Hallo liebe Helfer,
seit ein paar Tagen öffnet sich eigenständig folgende Seite:
hxxp://s.m2pub.com/ul_cb/player.html?a=12506768&context=c16411113&size=800x600&rt=popunder&ci=10
Ich nutze den Rechner gewerblich im eigenen Ein-Mann-Betrieb, habe aber keinen IT-Service.
Meine Daten:
Win 8
Intel Core i7-3630QM CPU @ 2,4GHz
Ram 8,00 GB
x64
Anti-Spy und Virenschutz mit AVG Antivirus Free Edition 2014.
AVG Antivirus Free Edition 2014 (Scan heute)
1 Problem mit Adresse:
C:\Users\XXX\AppData\Local\Temp\lexware\setups\financial_office_2013\Data\service\buha\formular_fix\WindowsXP-KB884562-x86-deu.exe;
"Die Datei wurde von einer beschädigten digitalen Signatur signiert, die von Microsoft Corporation ausgestellt wurde.";"";"Infiziert";"Nachricht"
Defogger Disable
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:50 on 13/12/2013 (XXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by XXX (administrator) on DELL-NOTEBOOK on 13-12-2013 13:59:11
Running from C:\Users\XXX\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SafeNet Inc.) C:\WINDOWS\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
() C:\Users\XXX\Downloads\Trojaner-Board\Defogger.exe
(Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-10] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\XXX\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f762889f588447d09dd5b17f9bcfdca0-dff96db58d47c47972e3527504b71fa2ffd1bd72 --CMPID 0913b
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
AppInit_DLLs: C:\WINDOWS\System32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * auto_reactivate \\?\GLOBALROOT\Device\HarddiskVolume1\EFI\Acronis\bootwiz.efi
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM - DefaultScope {AEC3584F-21D3-4E05-9D54-0AD2214FB657} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {AEC3584F-21D3-4E05-9D54-0AD2214FB657} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {AEC3584F-21D3-4E05-9D54-0AD2214FB657} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {AEC3584F-21D3-4E05-9D54-0AD2214FB657} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {AEC3584F-21D3-4E05-9D54-0AD2214FB657} URL =
SearchScopes: HKCU - {AEC3584F-21D3-4E05-9D54-0AD2214FB657} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-26] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-26] (Acronis)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows (R) Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [x]
S3 TDKLIB; \??\C:\Users\XXX\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-13 13:59 - 2013-12-13 13:59 - 00011540 _____ C:\Users\XXX\Downloads\FRST.txt
2013-12-13 13:57 - 2013-12-13 13:57 - 00000000 ____D C:\FRST
2013-12-13 13:55 - 2013-12-13 13:56 - 01927462 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2013-12-13 13:50 - 2013-12-13 13:50 - 00000000 _____ C:\Users\XXX\defogger_reenable
2013-12-13 13:48 - 2013-12-13 13:50 - 00000000 ____D C:\Users\XXX\Downloads\Trojaner-Board
2013-12-12 22:35 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 22:35 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 22:35 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 22:35 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 22:35 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 22:35 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 22:35 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 22:35 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 22:35 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 22:35 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 22:34 - 2013-11-23 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 22:34 - 2013-11-23 06:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 22:34 - 2013-11-07 00:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 22:34 - 2013-11-01 06:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 22:34 - 2013-11-01 04:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 22:34 - 2013-10-25 07:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-12-12 22:34 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 22:34 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 22:34 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 22:34 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 22:34 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 22:34 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 22:34 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 22:34 - 2013-10-19 06:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 22:34 - 2013-10-19 05:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 22:34 - 2013-10-10 10:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 