![]() |
|
Log-Analyse und Auswertung: Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Windows 7 Virenscanner lässt sich nicht installieren, Firefox strartet selbstständig Hallo, ich habe hier einen Rechner auf dem sich kein gängiger Virenscanner installieren lässt. Des Weiteren startet auch Firefox selbstständig und ruft Spiele- und/oder Pornoseiten auf. FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014 Ran by Computer (administrator) on PCBECKER on 04-07-2014 09:24:55 Running from E:\Virenentfernung Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Valve Corporation) C:\Steam\Steam.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe () C:\Users\Computer\AppData\Local\nfmffef.exe (Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WksCal.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-10-03] () HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Steam] => C:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation) HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated) HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [Google+ Auto Backup] => C:\Users\Computer\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.) HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.EXE HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [GoogleChromeAutoLaunch_99AE18632314C5772DDF1A65D9BFB3A0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.) HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\Run: [nfmffef] => c:\users\computer\appdata\local\nfmffef.exe [3080192 2014-07-02] () HKU\S-1-5-21-424039607-3106668974-96046439-1001\...\MountPoints2: {77717763-0d4e-11e2-be69-806e6f6e6963} - "J:\autorun.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=21.3.0.12 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {63183CC4-C8CA-4276-BDF2-47706CC4EC60} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0E0ByCyDzy0DtA0EtBtCtN0D0Tzu0CyCyCtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z2Y1N2Y1H1B1Q&cr=691960370&ir= SearchScopes: HKLM - {7EC40E7C-DA68-857B-84C7-3AD81B7A9077} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3320216&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3A298DD6-1F89-4B53-B768-CE94BDB5B920&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms} BHO: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.x64.dll No File BHO: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.x64.dll No File BHO-x32: easYtosHop - {E569D2C5-82B3-56D7-CC4E-2E3DF6A278BD} - C:\ProgramData\easYtosHop\gOT8meg.dll No File BHO-x32: CoonverrtMe - {E664A4CA-CBB5-9B01-D333-2B7AFB5CB4C2} - C:\ProgramData\CoonverrtMe\aKj_.dll No File Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_ff_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_99f740896c4e4f5db538310a9845c664_39_1006_20130731_DE_ff_sp_ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\mqk0njry.default\extensions\shortcutff@gmail.com Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: ask.com CHR DefaultSearchProvider: Ask.com CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=&systemid=&v=-&apn_uid=&apn_dtid=BND&o=APN10645&apn_ptnrs=AG6&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-18] CHR Extension: (Google Drive) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10] CHR Extension: (YouTube) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10] CHR Extension: (Google-Suche) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10] CHR Extension: (Raven Internet Marketing Tools) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfnifaophpooekkminfbekpgmanjlcf [2014-06-09] CHR Extension: (Google Wallet) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13] CHR Extension: (No Name) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-13] CHR Extension: (Google Mail) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-18] CHR Extension: (Anti-Banner) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-25] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S4 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-11-25] (Acer Incorporated) S4 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) S4 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) S4 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation) S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation) S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed] S4 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) S4 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-29] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-03] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-02] (NetFilterSDK.com) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-06-23] () S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X] S2 SPDRIVER_1.0.0.21; \??\C:\Program Files (x86)\ShopperPro\JSDRIVER\1.0.0.21\JSDRV.