:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-22 00:36 - 2013-09-27 19:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-02-22 00:36 - 2013-09-27 19:34 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-22 00:36 - 2013-09-27 19:33 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-22 00:36 - 2013-09-27 19:33 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-22 00:36 - 2013-09-27 19:33 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-22 00:36 - 2013-09-27 19:33 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-22 00:36 - 2013-09-27 19:33 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-22 00:34 - 2015-01-16 21:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spotify
2015-02-22 00:33 - 2013-09-28 00:48 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Atheros
2015-02-22 00:30 - 2014-03-19 13:30 - 00000937 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Update {808F793B-2C2C-47A0-97C9-DD2C23C0DF5B}.job
2015-02-22 00:30 - 2014-03-19 13:30 - 00000751 _____ () C:\Windows\Tasks\EPSON XP-312 313 315 Series Invitation {808F793B-2C2C-47A0-97C9-DD2C23C0DF5B}.job
2015-02-22 00:30 - 2013-09-28 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-22 00:29 - 2013-09-27 20:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-02-22 00:29 - 2013-07-09 05:20 - 01687503 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 23:30 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-21 18:31 - 2013-10-24 17:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2015-02-21 14:02 - 2013-09-27 20:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2015-02-20 22:13 - 2013-11-19 17:35 - 00000000 ____D () C:\Games
2015-02-20 21:32 - 2013-09-27 22:02 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2015-02-20 21:06 - 2013-10-24 17:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Mp3tag
2015-02-20 14:36 - 2015-01-07 14:23 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 14:03 - 2015-01-16 21:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Spotify
2015-02-17 00:38 - 2014-08-28 21:46 - 00000571 _____ () C:\Users\*****\Desktop\wlan.txt
2015-02-16 09:55 - 2014-01-04 20:04 - 00000986 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2015-02-16 09:55 - 2014-01-04 20:02 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 19:17 - 2013-09-27 20:16 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth Folder
2015-02-07 01:31 - 2013-10-10 14:56 - 00000000 ____D () C:\Users\*****\Desktop\SanDiskSecureAccessV2.0
2015-02-05 21:37 - 2014-02-12 20:03 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 21:37 - 2014-02-12 20:03 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 21:37 - 2014-02-12 20:03 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 20:34 - 2013-10-01 21:48 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2015-01-29 23:04 - 2013-09-27 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-29 23:04 - 2013-09-27 20:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-28 22:33 - 2013-09-27 20:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 10:28 - 2014-10-15 13:00 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-28 10:28 - 2014-02-25 19:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-28 10:28 - 2013-09-28 01:00 - 00000000 ____D () C:\Users\*****\AppData\Local\CrashDumps
2015-01-28 10:25 - 2014-10-15 13:00 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-28 10:25 - 2014-10-15 13:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-28 10:25 - 2014-10-15 13:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-28 10:25 - 2014-10-15 13:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-28 10:25 - 2014-10-15 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== Files in the root of some directories =======
2013-07-09 05:31 - 2013-07-09 05:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdq1bgf.dll
C:\Users\*****\AppData\Local\Temp\FreeAudioCDToMP3Converter.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-21 12:58
==================== End Of Log ============================
--- --- ---
--- --- ---
ADDITION Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by ***** at 2015-02-22 01:10:34
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Der Planer - Landwirtschaft (HKLM-x32\...\Der Planer - Landwirtschaft) (Version: - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.14949 - Landesfinanzdirektion Thüringen)
EPSON XP-312 313 315 Series Printer Uninstall (HKLM\...\EPSON XP-312 313 315 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.17.002_WHQL (HKLM\...\Elantech) (Version: 11.6.17.002 - ELAN Microelectronic Corp.)
Fotor 2.0.2 (HKLM-x32\...\Fotor) (Version: 2.0.2 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IRISPen 7 (HKLM-x32\...\{258BD3FF-3082-4523-890D-B0E162199FA1}) (Version: 1.5.2.330 - Ihr Firmenname)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mintcastnetworks-bogard 1.0.0.0 (HKLM\...\{29007E8C-251B-4F61-A70E-635591715954641572}_is1) (Version: 1.0.0.0 - Mintcastnetworks-bogard)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold HD (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.30.0003 - Firefly Studios)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\F1D0CAF4C0DED9E19E7D560DEA76E9C03A9840DA) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-233447492-2476977513-3596007070-1003\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-233447492-2476977513-3596007070-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
deflogger_disabled Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:07 on 22/02/2015 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