22:34 - 2013-10-10 10:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2013-12-12 22:34 - 2013-10-10 10:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 22:34 - 2013-10-10 10:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 22:34 - 2013-10-10 10:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 22:34 - 2013-10-10 10:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-12-12 22:34 - 2013-10-10 10:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 22:34 - 2013-10-09 02:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-12 22:34 - 2013-10-08 23:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-12-12 22:34 - 2013-10-08 23:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-12-12 22:34 - 2013-10-08 23:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-12-12 22:34 - 2013-10-08 23:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-12-12 22:34 - 2013-10-08 23:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-12 22:34 - 2013-10-08 23:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-12 22:34 - 2013-10-08 23:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-12 22:34 - 2013-10-08 23:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-12 22:34 - 2013-10-08 23:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-12-12 22:34 - 2013-10-08 23:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-12-12 22:34 - 2013-10-08 23:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-12 22:34 - 2013-10-08 23:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-12 22:34 - 2013-10-05 07:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-12-12 22:34 - 2013-10-03 23:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-12-12 22:34 - 2013-10-02 03:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-12-12 22:34 - 2013-09-28 06:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-12-12 22:34 - 2013-09-28 04:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-12-12 22:34 - 2013-09-28 04:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 22:34 - 2013-09-19 08:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-12 22:34 - 2013-08-30 06:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-12-12 22:34 - 2013-08-30 06:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-12-12 22:34 - 2013-08-30 00:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-12-12 22:34 - 2013-08-30 00:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-12-09 16:07 - 2013-12-09 16:07 - 00000000 ____D C:\Users\XXX\Downloads\OfficeSuite Pro 7
2013-12-09 16:06 - 2013-12-09 16:07 - 00000000 ____D C:\Users\XXX\Downloads\MyPhoneExplorer
2013-12-09 15:56 - 2013-12-09 16:10 - 00009423 _____ C:\Users\XXX\Documents\Wunschliste Fachbücher Pflanzenschutz.xlsx
2013-12-04 08:33 - 2013-12-04 08:33 - 00000000 ____D C:\Users\XXX\Desktop\Papierkorb
2013-12-03 14:19 - 2013-12-03 14:28 - 00011220 _____ C:\Users\XXX\Documents\Kosten 2014.xlsx
2013-12-03 11:53 - 2013-12-03 11:53 - 00022590 _____ C:\Users\XXX\Documents\Windows 8_1-Upgrade-Assistent.html
2013-12-03 11:53 - 2013-12-03 11:53 - 00000000 ____D C:\Users\XXX\Documents\Windows 8_1-Upgrade-Assistent-Dateien
2013-12-02 11:26 - 2013-12-02 11:27 - 00000000 ____D C:\Users\XXX\Downloads\Adobe Flash Player x
2013-11-29 19:46 - 2013-12-13 08:46 - 00000091 _____ C:\Users\XXX\AppData\Roaming\WB.CFG
2013-11-29 19:46 - 2013-12-13 08:46 - 00000006 _____ C:\Users\XXX\AppData\Roaming\WBPU-TTL.DAT
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Hulubulu
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 ____D C:\Program Files (x86)\Advanced Renamer
2013-11-29 18:32 - 2013-11-29 19:22 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-11-29 18:32 - 2013-11-29 18:48 - 00000000 ____D C:\Users\XXX\AppData\Local\cache
2013-11-29 18:32 - 2013-11-29 18:47 - 00000000 ____D C:\Users\XXX\AppData\Local\Mobogenie
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ____D C:\Users\wangzhisong
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ____D C:\Users\XXX\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 _____ C:\Users\XXX\daemonprocess.txt
2013-11-29 18:31 - 2013-12-13 13:46 - 00000332 _____ C:\Windows\Tasks\DigitalSite.job
2013-11-29 18:31 - 2013-11-29 18:46 - 00002670 _____ C:\Windows\System32\Tasks\DigitalSite
2013-11-29 18:31 - 2013-11-29 18:31 - 00001164 _____ C:\Users\UpdatusUser\Desktop\Continue Zip Opener Installation.lnk
2013-11-29 18:31 - 2013-11-29 18:31 - 00001164 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2013-11-29 18:31 - 2013-11-29 18:31 - 00000000 ____D C:\Users\XXX\AppData\Roaming\DigitalSite