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST 2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable 2014-07-03 14:53 - 2014-07-03 14:54 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip 2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe 2014-07-03 11:21 - 2014-07-03 11:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-03 10:57 - 2014-07-03 11:02 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe 2014-07-03 08:30 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-03 08:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-03 08:29 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-03 08:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-03 08:27 - 2014-07-03 08:28 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-07-02 11:34 - 2013-12-04 00:14 - 00601376 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.dll 2014-07-02 11:34 - 2013-12-04 00:14 - 00237344 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll 2014-07-02 11:34 - 2013-12-04 00:13 - 00217376 _____ (Hewlett-Packard) C:\Windows\system32\hpmml160.dll 2014-07-02 11:34 - 2013-12-04 00:13 - 00189728 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll 2014-07-02 11:34 - 2013-12-04 00:13 - 00162080 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp160.dll 2014-07-02 11:34 - 2013-12-04 00:13 - 00074016 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll 2014-07-02 11:34 - 2013-12-04 00:12 - 00199968 _____ (Hewlett-Packard) C:\Windows\system32\hpmja160.dll 2014-07-02 11:34 - 2013-12-04 00:11 - 00447264 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn160.dll 2014-07-02 11:34 - 2013-12-04 00:11 - 00140064 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll 2014-07-02 11:34 - 2013-12-04 00:07 - 00446240 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3160.dll 2014-07-02 11:34 - 2011-02-11 14:23 - 00193592 _____ (Hewlett-Packard) C:\Windows\system32\hppdcompio.dll 2014-07-02 11:34 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\SysWOW64\hppccompio.dll 2014-07-02 11:34 - 2009-02-25 16:32 - 00060440 _____ (Hewlett-Packard) C:\Windows\system32\FxCompChannel_x64.dll 2014-07-02 11:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-02 11:07 - 2014-07-04 09:25 - 01041569 _____ () C:\Users\Computer\AppData\Local\nfmffef.gss 2014-07-02 11:07 - 2014-07-03 14:59 - 00555008 _____ () C:\Users\Computer\AppData\Local\nfmffef.gdb 2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe 2014-07-02 11:06 - 2014-07-02 11:12 - 00000000 ____D () C:\AdwCleaner 2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe 2014-07-02 11:01 - 2014-07-03 09:16 - 00000795 _____ () C:\Windows\setupact.log 2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E 2014-06-28 13:55 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe 2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe 2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip 2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe 2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191 2014-06-25 16:17 - 2014-07-03 09:29 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk 2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp 2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp 2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg 2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile 2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪敤慦汵屴潣歯敩煳楬整 2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe 2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp 2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe 2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder 2014-06-09 11:54 - 2014-06-23 23:57 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate 2014-06-06 12:56 - 2014-06-06 13:00 - 00000000 ____D () C:\Users\Computer\AppData\Local\Adobe 2014-06-06 12:44 - 2014-06-06 12:44 - 00007552 ____N () C:\bootsqm.dat 2014-06-06 12:43 - 2014-06-06 12:43 - 00000000 __SHD () C:\found.000 ==================== One Month Modified Files and Folders ======= 2014-07-04 09:25 - 2014-07-02 11:07 - 01041569 _____ () C:\Users\Computer\AppData\Local\nfmffef.gss 2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\FRST 2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 _____ () C:\Users\Computer\defogger_reenable 2014-07-04 09:24 - 2013-01-25 18:57 - 00000000 ____D () C:\Users\Computer 2014-07-04 09:23 - 2013-02-21 23:16 - 00000000 ____D () C:\Steam 2014-07-04 09:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-07-03 15:11 - 2013-01-25 19:07 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-424039607-3106668974-96046439-1001 2014-07-03 15:05 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-03 15:00 - 2012-08-02 17:04 - 01568942 _____ () C:\Windows\PFRO.log 2014-07-03 14:59 - 2014-07-02 11:07 - 00555008 _____ () C:\Users\Computer\AppData\Local\nfmffef.gdb 2014-07-03 14:57 - 2012-10-03 13:45 - 01374240 _____ () C:\Windows\WindowsUpdate.log 2014-07-03 14:54 - 2014-07-03 14:53 - 04161050 _____ () C:\Users\Computer\Downloads\tdsskiller.zip 2014-07-03 14:47 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-07-03 14:32 - 2013-07-29 19:27 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-03 