Windows 7 64bit- nach dem Booten blaues Feld

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-10-2014
Ran by pc (administrator) on PC-PC on 15-10-2014 11:06:43
Running from C:\Users\pc\Desktop
Loaded Profiles: pc & (Available profiles: UpdatusUser & pc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3217987599-4007896876-4231696997-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-3217987599-4007896876-4231696997-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-3217987599-4007896876-4231696997-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3217987599-4007896876-4231696997-1001\...\MountPoints2: {ebd43cd6-3d59-11e1-b8a7-5404a61a85c8} - F:\autorun.exe
HKU\S-1-5-21-3217987599-4007896876-4231696997-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-3217987599-4007896876-4231696997-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-3217987599-4007896876-4231696997-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ebd43cd6-3d59-11e1-b8a7-5404a61a85c8} - F:\autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tabbyFile.lnk
ShortcutTarget: tabbyFile.lnk -> C:\Program Files\tabbyFile2\tabbyFile2.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} hxxp://www.ma-config.com/plugins/MaConfig_6_0_0_3.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xli0r0vz.default
FF Homepage: hxxp://www.mail.t-online.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xli0r0vz.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Copy Extensions to Clipboard - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xli0r0vz.default\Extensions\jid1-yaYZ8QXoULbGtw@jetpack.xpi [2013-02-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-10-15]
FF Extension: No Name - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xli0r0vz.default\extensions\39ffxtbr@MapsGalaxy_39.com [Not Found]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Protection) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-03]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 aydtapcg; C:\Windows\System32\drivers\ebfuuhf.sys [79064 2014-10-15] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20141014.001\IDSvia64.sys [633560 2014-10-14] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20141014.009\ENG64.SYS [129752 2014-10-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20141014.009\EX64.SYS [2137304 2014-10-14] (Symantec Corporation)
S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) [File not signed]
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 11:06 - 2014-10-15 11:06 - 00041379 _____ () C:\Users\pc\Desktop\Addition.txt
2014-10-15 11:05 - 2014-10-15 11:06 - 00025111 _____ () C:\Users\pc\Desktop\FRST.txt
2014-10-15 11:05 - 2014-10-15 11:06 - 00000000 ____D () C:\FRST
2014-10-15 11:04 - 2014-10-15 11:03 - 02110464 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2014-10-15 11:00 - 2014-10-15 11:00 - 00071848 _____ () C:\Users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-15 10:59 - 2014-10-15 10:59 - 00000466 _____ () C:\Users\pc\Desktop\defogger_disable.log
2014-10-15 10:59 - 2014-10-15 10:59 - 00000238 _____ () C:\Users\pc\Desktop\defogger_enable.log
2014-10-15 10:59 - 2014-10-15 10:59 - 00000000 _____ () C:\Users\pc\defogger_reenable
2014-10-15 10:58 - 2014-10-15 10:54 - 00050477 _____ () C:\Users\pc\Desktop\Defogger.exe
2014-10-15 10:44 - 2014-10-15 10:45 - 00287240 _____ () C:\Windows\Minidump\101514-86923-01.dmp
2014-10-15 10:44 - 2014-10-15 10:44 - 762273792 ____N () C:\Windows\MEMORY.DMP
2014-10-15 10:44 - 2014-10-15 10:44 - 00336944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 10:44 - 2014-10-15 10:44 - 00000056 _____ () C:\Windows\setupact.log
2014-10-15 10:44 - 2014-10-15 10:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-15 10:43 - 2014-10-15 10:43 - 00007206 _____ () C:\Windows\PFRO.log
2014-10-15 10:42 - 2014-10-15 10:42 - 00079064 _____ () C:\Windows\system32\Drivers\ebfuuhf.sys
2014-10-15 10:20 - 2014-10-15 10:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 10:20 - 2014-10-15 10:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-10-15 10:20 - 2014-10-15 10:20 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-15 10:20 - 2014-10-15 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-10-15 10:20 - 2014-10-15 10:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 10:20 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-15 10:20 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-15 10:20 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 10:19 - 2014-10-15 10:19 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\pc\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 09:53 - 2014-10-15 09:54 - 00001426 _____ () C:\ProgramData\SMRResults430.dat
2014-10-06 08:46 - 2014-10-06 08:46 - 00003600 ____N () C:\bootsqm.dat
2014-10-05 22:06 - 2014-10-05 22:06 - 00007404 _____ () C:\Users\pc\Downloads\Hotelvoucher.html
2014-09-27 22:00 - 2014-09-27 22:00 - 03826912 _____ (Piriform Ltd) C:\Users\pc\Downloads\ccsetup417_slim.exe
2014-09-26 21:55 - 2014-09-26 21:55 - 00028172 _____ () C:\Users\pc\Downloads\Einkaufsliste.odt
2014-09-25 13:54 - 2014-09-25 13:54 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-09-25 11:09 - 2014-09-25 11:09 - 00002614 _____ () C:\Users\pc\Downloads\Skript_Logistische_Regression(1).R
2014-09-25 10:24 - 2014-09-25 10:24 - 00002614 _____ () C:\Users\pc\Downloads\Skript_Logistische_Regression.R
2014-09-23 14:59 - 2014-09-23 14:59 - 00000000 ____D () C:\Users\pc\Desktop\Schneider und Blum
2014-09-22 13:41 - 2014-09-22 17:31 - 00000000 ____D () C:\Program Files (x86)\KaloMa
2014-09-22 13:41 - 2014-09-22 13:41 - 00000985 _____ () C:\Users\Public\Desktop\KaloMa.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaloMa
2014-09-22 13:40 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\pc\Desktop\KaloMA
2014-09-22 07:47 - 2014-10-15 10:49 - 00631763 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 11:54 - 2014-09-17 12:01 - 00000000 ____D () C:\Users\pc\Desktop\STAt
2014-09-15 15:13 - 2014-09-15 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 19:11 - 2012-01-07 09:42 - 00000000 ____D () C:\ProgramData\Norton
2014-10-15 19:11 - 2011-10-26 19:59 - 00000000 ____D () C:\ProgramData\P4G
2014-10-15 19:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-10-15 11:05 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 11:05 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 11:00 - 2011-02-19 06:24 - 04705200 _____ () C:\Windows\system32\perfh007.dat
2014-10-15 11:00 - 2011-02-19 06:24 - 01424724 _____ () C:\Windows\system32\perfc007.dat
2014-10-15 11:00 - 2009-07-14 07:13 - 00004568 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 10:59 - 2011-12-03 16:33 - 00000000 ____D () C:\Users\pc
2014-10-15 10:45 - 2011-10-26 20:03 - 00001420 _____ () C:\Windows\system32\ServiceFilter.ini
2014-10-15 10:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 10:44 - 2013-03-22 11:16 - 00000000 ____D () C:\Windows\Minidump
2014-10-15 10:42 - 2014-02-12 18:31 - 00000000 ____D () C:\Users\pc\AppData\Roaming\systweak
2014-10-15 10:42 - 2014-02-12 18:31 - 00000000 ____D () C:\Users\pc\AppData\Roaming\DigitalSites
2014-10-15 10:36 - 2014-03-09 20:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 10:31 - 2014-02-12 18:31 - 00000276 _____ () C:\Windows\Tasks\FoxTab.job
2014-10-15 09:52 - 2014-02-03 13:17 - 00000000 ____D () C:\Users\pc\AppData\Local\NPE
2014-10-15 09:44 - 2014-05-21 14:45 - 00000000 ____D () C:\NPE
2014-10-15 09:38 - 2012-01-14 11:19 - 00000000 ____D () C:\Users\pc\AppData\Local\CrashDumps
2014-10-12 19:56 - 2014-04-29 18:29 - 00004096 _____ () C:\Users\Public\Documents\00001491.LCS
2014-10-05 22:09 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-02 07:59 - 2013-10-16 21:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-02 00:13 - 2011-12-04 20:54 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Skype
2014-10-01 22:23 - 2011-12-05 13:38 - 00000000 ____D () C:\Users\pc\Desktop\DHBW
2014-09-27 23:29 - 2013-06-29 18:36 - 00000000 ____D () C:\Users\pc\AppData\Roaming\TeamViewer
2014-09-27 22:01 - 2011-12-04 20:52 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-27 22:01 - 2011-12-04 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-27 13:00 - 2014-01-16 10:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-27 12:55 - 2012-09-18 13:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 10:50 - 2012-09-18 13:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 13:53 - 2014-05-20 15:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-09-25 13:53 - 2013-05-09 11:52 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-09-25 13:53 - 2013-05-09 11:52 - 00002503 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-09-25 13:53 - 2013-05-09 11:52 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-25 10:17 - 2013-12-04 14:53 - 00000000 ____D () C:\Users\pc\Desktop\FOM
2014-09-17 11:19 - 2011-12-03 16:33 - 00000000 _____ () C:\Windows\system32\acovcnt.exe
2014-09-15 15:13 - 2011-12-04 20:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-15 15:13 - 2011-12-04 20:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-15 15:13 - 2011-12-04 20:54 - 00000000 ____D () C:\ProgramData\Skype