2013-11-29 18:30 - 2013-11-29 18:51 - 00000000 ____D C:\Users\XXX\Downloads\ReName
2013-11-26 17:40 - 2013-11-26 17:40 - 00001404 _____ C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2009Decoder.lnk
2013-11-26 16:29 - 2013-11-26 16:29 - 02082889 _____ C:\Users\XXX\Downloads\OTRDecoder_2.0.0.22.zip
2013-11-26 16:29 - 2013-11-26 16:29 - 00000000 ____D C:\Users\XXX\Downloads\OTRDecoder_2.0.0.22
2013-11-26 09:54 - 2013-12-02 11:28 - 00000000 ____D C:\Users\XXX\AppData\Local\Adobe
2013-11-24 19:08 - 2013-11-24 19:08 - 00003195 _____ C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2013-11-24 17:36 - 2013-11-24 17:36 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla
2013-11-24 17:35 - 2013-11-24 17:35 - 27252412 _____ (Igor Pavlov) C:\Users\XXX\Downloads\tor-browser-2.3.25-15_de.exe
2013-11-24 17:35 - 2013-11-15 23:18 - 00000000 ____D C:\Users\XXX\Downloads\Tor Browser
2013-11-21 20:51 - 2013-11-21 20:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-21 20:50 - 2013-11-26 07:58 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-17 21:47 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-17 21:47 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-17 21:47 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-17 21:47 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-17 21:47 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-17 21:47 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-17 21:47 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-17 21:47 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-17 21:47 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-17 21:47 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-17 21:47 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-17 21:47 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-17 21:47 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-11-17 21:47 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-17 21:47 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-11-17 21:47 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2013-11-17 21:47 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-17 21:47 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-17 21:47 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-17 21:47 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-17 21:47 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-11-17 21:47 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-17 21:47 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-17 21:47 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-17 21:47 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-11-17 21:47 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-11-17 21:47 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
==================== One Month Modified Files and Folders =======
2013-12-13 13:59 - 2013-12-13 13:59 - 00011540 _____ C:\Users\XXX\Downloads\FRST.txt
2013-12-13 13:57 - 2013-12-13 13:57 - 00000000 ____D C:\FRST
2013-12-13 13:56 - 2013-12-13 13:55 - 01927462 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2013-12-13 13:55 - 2013-07-10 20:34 - 00001142 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-13 13:55 - 2013-07-10 20:34 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-13 13:50 - 2013-12-13 13:50 - 00000000 _____ C:\Users\XXX\defogger_reenable
2013-12-13 13:50 - 2013-12-13 13:48 - 00000000 ____D C:\Users\XXX\Downloads\Trojaner-Board
2013-12-13 13:50 - 2013-08-29 14:22 - 00000000 ____D C:\Users\XXX
2013-12-13 13:46 - 2013-11-29 18:31 - 00000332 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-13 13:46 - 2013-02-19 00:05 - 00000000 ____D C:\ProgramData\softthinks
2013-12-13 13:46 - 2012-12-10 23:18 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-12-13 13:42 - 2012-07-26 11:27 - 00754172 _____ C:\Windows\system32\perfh007.dat
2013-12-13 13:42 - 2012-07-26 11:27 - 00156362 _____ C:\Windows\system32\perfc007.dat
2013-12-13 13:42 - 2012-07-26 08:28 - 01748838 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-13 13:38 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 13:36 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2013-12-13 13:36 - 2012-07-26 06:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-12-13 13:35 - 2013-01-15 21:07 - 01639881 _____ C:\Windows\WindowsUpdate.log
2013-12-13 13:12 - 2013-02-09 16:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-13 13:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-13 09:06 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-12-13 09:05 - 2013-01-25 00:27 - 00000000 ____D C:\ProgramData\MFAData