14:22 - 2014-07-03 14:22 - 00380416 _____ () C:\Users\Computer\Downloads\rhstcvpu.exe 2014-07-03 14:21 - 2013-07-31 23:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-07-03 14:21 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-07-03 14:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-07-03 14:18 - 2012-10-03 14:20 - 00000000 ____D () C:\ProgramData\Norton 2014-07-03 14:18 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-07-03 14:09 - 2014-02-12 23:26 - 00000000 ____D () C:\temp 2014-07-03 12:36 - 2014-04-16 18:45 - 00000000 ____D () C:\ProgramData\CoonverrtMe 2014-07-03 11:28 - 2014-07-03 11:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-07-03 11:02 - 2014-07-03 10:57 - 281672840 ____N (Symantec Corporation) C:\Users\Computer\Downloads\NIS-ESD-21.3.0-GE.exe 2014-07-03 10:51 - 2014-01-11 16:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2014-07-03 09:32 - 2014-01-11 17:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-03 09:31 - 2013-02-02 15:14 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-03 09:29 - 2014-06-25 16:17 - 00001080 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.lnk 2014-07-03 09:29 - 2013-02-02 20:29 - 00000000 ____D () C:\Users\Computer\AppData\Local\clear.fi 2014-07-03 09:17 - 2012-10-02 08:54 - 00752930 _____ () C:\Windows\system32\perfh007.dat 2014-07-03 09:17 - 2012-10-02 08:54 - 00156156 _____ () C:\Windows\system32\perfc007.dat 2014-07-03 09:17 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-03 09:16 - 2014-07-02 11:01 - 00000795 _____ () C:\Windows\setupact.log 2014-07-03 08:30 - 2014-07-03 08:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-03 08:29 - 2014-07-03 08:29 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-03 08:29 - 2014-07-03 08:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-03 08:28 - 2014-07-03 08:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Computer\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-03 08:08 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-07-02 11:34 - 2014-07-02 11:34 - 00000000 _____ () C:\Windows\HPMProp.INI 2014-07-02 11:12 - 2014-07-02 11:06 - 00000000 ____D () C:\AdwCleaner 2014-07-02 11:11 - 2014-06-01 18:41 - 00001079 _____ () C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-02 11:11 - 2013-07-29 19:27 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 11:11 - 2013-07-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 11:11 - 2013-02-03 12:44 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-02 11:11 - 2013-02-03 12:44 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-02 11:10 - 2013-07-31 23:19 - 00000000 ____D () C:\Program Files (x86)\Amazon 2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe 2014-07-02 11:06 - 2014-07-02 11:06 - 01346519 _____ () C:\Users\Computer\Downloads\adwcleaner_3.214.exe 2014-07-02 11:02 - 2012-08-02 17:19 - 00000000 ____D () C:\ProgramData\Temp 2014-07-02 11:01 - 2014-07-02 11:01 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-30 18:47 - 2014-01-11 15:01 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2014-06-29 23:30 - 2014-06-29 23:30 - 00000000 ____D () C:\Program Files (x86)\A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E 2014-06-29 21:37 - 2013-01-25 19:16 - 00000000 ____D () C:\Users\Computer\AppData\Local\CrashDumps 2014-06-28 18:04 - 2014-02-13 00:49 - 00016896 ___SH () C:\Users\Computer\Documents\Thumbs.db 2014-06-28 13:49 - 2014-06-28 13:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose (1).exe 2014-06-27 18:37 - 2014-06-27 18:37 - 00000863 _____ () C:\Users\Computer\Desktop\Kaspersky Internet Security Version 14.0.1.4651 installieren.zip 2014-06-27 17:49 - 2014-06-28 13:55 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Desktop\diagnose.exe 2014-06-27 17:49 - 2014-06-27 17:49 - 01286520 _____ (Netviewer AG) C:\Users\Computer\Downloads\diagnose.exe 2014-06-26 21:30 - 2014-06-26 21:30 - 00000000 ____D () C:\Program Files (x86)\C1788BAC-0FCE-48F4-AF6A-AB180B237191 2014-06-26 18:18 - 2013-05-18 14:37 - 00000000 ____D () C:\Users\Computer\Documents\kai zeug 2014-06-24 22:57 - 2014-06-24 22:57 - 00287864 _____ () C:\Windows\Minidump\062414-18843-01.dmp 2014-06-24 22:57 - 2014-04-03 21:44 - 1688198262 _____ () C:\Windows\MEMORY.DMP 2014-06-24 22:57 - 2014-02-21 23:01 - 00000000 ____D () C:\Windows\Minidump 2014-06-24 22:49 - 2013-02-03 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-24 21:56 - 2012-10-03 14:13 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2014-06-23 23:57 - 2014-06-09 11:54 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-06-22 21:54 - 2013-10-16 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-22 21:47 - 2014-06-22 21:47 - 00287864 _____ () C:\Windows\Minidump\062214-19421-01.dmp 2014-06-22 21:46 - 2014-06-22 21:46 - 00000017 _____ () C:\Users\Computer\AppData\Local\resmon.resmoncfg 2014-06-20 22:20 - 2014-06-20 22:20 - 00007312 _____ () C:\Windows\system32\SettingsFile 2014-06-18 18:20 - 2014-05-29 23:00 - 00000000 ____D () C:\rei 2014-06-18 18:20 - 2014-05-29 22:46 - 00000163 _____ () C:\Windows\Reimage.ini 2014-06-15 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-06-15 18:24 - 2012-08-02 17:13 - 00002486 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk 2014-06-15 18:24 - 2012-08-02 17:13 - 00002470 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk 2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-15 18:24 - 2012-08-02 17:13 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2014-06-09 22:11 - 2014-06-09 22:11 - 00000000 _____ () C:\Windows\SysWOW64\㩃啜敳獲䍜浯異整屲灁䑰瑡屡潒浡湩屧潍楺汬屡楆敲潦屸牐景汩獥浜歱渰牪敤慦汵屴潣歯敩煳楬整 2014-06-09 19:03 - 2014-04-04 22:38 - 00000000 ____D () C:\ProgramData\a4b33b63d1694301 2014-06-09 14:14 - 2014-06-09 14:14 - 03448360 _____ (Smart PC Solutions ) C:\Users\Computer\Downloads\PCSpeedMaximizer.exe 2014-06-09 14:00 - 2014-06-09 14:00 - 00287864 _____ () C:\Windows\Minidump\060914-14000-01.dmp 2014-06-09 12:08 - 2014-06-09 12:08 - 00256992 _____ () C:\Users\Computer\Downloads\DriverFinder_Setup.exe 2014-06-09 12:04 - 2014-06-09 12:04 - 00000000 ____D () C:\Users\Computer\AppData\Roaming\DriverFinder 2014-06-09 11:54 - 2014-06-09 11:54 - 00002469 _____ () C:\Users\Public\Desktop\DriverUpdate.lnk 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Users\Computer\AppData\Local\SlimWare Utilities Inc 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate 2014-06-09 11:54 - 2014-06-09 11:54 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate 2014-06-06 21:51 - 2013-12-11 18:43 - 00000000 ____D () C:\Users\Computer\AppData\Local\Runic Games 2014-06-06 13:00 - 2014-06-06 12:56 - 00000000 ____D () C:\Users\Computer\AppData\Local\Adobe 2014-06-06 12:44 - 2014-06-06 12:44 - 00007552 ____N () C:\bootsqm.dat 2014-06-06 12:43 - 2014-06-06 12:43 - 00000000 __SHD () C:\found.000 Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.5488.dll Some content of TEMP: ==================== C:\Users\Computer\AppData\Local\Temp\dufgmr4c.exe C:\Users\Computer\AppData\Local\Temp\fpiisrxg.dll C:\Users\Computer\AppData\Local\Temp\gkc.exe C:\Users\Computer\AppData\Local\Temp\Quarantine.exe C:\Users\Computer\AppData\Local\Temp\ReimagePackage.exe C:\Users\Computer\AppData\Local\Temp\ShoppinHelper2new2.exe C:\Users\Computer\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-05-14 16:16 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014 Ran by Computer at 2014-07-04 09:25:19 Running from E:\Virenentfernung Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.01.2002 - Acer Incorporated) AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - ) ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden DriverUpdate (HKLM-x32\...\{6FF69967-0BFE-4F14-B6DF-E73783E52340}) (Version: 2.2.36428 - SlimWare Utilities, Inc.) ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation) Genesis (HKCU\...\nfmffef) (Version: - ) <==== ATTENTION GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel) Intel(R) Network Connections 17.2.153.0 (Version: 17.2.153.0 - Intel) Hidden Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.0 - Reimage) Save Sense (remove only) (HKCU\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shopping Helper Smartbar Engine (HKCU\...\{53a703b6-0f29-4121-b729-e34ec6da8302}) (Version: 11.49.63.16848 - ReSoft Ltd.) <==== ATTENTION Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.13 - WildTangent) ==================== Restore Points ========================= 03-07-2014 07:30:55 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05C4F9FB-8AB9-45DE-AA96-9F4D98259F35} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe Task: {1386C002-A2FD-4589-A17C-613A3FEB0B35} - \EPUpdater No Task File <==== ATTENTION Task: {140B564E-0990-477D-A9E3-7AB847988AE1} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated) Task: {16256578-4D28-468C-B777-E3841CE81F59} - \Dealply No Task File <==== ATTENTION Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {21B09A65-E8AF-4CDC-927F-B9C5161C08A9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2920E379-24D9-4721-870B-2E7B9AE5DCDF} - \spmonitor No Task File <==== ATTENTION Task: {4145606B-AE45-4C5D-ACBB-6C55CBBC3D07} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {4589006D-977D-481C-95DC-A30A291651B2} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {49D57BD2-7C2F-4531-862C-CB10274C4A5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.) Task: {59E8B577-BF8F-416B-97D1-F8732C660C4B} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {61F454E3-38FB-4B6E-9CD9-43F34410EB79} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION Task: {63700C6F-EA33-4393-8289-B482449CE6A5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {8EAB1039-F05C-4EBA-B900-B5AAC8FFDBDA} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: {8FDBC6BE-67C7-4079-8BF3-7E72E4447982} - \LyricsContainer Update No Task File <==== ATTENTION Task: {9222A835-D170-48F7-9619-930AEC32862C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\SymErr.exe Task: {9CE5E34F-A933-4C4E-8334-675AB420123F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.) Task: {A067634F-DCF2-4E04-AAAB-50C22B95E3AD} - \RegClean Pro No Task File <==== ATTENTION Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A76E1D53-5500-4305-A06A-5E07F02FF866} - \BrowserDefendert No Task File <==== ATTENTION Task: {B2FBC000-49D3-4BA6-BE04-E39A6DF7686C} - \DealPlyUpdate No Task File <==== ATTENTION Task: {BAD90900-AB86-4AA7-9998-A25A3F8ED690} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION Task: {BEAB9A12-BAC2-43AC-BD35-72C6B6C8F7BA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] () Task: {BF00D894-3E73-44FC-B72B-2B6491A09D6B} - \SpeedUpMyPC No Task File <==== ATTENTION Task: {C4816D17-F227-4519-B558-FCC0AA2953B1} - \LaunchApp No Task File <==== ATTENTION Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C778FE02-EFAB-4886-8A2F-53DA56D9458E} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {E4813DB8-8F9A-4576-972A-6DEC66CFA0B5} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F6F330BB-9868-482D-9B97-80E97FB1A938} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf500a5f10f8ca.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2013-06-01 16:17 - 2013-06-01 16:18 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-10-03 14:03 - 2012-10-03 14:03 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe 2014-07-02 11:07 - 2014-07-02 11:07 - 03080192 _____ () C:\Users\Computer\AppData\Local\nfmffef.exe 2014-05-25 12:33 - 2014-04-30 02:08 - 01135104 _____ () C:\Steam\libavcodec-55.dll 2014-05-25 12:33 - 2014-04-30 02:08 - 00404992 _____ () C:\Steam\libavformat-55.dll 2014-01-08 13:05 - 2014-04-30 02:08 - 00340992 _____ () C:\Steam\libavresample-1.dll 2014-04-26 18:35 - 2014-04-30 02:08 - 00471552 _____ () C:\Steam\libavutil-53.dll 2013-03-25 15:23 - 2014-05-17 03:36 - 00756224 _____ () C:\Steam\SDL2.dll 2014-05-25 12:34 - 2014-05-29 19:37 - 02139840 _____ () C:\Steam\video.dll 2014-05-25 12:33 - 2014-04-29 02:37 - 00519168 _____ () C:\Steam\libswscale-2.dll 2013-02-15 14:08 - 2014-05-29 19:36 - 01116864 _____ () C:\Steam\bin\chromehtml.DLL 2013-01-22 05:22 - 2014-05-02 01:35 - 20628160 _____ () C:\Steam\bin\libcef.dll 2012-12-11 10:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Steam\bin\avcodec-53.dll 2012-12-11 10:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Steam\bin\avutil-51.dll 2012-12-11 10:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Steam\bin\avformat-53.dll 2014-02-13 16:12 - 2014-02-13 16:12 - 00279296 _____ () C:\Program Files (x86)\Acer\Acer Portal\libcurl.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData:gs5sys AlternateDataStreams: C:\Users\All Users:gs5sys AlternateDataStreams: C:\Users\Computer:gs5sys AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys AlternateDataStreams: C:\ProgramData\Application Data:gs5sys AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:AD022376 AlternateDataStreams: C:\Users\Computer\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Computer\Cookies:gs5sys AlternateDataStreams: C:\Users\Computer\Lokale Einstellungen:gs5sys AlternateDataStreams: C:\Users\Computer\Vorlagen:gs5sys AlternateDataStreams: C:\Users\Computer\Desktop\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Computer\AppData\Local:gs5sys AlternateDataStreams: C:\Users\Computer\AppData\Roaming:gs5sys AlternateDataStreams: C:\Users\Computer\AppData\Local\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\Computer\AppData\Local\Verlauf:gs5sys AlternateDataStreams: C:\Users\Computer\Documents\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: CCDMonitorService => 2 MSCONFIG\Services: cjpcsc => 2 MSCONFIG\Services: DAUpdaterSvc => 3 MSCONFIG\Services: EgisTec Ticket Service => 3 MSCONFIG\Services: ePowerSvc => 3 MSCONFIG\Services: ExpressCache => 2 MSCONFIG\Services: GamesAppIntegrationService => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) PROSet Monitoring Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: StarMoney 8.0 OnlineUpdate => 2 MSCONFIG\Services: StarMoney 9.0 OnlineUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/04/2014 09:25:18 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:25:18Z. Fehlercode: 0x80071A91. Error: (07/04/2014 09:24:48 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:24:48Z. Fehlercode: 0x80071A91. Error: (07/04/2014 09:24:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:24:15Z. Fehlercode: 0x80071A91. Error: (07/04/2014 09:23:45 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:23:45Z. Fehlercode: 0x80071A91. Error: (07/04/2014 09:23:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2114-06-10T07:23:15Z. Fehlercode: 0x80071A91. Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >. Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">. Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <10, 0x80071a91, Fehler beim Speichern der Änderungen am Crawl Scope-Manager: >. Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <20, 0x80071a91, "">. Error: (07/04/2014 09:22:48 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung Fehler in der Wiederherstellungsphase. beendet. Kontext: Windows Anwendung, SystemIndex Katalog Details: Gatherer wird heruntergefahren. (HRESULT : 0x80040d23) (0x80040d23) System errors: ============= Error: (07/04/2014 09:23:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert. Error: (07/04/2014 09:23:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%6801 Error: (07/04/2014 09:22:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert. Error: (07/04/2014 09:22:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%6801 Error: (07/04/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert. Error: (07/04/2014 09:22:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%6801 Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert. Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%6801 Error: (07/03/2014 03:08:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1062 Error: (07/03/2014 03:07:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Microsoft Office Sessions: ========================= Error: (07/04/2014 09:25:18 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x80071A912114-06-10T07:25:18Z Error: (07/04/2014 09:24:48 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x80071A912114-06-10T07:24:48Z Error: (07/04/2014 09:24:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x80071A912114-06-10T07:24:15Z Error: (07/04/2014 09:23:45 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x80071A912114-06-10T07:23:45Z Error: (07/04/2014 09:23:15 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x80071A912114-06-10T07:23:15Z Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager: Error: (07/04/2014 09:23:03 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: 200x80071a91 Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 100x80071a91Fehler beim Speichern der Änderungen am Crawl Scope-Manager: Error: (07/04/2014 09:22:56 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: 200x80071a91 Error: (07/04/2014 09:22:48 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Gatherer wird heruntergefahren. (HRESULT : 0x80040d23) (0x80040d23) Fehler in der Wiederherstellungsphase. ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 8134.05 MB Available physical RAM: 7072.57 MB Total Pagefile: 16326.05 MB Available Pagefile: 15141.35 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:453.1 GB) (Free:251.62 GB) NTFS Drive d: (DATA) (Fixed) (Total:453.61 GB) (Free:453.46 GB) NTFS Drive e: (XBOOT) (Removable) (Total:14.62 GB) (Free:14.32 GB) FAT32 Drive j: (kis 2014) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: E13DBE7D) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA) Partition 1: (Not Active) - (Size=15 GB) - (Type=73) ======================================================== Disk: 7 (Size: 15 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-04 09:28:53 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 ST1000DM003-9YN162 rev.CC4B 931,51GB Running: rhstcvpu.exe; Driver: C:\Users\Computer\AppData\Local\Temp\pwdcapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\spoolsv.exe[1328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd9455177a 4 bytes [55, 94, FD, 07] .text C:\Windows\System32\spoolsv.exe[1328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd94551782 4 bytes [55, 94, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fd8fac1b32 4 bytes [AC, 8F, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fd8fac1b3a 4 bytes [AC, 8F, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd86d71532 4 bytes [D7, 86, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd86d7153a 4 bytes [D7, 86, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd86d7165a 4 bytes [D7, 86, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd9455177a 4 bytes [55, 94, FD, 07] .text C:\Windows\Explorer.EXE[2916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd94551782 4 bytes [55, 94, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd86d71532 4 bytes [D7, 86, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd86d7153a 4 bytes [D7, 86, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2168] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd86d7165a 4 bytes [D7, 86, FD, 07] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [2336:4400] fffff960009005e8 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:4288] 000007fd95b923a8 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:2188] 000007fd8b3977b0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:1796] 000007fd8b3977b0 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:3596] 000007fd947e8c44 Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [1604:1828] 000007fd93b7c648 ---- Processes - GMER 2.1 ---- Process C:\Users\Computer\AppData\Local\nfmffef.exe (*** suspicious ***) @ C:\Users\Computer\AppData\Local\nfmffef.exe [736](2014-07-02 09:07:04) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |