![]() |
|
Plagegeister aller Art und deren Bekämpfung: Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff VerweigertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert Hallo liebes Forum, ich habe Anfang letzter Woche mit merkwürdigen Symptomen auf meinem Lenovo G500s (Windows 8.1) gekämpft. Unten die Symptome und die genaue Reihenfolge deren Ablaufs: 1. Internet sehr langsam (Google hat teilweise gar nicht geladen) 2. Beim Versuch, den Browser (Firefox) neu zu starten bekam ich die Meldung, dass der Browser noch im Hintergrund läuft. 3. Versucht, mit Task Manager den entsprechenden Prozess zu beenden. Dazu bekam ich die Meldung "Zugriff verweigert". Ein Neustart des Laptops hatte auch nicht geholfen. 4. Gleiche Erfahrung mit Chrome und Explorer gemacht. Nach einigen Tagen ein System Restore mit einem Wiederherstellungspunkt durchgeführt und die Probleme scheinen erst mal nicht aufzutauchen. Ich habe dennoch Angst (eigentlich Paranoia :P ), dass ich ein sehr böses Rootkit auf meinem Rechner liegen habe. Scans mit mehreren Viren- und Malware-Scanners (Sophos, TDSSKiller, MalwareBytes usw.) haben NICHTS gefunden! Nach einer Recherche im Internet habe ich eine Prüfung mit gmer, aswMBR und MBR Master durchgeführt. Gmer und aswMBR haben ein "unknown MBR Code" im Disk 0 gefunden. Den MBR log-Datei vom mbrmaster.exe habe ich auf virustotal.com hochgeladen und prüfen lassen. Keine der 51 Scanner haben was gefunden. Ich wende mich trotzdem an Euch, da ich nicht wirklich Ahnung von diesen Themen habe. Außerdem lässt mir der Gedanke nicht los, dass es um ein sehr schlimmes Rootkit/Malware handelt, der von den gängigen Scanners nicht aufgedeckt wird. Unten die gewünschten logfiles. DEFOGGER Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:15 on 19/08/2014 (XXXXXX) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU:DAEMON Tools Lite -> Removed Checking for services/drivers... -=E.O.F=- FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01 Ran by XXXXX (administrator) on ANUJM-PC on 19-08-2014 17:16:41 Running from C:\Users\XXXXX\Desktop Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Prevx) C:\Program Files\Prevx\prevx.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe (Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Prevx) C:\Program Files\Prevx\prevx.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2014-01-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-15] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133248 2013-05-16] ( (Atheros Communications)) HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware) HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\RunOnce: [Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\MountPoints2: {10b1e5a9-9419-11e3-824f-40f02fd150c4} - "F:\setup.exe" AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation) AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited) ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKLM - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKLM-x32 - DefaultScope {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKLM-x32 - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKCU - DefaultScope {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 134.130.4.1 134.130.5.1 FireFox: ======== FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (Google Docs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11] CHR Extension: (Google Drive) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11] CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11] CHR Extension: (Google-Suche) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11] CHR Extension: (Google Wallet) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11] CHR Extension: (Google Mail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [310912 2013-05-16] (Windows (R) Win 7 DDK provider) R2 CSIScanner; C:\Program Files\Prevx\prevx.exe [6746280 2014-08-17] (Prevx) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-07-30] (LENOVO INCORPORATED.) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 MultiKMS; C:\Windows\MultiKMS\MultiKMS.exe [1485824 2014-04-07] () [File not signed] R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed] R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited) R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300328 2014-05-20] (Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-05-16] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-16] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-17] (Disc Soft Ltd) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 pxkbf; C:\Windows\System32\drivers\pxkbf.sys [24024 2014-08-17] (Prevx) R1 pxrts; C:\Windows\System32\drivers\pxrts.sys [65736 2014-08-17] (Prevx) R0 pxscan; C:\Windows\System32\drivers\pxscan.sys [36384 2014-08-17] (Prevx) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited) S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited) S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited) R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2014-05-20] (Sophos Limited) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-05-09] (Basil Projects) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) U3 agdcrpow; \??\C:\Users\ANUJMA~1\AppData\Local\Temp\agdcrpow.sys [X] U3 aswMBR; \??\C:\Users\ANUJMA~1\AppData\Local\Temp\aswMBR.sys [X] U3 aswVmm; \??\C:\Users\ANUJMA~1\AppData\Local\Temp\aswVmm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 17:16 - 2014-08-19 17:16 - 00021093 _____ () C:\Users\XXXXX\Desktop\FRST.txt 2014-08-19 17:16 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST 2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log 2014-08-19 17:15 - 2014-08-19 17:15 - 00000168 _____ () C:\Users\XXXXX\defogger_reenable 2014-08-19 17:14 - 2014-08-19 17:14 - 02101760 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe 2014-08-19 17:14 - 2014-08-19 17:14 - 00380416 _____ () C:\Users\XXXXX\Downloads\3c8f90ey.exe 2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe 2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip 2014-08-19 16:09 - 2014-08-19 16:13 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt 2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr 2014-08-19 16:08 - 2014-08-19 16:06 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe 2014-08-19 14:28 - 2014-08-19 14:28 - 00001846 _____ () C:\Users\XXXXX\Desktop\aswMBR-190814.txt 2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat 2014-08-19 14:12 - 2014-08-19 14:12 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Desktop\DTLite4481-0347.exe 2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp 2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-18 19:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-08-18 19:39 - 2014-08-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-08-18 19:37 - 2014-08-18 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe 2014-08-18 19:24 - 2014-08-18 19:24 - 00008176 _____ () C:\Users\XXXXX\Desktop\gmerlog180814-2.log 2014-08-18 16:18 - 2014-08-18 16:18 - 00010883 _____ () C:\Users\XXXXX\Desktop\gmerlog180814.log 2014-08-18 16:02 - 2014-08-18 16:02 - 00380416 _____ () C:\Users\XXXXX\Downloads\9lds7dsb.exe 2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe 2014-08-18 14:30 - 2014-08-18 14:30 - 00271982 _____ () C:\Users\XXXXX\Desktop\prevx3.0 lg.log 2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe 2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe 2014-08-17 21:53 - 2014-08-19 02:00 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51.job 2014-08-17 21:53 - 2014-08-17 22:55 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a.job 2014-08-17 21:53 - 2014-08-17 21:53 - 00003618 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51 2014-08-17 21:53 - 2014-08-17 21:53 - 00003536 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a 2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com 2014-08-17 21:52 - 2014-08-17 21:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe 2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-08-17 21:46 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2014-08-17 21:46 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2014-08-17 21:46 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-08-17 21:46 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-08-17 21:46 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-08-17 21:46 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-08-17 21:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-08-17 21:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-08-17 21:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-08-17 21:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-08-17 21:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-08-17 21:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-08-17 21:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-08-17 21:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-08-17 21:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-08-17 21:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-08-17 21:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-08-17 21:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-08-17 21:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-08-17 21:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-08-17 21:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-08-17 21:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-08-17 21:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-08-17 21:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-08-17 21:45 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-08-17 21:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-17 21:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-08-17 21:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-08-17 21:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-08-17 21:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-08-17 21:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-08-17 21:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-08-17 21:45 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-08-17 21:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-08-17 21:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-08-17 21:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-08-17 21:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-08-17 21:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-08-17 21:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-08-17 21:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-08-17 21:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-08-17 21:44 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-08-17 21:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-08-17 21:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-08-17 21:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-08-17 21:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-08-17 21:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-08-17 21:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-08-17 21:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-08-17 21:35 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-08-17 21:35 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-08-17 21:35 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-08-17 21:35 - 2014-05-31 12:07 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-08-17 21:35 - 2014-05-31 12:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-08-17 21:35 - 2014-05-31 12:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-08-17 21:35 - 2014-05-31 12:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-08-17 21:35 - 2014-05-31 12:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-08-17 21:35 - 2014-05-31 08:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-08-17 21:35 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-08-17 21:35 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-08-17 21:35 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-08-17 21:35 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-08-17 21:35 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-08-17 21:35 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-08-17 21:35 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-08-17 21:35 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-08-17 21:35 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-08-17 21:35 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-08-17 21:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe 2014-08-17 21:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-08-17 21:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-08-17 21:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-08-17 21:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-08-17 21:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-08-17 21:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2014-08-17 21:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2014-08-17 21:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2014-08-17 21:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll 2014-08-17 21:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll 2014-08-17 21:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll 2014-08-17 21:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll 2014-08-17 21:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll 2014-08-17 21:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll 2014-08-17 21:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat 2014-08-17 21:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-08-17 21:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2014-08-17 21:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-08-17 21:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2014-08-17 21:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2014-08-17 21:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2014-08-17 21:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2014-08-17 21:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2014-08-17 21:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2014-08-17 21:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2014-08-17 21:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2014-08-17 21:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2014-08-17 21:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2014-08-17 21:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2014-08-17 21:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2014-08-17 21:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2014-08-17 21:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2014-08-17 21:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2014-08-17 21:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2014-08-17 21:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-08-17 21:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-08-17 21:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2014-08-17 21:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2014-08-17 21:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2014-08-17 21:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll 2014-08-17 21:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2014-08-17 21:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2014-08-17 21:34 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-08-17 21:34 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-17 21:34 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-08-17 21:34 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-08-17 21:34 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2014-08-17 21:34 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-08-17 21:34 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-08-17 21:34 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-08-17 21:34 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-08-17 21:34 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-08-17 21:34 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-08-17 21:31 - 2014-08-19 02:07 - 00000000 ____D () C:\ProgramData\PrevxCSI 2014-08-17 21:31 - 2014-08-17 21:31 - 00065736 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys 2014-08-17 21:31 - 2014-08-17 21:31 - 00062976 _____ (Prevx) C:\WINDOWS\SysWOW64\PxSecure.dll 2014-08-17 21:31 - 2014-08-17 21:31 - 00036384 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxscan.sys 2014-08-17 21:31 - 2014-08-17 21:31 - 00024024 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxkbf.sys 2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0 2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\Program Files\Prevx 2014-08-17 21:30 - 2014-08-17 21:31 - 00945272 _____ (Prevx) C:\Users\XXXXX\Downloads\prevxcsifree.exe 2014-08-17 21:26 - 2014-08-17 21:28 - 113826552 _____ (Microsoft Corporation) C:\Users\XXXXX\Downloads\msert.exe 2014-08-14 18:56 - 2014-08-15 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-08-14 18:56 - 2014-08-15 17:25 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 18:55 - 2014-08-15 17:24 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-14 18:45 - 2014-08-15 17:36 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar 2014-08-14 18:44 - 2014-08-14 18:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Downloads\mbar-1.07.0.1012.exe 2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader 2014-08-14 18:11 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-14 18:11 - 2014-08-14 18:11 - 00000000 ____D () C:\Program Files\HitmanPro 2014-08-14 18:09 - 2014-08-14 18:10 - 11188736 _____ (SurfRight B.V.) C:\Users\XXXXX\Downloads\HitmanPro_x64.exe 2014-08-14 17:38 - 2014-08-14 17:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore7.exe.exe 2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss 2014-08-14 15:31 - 2014-08-14 15:31 - 00003277 _____ () C:\Users\XXXXX\Desktop\Sophos Virus Removal Tool.lnk 2014-08-14 15:31 - 2014-08-14 15:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-08-14 15:28 - 2014-08-14 15:29 - 95874160 _____ (Sophos Limited) C:\Users\XXXXX\Downloads\Sophos Virus Removal Tool.exe 2014-08-13 18:57 - 2014-08-13 18:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore2.exe.exe 2014-08-13 18:56 - 2014-08-13 18:56 - 11424456 _____ (Bitdefender LLC) C:\Users\XXXXX\Downloads\iexplore455.exe.exe 2014-08-13 18:56 - 2014-08-13 18:56 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Downloads\ieplore3.exe.exe 2014-08-12 17:55 - 2014-08-19 17:00 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-12 17:55 - 2014-08-19 01:47 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-12 17:55 - 2014-08-19 01:45 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment 2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0 2014-08-11 13:58 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google 2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList 2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList 2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner 2014-08-11 00:19 - 2014-08-11 00:23 - 00000000 ____D () C:\Program Files (x86)\The Cleaner 2014-08-10 23:08 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-10 23:08 - 2014-08-12 17:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-09 16:21 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant 2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo 2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6 2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser 2014-08-07 11:07 - 2014-08-07 11:07 - 06194967 _____ () C:\Users\XXXXX\Downloads\diffpdf-2.0.0-win32-static.zip 2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc 2014-07-29 11:34 - 2014-07-31 13:12 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen 2014-07-27 13:26 - 2014-07-27 18:29 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos 2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone 2014-07-27 13:24 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\LightZone 2014-07-21 12:46 - 2014-07-21 12:47 - 00000000 ____D () C:\Users\XXXXX\Desktop\WSÜ Mitschriften ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-19 17:16 - 2014-08-19 17:16 - 00021093 _____ () C:\Users\XXXXX\Desktop\FRST.txt 2014-08-19 17:16 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST 2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log 2014-08-19 17:15 - 2014-08-19 17:15 - 00000168 _____ () C:\Users\XXXXX\defogger_reenable 2014-08-19 17:15 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\XXXXX 2014-08-19 17:14 - 2014-08-19 17:14 - 02101760 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe 2014-08-19 17:14 - 2014-08-19 17:14 - 00380416 _____ () C:\Users\XXXXX\Downloads\3c8f90ey.exe 2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe 2014-08-19 17:10 - 2014-02-12 20:59 - 01369614 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-19 17:00 - 2014-08-12 17:55 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-19 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-08-19 16:13 - 2014-08-19 16:09 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt 2014-08-19 16:12 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-19 16:12 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-08-19 16:12 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip 2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr 2014-08-19 16:06 - 2014-08-19 16:08 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe 2014-08-19 14:28 - 2014-08-19 14:28 - 00001846 _____ () C:\Users\XXXXX\Desktop\aswMBR-190814.txt 2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat 2014-08-19 14:12 - 2014-08-19 14:12 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Desktop\DTLite4481-0347.exe 2014-08-19 02:23 - 2014-02-17 00:30 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-08-19 02:22 - 2014-02-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-19 02:22 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-08-19 02:21 - 2014-02-12 22:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3025749280-237415010-592600764-1002 2014-08-19 02:07 - 2014-08-17 21:31 - 00000000 ____D () C:\ProgramData\PrevxCSI 2014-08-19 02:00 - 2014-08-17 21:53 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51.job 2014-08-19 01:51 - 2014-07-19 19:23 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job 2014-08-19 01:47 - 2014-08-12 17:55 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-08-19 01:46 - 2014-04-11 14:33 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job 2014-08-19 01:45 - 2014-08-12 17:55 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp 2014-08-18 19:50 - 2014-02-20 14:26 - 00000000 ____D () C:\WINDOWS\Minidump 2014-08-18 19:50 - 2014-02-20 14:25 - 578802057 _____ () C:\WINDOWS\MEMORY.DMP 2014-08-18 19:50 - 2013-11-14 00:18 - 00054838 _____ () C:\WINDOWS\PFRO.log 2014-08-18 19:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-18 19:50 - 2013-08-22 16:44 - 05040872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-08-18 19:42 - 2014-08-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-08-18 19:38 - 2014-08-18 19:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe 2014-08-18 19:24 - 2014-08-18 19:24 - 00008176 _____ () C:\Users\XXXXX\Desktop\gmerlog180814-2.log 2014-08-18 19:00 - 2014-01-15 01:25 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-18 18:48 - 2014-01-15 01:25 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-18 18:44 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-18 16:18 - 2014-08-18 16:18 - 00010883 _____ () C:\Users\XXXXX\Desktop\gmerlog180814.log 2014-08-18 16:02 - 2014-08-18 16:02 - 00380416 _____ () C:\Users\XXXXX\Downloads\9lds7dsb.exe 2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe 2014-08-18 15:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-08-18 14:30 - 2014-08-18 14:30 - 00271982 _____ () C:\Users\XXXXX\Desktop\prevx3.0 lg.log 2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-08-18 10:42 - 2014-02-12 16:28 - 17130140 _____ () C:\Users\Public\CAFADEBUG.log 2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe 2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe 2014-08-18 10:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-08-17 22:55 - 2014-08-17 21:53 - 00000546 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a.job 2014-08-17 21:53 - 2014-08-17 21:53 - 00003618 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51 2014-08-17 21:53 - 2014-08-17 21:53 - 00003536 _____ () C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a 2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com 2014-08-17 21:53 - 2014-08-17 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe 2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-08-17 21:31 - 2014-08-17 21:31 - 00065736 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxrts.sys 2014-08-17 21:31 - 2014-08-17 21:31 - 00062976 _____ (Prevx) C:\WINDOWS\SysWOW64\PxSecure.dll 2014-08-17 21:31 - 2014-08-17 21:31 - 00036384 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxscan.sys 2014-08-17 21:31 - 2014-08-17 21:31 - 00024024 _____ (Prevx) C:\WINDOWS\system32\Drivers\pxkbf.sys 2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0 2014-08-17 21:31 - 2014-08-17 21:31 - 00000000 ____D () C:\Program Files\Prevx 2014-08-17 21:31 - 2014-08-17 21:30 - 00945272 _____ (Prevx) C:\Users\XXXXX\Downloads\prevxcsifree.exe 2014-08-17 21:28 - 2014-08-17 21:26 - 113826552 _____ (Microsoft Corporation) C:\Users\XXXXX\Downloads\msert.exe 2014-08-15 17:36 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-08-15 17:36 - 2014-08-14 18:45 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar 2014-08-15 17:25 - 2014-08-14 18:56 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-15 17:24 - 2014-08-14 18:55 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-08-15 17:04 - 2014-04-03 23:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\BA 2014-08-15 16:03 - 2014-03-15 03:21 - 00000000 ____D () C:\ldiag 2014-08-14 21:03 - 2014-05-14 13:39 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-08-14 20:59 - 2014-06-11 23:21 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-08-14 20:57 - 2014-06-28 11:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-08-14 20:57 - 2014-05-14 14:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-08-14 20:57 - 2014-05-14 14:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-08-14 20:57 - 2014-05-14 14:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-08-14 20:57 - 2014-05-14 13:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-08-14 20:57 - 2014-05-14 13:38 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-08-14 20:57 - 2014-05-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-08-14 20:57 - 2014-05-14 13:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-08-14 20:57 - 2014-05-14 13:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-08-14 20:57 - 2014-05-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-08-14 20:57 - 2014-05-14 13:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-08-14 20:57 - 2014-05-14 13:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-08-14 20:57 - 2014-05-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-08-14 20:57 - 2014-05-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-08-14 20:19 - 2014-02-12 16:56 - 00000000 _____ () C:\WINDOWS\system32\vireng.log 2014-08-14 20:15 - 2013-08-22 16:46 - 00345788 _____ () C:\WINDOWS\setupact.log 2014-08-14 18:56 - 2014-08-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-14 18:45 - 2014-08-14 18:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Downloads\mbar-1.07.0.1012.exe 2014-08-14 18:45 - 2014-01-15 01:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2014-08-14 18:45 - 2014-01-15 01:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader 2014-08-14 18:20 - 2014-08-14 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-08-14 18:11 - 2014-08-14 18:11 - 00000000 ____D () C:\Program Files\HitmanPro 2014-08-14 18:10 - 2014-08-14 18:09 - 11188736 _____ (SurfRight B.V.) C:\Users\XXXXX\Downloads\HitmanPro_x64.exe 2014-08-14 17:38 - 2014-08-14 17:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore7.exe.exe 2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss 2014-08-14 15:31 - 2014-08-14 15:31 - 00003277 _____ () C:\Users\XXXXX\Desktop\Sophos Virus Removal Tool.lnk 2014-08-14 15:31 - 2014-08-14 15:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-08-14 15:31 - 2014-02-12 16:50 - 00000000 ____D () C:\ProgramData\Sophos 2014-08-14 15:31 - 2014-02-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-08-14 15:29 - 2014-08-14 15:28 - 95874160 _____ (Sophos Limited) C:\Users\XXXXX\Downloads\Sophos Virus Removal Tool.exe 2014-08-14 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-08-14 14:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-08-13 18:57 - 2014-08-13 18:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\iexplore2.exe.exe 2014-08-13 18:56 - 2014-08-13 18:56 - 11424456 _____ (Bitdefender LLC) C:\Users\XXXXX\Downloads\iexplore455.exe.exe 2014-08-13 18:56 - 2014-08-13 18:56 - 05185536 _____ (AVAST Software) C:\Users\XXXXX\Downloads\ieplore3.exe.exe 2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google 2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment 2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0 2014-08-12 17:54 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google 2014-08-12 17:51 - 2014-08-10 23:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-12 17:49 - 2014-08-09 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant 2014-08-12 17:49 - 2014-07-27 13:24 - 00000000 ____D () C:\Program Files (x86)\LightZone 2014-08-12 17:49 - 2014-06-11 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-12 17:49 - 2014-05-09 01:39 - 00000000 ____D () C:\Program Files\KMSpico 2014-08-12 17:49 - 2014-04-06 23:52 - 00000000 ____D () C:\Microsoft Office 2013 Pro 2014-08-12 17:49 - 2014-02-17 00:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-08-12 17:49 - 2014-02-14 23:14 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc 2014-08-12 17:49 - 2014-02-12 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-12 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration 2014-08-12 17:42 - 2014-02-12 22:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages 2014-08-12 17:42 - 2014-02-12 19:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype 2014-08-12 11:46 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\XXXXX\Desktop\From Nitesh 2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList 2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList 2014-08-11 00:23 - 2014-08-11 00:19 - 00000000 ____D () C:\Program Files (x86)\The Cleaner 2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner 2014-08-10 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo 2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6 2014-08-08 14:33 - 2014-05-04 22:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\Praktikum 2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser 2014-08-07 11:07 - 2014-08-07 11:07 - 06194967 _____ () C:\Users\XXXXX\Downloads\diffpdf-2.0.0-win32-static.zip 2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc 2014-08-07 04:12 - 2014-08-17 21:34 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-08-07 00:39 - 2014-08-17 21:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-02 05:56 - 2014-08-17 21:34 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-08-02 02:17 - 2014-05-15 14:04 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-08-02 02:17 - 2014-05-15 14:04 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-31 13:12 - 2014-07-29 11:34 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen 2014-07-27 18:29 - 2014-07-27 13:26 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos 2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone 2014-07-27 12:15 - 2014-02-17 00:01 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite 2014-07-25 16:52 - 2014-08-17 21:45 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-25 15:51 - 2014-08-17 21:45 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-25 15:28 - 2014-08-17 21:45 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-07-25 15:25 - 2014-08-17 21:45 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-25 15:25 - 2014-08-17 21:45 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-07-25 14:59 - 2014-08-17 21:45 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-07-25 14:40 - 2014-08-17 21:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-25 14:34 - 2014-08-17 21:45 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-07-25 14:30 - 2014-08-17 21:45 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-07-25 14:28 - 2014-08-17 21:45 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-25 14:28 - 2014-08-17 21:45 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-07-25 14:21 - 2014-08-17 21:45 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-25 14:17 - 2014-08-17 21:45 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-25 14:10 - 2014-08-17 21:45 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-25 14:08 - 2014-08-17 21:45 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-07-25 14:06 - 2014-08-17 21:45 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-25 13:52 - 2014-08-17 21:45 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-25 13:47 - 2014-08-17 21:45 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-25 13:43 - 2014-08-17 21:45 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-25 13:43 - 2014-08-17 21:45 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-25 13:42 - 2014-08-17 21:45 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-25 13:39 - 2014-08-17 21:45 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-25 13:34 - 2014-08-17 21:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-25 13:29 - 2014-08-17 21:45 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-25 13:23 - 2014-08-17 21:45 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-25 13:13 - 2014-08-17 21:45 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-25 13:09 - 2014-08-17 21:45 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-25 13:07 - 2014-08-17 21:45 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-25 13:03 - 2014-08-17 21:45 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-25 12:52 - 2014-08-17 21:45 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-25 12:26 - 2014-08-17 21:45 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-25 12:17 - 2014-08-17 21:45 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-25 12:09 - 2014-08-17 21:45 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-25 12:05 - 2014-08-17 21:45 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-25 12:00 - 2014-08-17 21:45 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-23 16:55 - 2014-04-08 12:57 - 00000000 ____D () C:\Users\XXXXX\Documents\MATLAB 2014-07-21 12:47 - 2014-07-21 12:46 - 00000000 ____D () C:\Users\XXXXX\Desktop\WSÜ Mitschriften Some content of TEMP: ==================== C:\Users\XXXXX\AppData\Local\Temp\pvxinst156.exe C:\Users\XXXXX\AppData\Local\Temp\pvxinst437.exe C:\Users\XXXXX\AppData\Local\Temp\pvxinst687.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-13 17:38 ==================== End Of Log ============================ ADDITION FARBAR Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01 Ran by XXXXX at 2014-08-19 17:17:14 Running from C:\Users\XXXXX\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Efficient Elements for presentations 1.5.0.431 (HKCU\...\ee4p_is1) (Version: 1.5.0.431 - Efficient Elements GmbH) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo) Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - ) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.26.00 - Lenovo Group Limited) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG) Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.) Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden MATLAB R2013a (32-bit) (HKLM-x32\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.) MATLAB R2014a (32-bit) (HKLM-x32\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.) Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.) Prevx (HKLM\...\PCSI) (Version: 3.0.5.220 - Prevx) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.226 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.) Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.2 - Sophos Limited) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 01-08-2014 14:27:54 Geplanter Prüfpunkt 08-08-2014 12:30:41 Installed Eraser 6.0.10.2620 12-08-2014 15:37:19 Wiederherstellungsvorgang 14-08-2014 13:30:46 Installed Sophos Virus Removal Tool. 17-08-2014 22:42:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {10239A31-61B5-4237-8467-FE36EC996E04} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2EDAD50C-E782-40EF-A5FD-49FB0B7D6724} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {3405A720-3FCF-4466-B9D9-9D866952ED7C} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] () Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {391D0077-966F-4BEF-B68D-1E4D857A875F} - System32\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3BD487AE-FC9C-4F26-92D2-0A67C0725EC4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-07-30] () Task: {3CB0FAEC-D259-4BDF-B6D4-383FF78D23D0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation) Task: {43F97815-8A20-48CE-A00A-9CCEF619723C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {469C82F6-72E7-461E-A9C8-754F9689FD1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {55448157-F34C-4E2D-A93C-5EC76CD052D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6C5D2488-6AE3-4C39-A89E-C19DCD1891D5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7D13615A-D8D2-49CF-B094-E717E1E76039} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {8D4957F7-B946-4651-9F2A-D7A1F490AA08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {95825273-3D43-4EC1-B3D9-1E35B26A00FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {9C23D5C6-C469-4033-90ED-A585755D082B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {C3ACD707-68BB-4597-BCB7-42ACCC5FB312} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {C694FABD-EAE9-45AB-AF13-50584A5F63C5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo) Task: {CB7B7990-0448-41F6-840D-3A8AEDDDB87F} - System32\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DD4BDB85-FDD2-483F-910C-1704F0522E15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.) Task: {E24749DE-C6CB-497C-97C2-C5B3336EBD54} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] () Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F3FEA1A3-DB76-4659-9C62-FF67DD25AF0F} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] () Task: {F509777B-AA43-46E7-8619-B6D7389B4162} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {F65FEAD4-514C-4435-A8AE-1A32452F353F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 22c7e78f-dc88-4b2b-a33b-8cbad9e5ff51.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d32a892e-e393-4139-bacd-150f0e88c09a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-26 20:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-02-12 20:59 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2013-05-16 03:46 - 2013-05-16 03:46 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-05-16 03:43 - 2013-05-16 03:43 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-05-16 04:09 - 2013-05-16 04:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-08-18 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-18 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-18 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-18 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-18 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-01-15 01:01 - 2012-11-06 07:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-08-12 17:55 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-08-12 17:55 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-05-26 23:59 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-08-12 17:55 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-08-12 17:55 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-08-12 17:55 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2014-08-12 17:55 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "YouCam Tray" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite" ==================== Faulty Device Manager Devices ============= Name: Bluetooth Audio Device Description: Bluetooth Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Service: BTATH_A2DP Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Virtual Bluetooth Support (Include Audio) Description: Virtual Bluetooth Support (Include Audio) Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: Bei der Aktivierung der App „E046963F.LenovoCompanion_k1h2ywk1493x8!