2013-12-13 08:46 - 2013-11-29 19:46 - 00000091 _____ C:\Users\XXX\AppData\Roaming\WB.CFG
2013-12-13 08:46 - 2013-11-29 19:46 - 00000006 _____ C:\Users\XXX\AppData\Roaming\WBPU-TTL.DAT
2013-12-13 08:30 - 2013-01-25 22:07 - 00000000 ____D C:\Users\XXX\AppData\Roaming\vlc
2013-12-12 22:51 - 2013-02-07 23:42 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Dropbox
2013-12-12 22:39 - 2013-01-15 22:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 22:36 - 2012-07-26 06:38 - 00000000 ____D C:\Windows\system32\oobe
2013-12-12 22:31 - 2013-05-22 13:05 - 00000000 ____D C:\Program Files\My Dell
2013-12-12 22:31 - 2012-12-10 23:10 - 00000000 ____D C:\ProgramData\PCDr
2013-12-12 22:20 - 2013-02-07 23:57 - 00000000 ___RD C:\Users\XXX\Dropbox
2013-12-11 22:33 - 2013-05-31 10:45 - 00000000 ____D C:\Program Files (x86)\StaudenDVD_5
2013-12-11 10:27 - 2013-09-30 05:53 - 00000000 ___HD C:\$Windows.~BT
2013-12-11 10:07 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-11 08:48 - 2013-01-15 21:03 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-333928761-1010957289-1312627932-1002
2013-12-10 20:29 - 2013-06-10 19:24 - 00000000 ____D C:\Users\XXX\Documents\Existenzgründung
2013-12-10 20:26 - 2013-03-08 12:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-12-10 20:12 - 2013-02-09 16:38 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 14:21 - 2013-06-01 23:53 - 00000000 ____D C:\Users\XXX\Documents\Alte Dateien Fujitsu Siemens Notebook
2013-12-09 17:42 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-09 16:34 - 2013-01-24 23:35 - 00007356 _____ C:\Users\XXX\Documents\Database.kdb
2013-12-09 16:10 - 2013-12-09 15:56 - 00009423 _____ C:\Users\XXX\Documents\Wunschliste Fachbücher Pflanzenschutz.xlsx
2013-12-09 16:07 - 2013-12-09 16:07 - 00000000 ____D C:\Users\XXX\Downloads\OfficeSuite Pro 7
2013-12-09 16:07 - 2013-12-09 16:06 - 00000000 ____D C:\Users\XXX\Downloads\MyPhoneExplorer
2013-12-09 13:10 - 2013-08-20 12:03 - 00000000 ____D C:\Users\Public\Documents\VR-NetWorld
2013-12-09 13:08 - 2013-08-20 12:03 - 00000000 ____D C:\Program Files (x86)\VR-NetWorld
2013-12-04 08:33 - 2013-12-04 08:33 - 00000000 ____D C:\Users\XXX\Desktop\Papierkorb
2013-12-04 01:53 - 2012-07-26 09:14 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:53 - 2012-07-26 09:14 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 14:28 - 2013-12-03 14:19 - 00011220 _____ C:\Users\XXX\Documents\Kosten 2014.xlsx
2013-12-03 11:53 - 2013-12-03 11:53 - 00022590 _____ C:\Users\XXX\Documents\Windows 8_1-Upgrade-Assistent.html
2013-12-03 11:53 - 2013-12-03 11:53 - 00000000 ____D C:\Users\XXX\Documents\Windows 8_1-Upgrade-Assistent-Dateien
2013-12-02 11:28 - 2013-11-26 09:54 - 00000000 ____D C:\Users\XXX\AppData\Local\Adobe
2013-12-02 11:27 - 2013-12-02 11:26 - 00000000 ____D C:\Users\XXX\Downloads\Adobe Flash Player x
2013-11-30 11:07 - 2012-12-10 15:50 - 00057580 _____ C:\Windows\PFRO.log
2013-11-29 19:22 - 2013-11-29 18:32 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Hulubulu
2013-11-29 18:51 - 2013-11-29 18:51 - 00000000 ____D C:\Program Files (x86)\Advanced Renamer
2013-11-29 18:51 - 2013-11-29 18:30 - 00000000 ____D C:\Users\XXX\Downloads\ReName
2013-11-29 18:48 - 2013-11-29 18:32 - 00000000 ____D C:\Users\XXX\AppData\Local\cache
2013-11-29 18:47 - 2013-11-29 18:32 - 00000000 ____D C:\Users\XXX\AppData\Local\Mobogenie
2013-11-29 18:46 - 2013-11-29 18:31 - 00002670 _____ C:\Windows\System32\Tasks\DigitalSite
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ____D C:\Users\wangzhisong
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ____D C:\Users\XXX\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 _____ C:\Users\XXX\daemonprocess.txt
2013-11-29 18:31 - 2013-11-29 18:31 - 00001164 _____ C:\Users\UpdatusUser\Desktop\Continue Zip Opener Installation.lnk
2013-11-29 18:31 - 2013-11-29 18:31 - 00001164 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2013-11-29 18:31 - 2013-11-29 18:31 - 00000000 ____D C:\Users\XXX\AppData\Roaming\DigitalSite
2013-11-29 13:50 - 2013-07-10 20:34 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 13:50 - 2013-07-10 20:34 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 11:32 - 2013-04-08 16:57 - 00000000 ____D C:\Users\XXX\Documents\Finanzen
2013-11-27 09:01 - 2012-12-10 15:53 - 00000000 ____D C:\Intel
2013-11-26 17:40 - 2013-11-26 17:40 - 00001404 _____ C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2009Decoder.lnk
2013-11-26 16:29 - 2013-11-26 16:29 - 02082889 _____ C:\Users\XXX\Downloads\OTRDecoder_2.0.0.22.zip
2013-11-26 16:29 - 2013-11-26 16:29 - 00000000 ____D C:\Users\XXX\Downloads\OTRDecoder_2.0.0.22