Files to move or delete:
====================
C:\ProgramData\SMRResults430.dat
C:\Users\pc\PDFCreator-1_2_3_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 12:01

==================== End Of Log ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-15 11:22:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: jeq5qsi0.exe; Driver: C:\Users\pc\AppData\Local\Temp\pxldapoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033ee000 24 bytes [00, 40, E3, 0D, 80, FA, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 585 fffff800033ee019 39 bytes {ADD BYTE [RCX], 0x0; ADD [RAX], AL; ADD [RAX], AL; MOV AL, DL; JMP 0xfffffffffffa801b}

---- User code sections - GMER 2.1 ----

.text C:\Windows\AsScrPro.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Windows\AsScrPro.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2876] entry point in ".rdata" section 000000006e5971e6
? C:\Windows\system32\iertutil.dll [3064] entry point in ".rdata" section 0000000075585251
.text C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) 

---- EOF - GMER 2.1 ----
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-15 11:22:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: jeq5qsi0.exe; Driver: C:\Users\pc\AppData\Local\Temp\pxldapoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800033ee000 24 bytes [00, 40, E3, 0D, 80, FA, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 585 fffff800033ee019 39 bytes {ADD BYTE [RCX], 0x0; ADD [RAX], AL; ADD [RAX], AL; MOV AL, DL; JMP 0xfffffffffffa801b}

---- User code sections - GMER 2.1 ----

.text C:\Windows\AsScrPro.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Windows\AsScrPro.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2876] entry point in ".rdata" section 000000006e5971e6
? C:\Windows\system32\iertutil.dll [3064] entry point in ".rdata" section 0000000075585251
.text C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775b1465 2 bytes [5B, 77]
.text C:\Users\pc\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775b14bb 2 bytes [5B, 77]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) 

---- EOF - GMER 2.1 ----