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (08/18/2014 07:50:26 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xffffe00036200040, 0xffffd00166fdb950)C:\WINDOWS\MEMORY.DMP081814-31546-01 Error: (08/18/2014 07:50:22 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 18.08.2014 um 19:30:00 unerwartet heruntergefahren. Error: (08/18/2014 04:52:39 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 18.08.2014 um 16:32:49 unerwartet heruntergefahren. Error: (08/18/2014 10:42:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "CSIScanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/18/2014 10:40:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MultiKMS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/18/2014 00:20:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/17/2014 10:55:05 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/17/2014 10:54:52 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/17/2014 10:54:41 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/17/2014 10:54:36 PM) (Source: DCOM) (EventID: 10005) (User: AnujM-PC) Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 05:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 04:00:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 03:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/19/2014 02:11:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 Error: (08/18/2014 07:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AnujM-PC) Description: E046963F.LenovoCompanion_k1h2ywk1493x8!App-2147009284 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 55% Total physical RAM: 3993.77 MB Available physical RAM: 1772.49 MB Total Pagefile: 12697.77 MB Available Pagefile: 10626.23 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:891.73 GB) (Free:798.91 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: A7EB26D3) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-19 17:24:16 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: 7kdbwp1l.exe; Driver: C:\Users\XXXXX~1\AppData\Local\Temp\agdcrpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600018b300 15 bytes [00, F7, F7, 01, 80, D7, 70, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600018b310 11 bytes [00, 99, FC, FF, 00, C1, C3, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffda3d128c0 7 bytes JMP 00007ffea3140260 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffda3d143d8 7 bytes JMP 00007ffea3140298 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffda3dc1f20 7 bytes JMP 00007ffea3140308 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffda3dc40b4 7 bytes JMP 00007ffea3140340 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffda3dc4510 7 bytes JMP 00007ffea31402d0 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffda3decea0 7 bytes JMP 00007ffea31401f0 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffda3decf10 7 bytes JMP 00007ffea3140228 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffda3152300 7 bytes JMP 00007ffea31400d8 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffda3155770 5 bytes JMP 00007ffea3140180 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffda3155860 5 bytes JMP 00007ffea3140148 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffda3155a30 5 bytes JMP 00007ffea3140110 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffda31ca3f0 5 bytes JMP 00007ffea31401b8 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffda56db6f4 10 bytes JMP 00007ffea3140420 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffda56e45d8 5 bytes JMP 00007ffea31403e8 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffda56e4750 9 bytes JMP 00007ffea3140378 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffda56f4fc0 5 bytes JMP 00007ffea31403b0 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffda56f5cb0 5 bytes JMP 00007ffea3140458 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffda3311500 1 byte JMP 00007ffea3140490 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffda3311502 6 bytes {JMP 0xffffffffffe2ef90} .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffda3311750 8 bytes JMP 00007ffea31404c8 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffd9fcc7a88 5 bytes JMP 00007ffe9fb70110 .text C:\WINDOWS\system32\dwm.exe[360] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffd9fcd4990 5 bytes JMP 00007ffe9fb700d8 .text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE[1968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F] .text C:\Program Files\Prevx\prevx.exe[976] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd92ed1f6a 4 bytes [ED, 92, FD, 7F] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4172] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd92ed1f82 4 bytes [ED, 92, FD, 7F] .text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffda58b169a 4 bytes [8B, A5, FD, 7F] .text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffda58b16a2 4 bytes [8B, A5, FD, 7F] .text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffda58b181a 4 bytes [8B, A5, FD, 7F] .text C:\Windows\System32\igfxpers.exe[4588] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffda58b1832 4 bytes [8B, A5, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [708:732] fffff9600097cb90 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5736:6596] 00000000002afc29 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [5736:6500] 00000000002b4950 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- MBRMaster und VirusTotal Code:
ATTFilter Detected Windows version: 6.2 Build 9200 Installing direct disk access driver ... Driver connection handle: 0x00000164 1 valid drive(s) found. Details for Disk 0 - ST1000LM014-SSHD-8GB Rev LVD3: Device name : \\.\PhysicalDrive0 Geometry (C/H/S) : 121601/255/63 Boot loader reputation : Unknown Cross view comparison : Passed Partition table integrity: Passed Boot loader hashes SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F MD5 : 5FB38429D5D77768867C76DCBDB35194 SHA256: 59a3cfd201f5dd6ed71c37469b0dce020dea3d36e838f54c5ce811ecf678bfd6 https://www.virustotal.com/de/file/59a3cfd201f5dd6ed71c37469b0dce020dea3d36e838f54c5ce811ecf678bfd6/analysis/1408457412/ Freundlichen Gruß |
Themen zu Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert |
browser, excel, failed, feedback, fehler, firefox, flash player, google, iexplore, installation, kaspersky, kmspico, langsam, log-datei, mozilla, prozess, realtek, registry, required, rootkit, safer networking, security, software, starten, svchost.exe, system, taskmanager, unknown mbr, virus, win8.1, windows, zugriff verweigert |