2013-11-26 07:58 - 2013-11-21 20:50 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-26 07:58 - 2012-12-10 23:02 - 00000000 ____D C:\Program Files\Intel
2013-11-24 19:08 - 2013-11-24 19:08 - 00003195 _____ C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2013-11-24 17:36 - 2013-11-24 17:36 - 00000000 ____D C:\Users\XXX\AppData\Local\Mozilla
2013-11-24 17:36 - 2013-01-27 22:14 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Mozilla
2013-11-24 17:35 - 2013-11-24 17:35 - 27252412 _____ (Igor Pavlov) C:\Users\XXX\Downloads\tor-browser-2.3.25-15_de.exe
2013-11-23 07:43 - 2013-12-12 22:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-23 06:05 - 2013-12-12 22:34 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-21 20:52 - 2012-12-10 23:03 - 00000000 ____D C:\ProgramData\Intel
2013-11-21 20:51 - 2013-11-21 20:51 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-21 20:51 - 2012-12-10 23:04 - 00000000 ____D C:\ProgramData\Intel.sav
2013-11-21 20:51 - 2012-12-10 15:53 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-21 20:51 - 2012-12-10 15:53 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-19 11:21 - 2013-01-24 23:17 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-19 10:21 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-19 10:21 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\WinStore
2013-11-19 09:35 - 2013-07-18 19:49 - 00000000 ____D C:\Windows\system32\MRT
2013-11-19 09:33 - 2013-01-24 15:49 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-15 23:18 - 2013-11-24 17:35 - 00000000 ____D C:\Users\XXX\Downloads\Tor Browser
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\XXX\AppData\Local\Temp\FileSystemView.dll
C:\Users\XXX\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\XXX\AppData\Local\Temp\lowproc.exe
C:\Users\XXX\AppData\Local\Temp\MSETUP4.EXE
C:\Users\XXX\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-08 18:00
==================== End Of Log ============================
--- --- ---
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by XXX at 2013-12-13 13:59:47
Running from C:\Users\XXX\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Advanced Renamer (x32 Version: 3.60)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.1.8321)
Canon MP Navigator EX 2.1 (x32)
CanoScan LiDE 700F Scanner Driver
CDBurnerXP (x32 Version: 4.5.1.3868)
D3DX10 (x32 Version: 15.4.2368.0902)
dakota.ag (x32 Version: 5.2.0.8)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Backup and Recovery - Support Software (x32 Version: 1.6.1.1)
Dell Backup and Recovery (x32 Version: 1.6.1.1)
Dell Digital Delivery (x32 Version: 2.2.2000.0)
Dell Touchpad (Version: 8.1200.101.209)
Dropbox (HKCU Version: 2.0.22)
Fotogalerie (x32 Version: 16.4.3503.0728)
Free Video to MP3 Converter version 5.0.28.827 (x32 Version: 5.0.28.827)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2849)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.1.1.0084)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.5.0.0248)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel(R) WiDi (Version: 3.5.34.0)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
KeePass Password Safe 1.25 (x32 Version: 1.25)
Krankheiten und Schädlinge an Stauden 2.0 (x32 Version: 2.0)
Lexware Elster (x32 Version: 13.10.00.0021)
Lexware financial office 2013 (x32 Version: 17.53.00.0343)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware online banking (x32 Version: 20.00.00.0059)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
My Dell (Version: 3.5.6422.14)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.131.854)
NVIDIA Optimus 7.2.17 (Version: 7.2.17)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update Components (Version: 7.2.17)
Office-Bibliothek 4.0 (x32)
Opera 12.16 (x32 Version: 12.16.1860)
PDFCreator (x32 Version: 1.6.2)
PDF-Viewer (Version: 2.5.208.0)
Photo Gallery (x32 Version: 16.4.3503.0728)
PhotoScape (x32)
Quickset64 (Version: 11.1.27)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Shared C Run-time for x64 (Version: 10.0.0)
StaudenDVD Version 5 (x32)
swMSM (x32 Version: 12.0.0.1)
True Image 2013 (x32 Version: 16.0.6514)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (Version: 2.6.2.0)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
VR-NetWorld (x32)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Zip Opener Packages (HKCU) <==== ATTENTION
==================== Restore Points =========================
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D63EB9B-5C53-492D-A098-C6E63471951C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {4B49D1C1-3C05-4EA1-A150-1FC18AC6188C} - System32\Tasks\DigitalSite => C:\Users\XXX\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {608E7997-5D71-43A8-A0BB-CF64FCF1873A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6E409E62-E8EB-4475-821C-3C51BD999714} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {9AF56443-2312-43DC-A4A4-9B530120E372} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-07] (PC-Doctor, Inc.)
Task: {A4043807-2B77-4783-8B7B-95FE3AFF8C5A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {A7D5900B-F5E4-4035-8D01-8CA939622D01} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C150E019-2D3D-446D-A070-3C69EB59EAFD} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\XXX\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2012-12-11 00:24 - 2012-08-01 09:02 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-27 21:39 - 2013-03-27 21:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll
2013-01-24 15:20 - 2013-01-24 15:21 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-08-20 12:15 - 2013-08-20 12:15 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2013-03-27 21:09 - 2013-03-27 21:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-12-10 23:02 - 2012-06-25 17:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-12-11 00:24 - 2012-08-01 09:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-14 18:07 - 2013-10-11 23:21 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-02-22 03:05 - 2012-11-26 05:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-02-22 03:05 - 2012-11-26 05:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-03-27 21:36 - 2013-03-27 21:36 - 00021312 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (12/13/2013 08:44:10 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).
Error: (12/12/2013 10:36:47 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (12/12/2013 10:36:44 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (12/12/2013 10:36:37 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (12/12/2013 10:35:39 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (12/12/2013 10:35:21 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (12/12/2013 10:26:30 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/11/2013 10:07:42 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (12/11/2013 09:01:05 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/09/2013 01:08:55 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding; Beschreibung = Installiert VR-NetWorld; Fehler = 0x80070422).
System errors:
=============
Error: (12/13/2013 01:40:47 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/12/2013 09:55:02 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/11/2013 01:59:18 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/11/2013 10:27:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800704c7 fehlgeschlagen: German ESD Bundle Parent
Error: (12/11/2013 08:40:00 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/09/2013 08:32:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/09/2013 06:57:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst AVGIDSAgent konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/09/2013 09:48:17 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/08/2013 05:29:12 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/06/2013 02:39:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (12/13/2013 08:44:10 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422
Error: (12/12/2013 10:36:47 PM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (12/12/2013 10:36:44 PM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (12/12/2013 10:36:37 PM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (12/12/2013 10:35:39 PM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
Error: (12/12/2013 10:35:21 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (12/12/2013 10:26:30 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/11/2013 10:07:42 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (12/11/2013 09:01:05 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/09/2013 01:08:55 PM) (Source: System Restore)(User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -EmbeddingInstalliert VR-NetWorld0x80070422
CodeIntegrity Errors:
===================================
Date: 2013-12-13 13:57:50.579
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:50.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:50.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:50.419
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:41.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:41.970
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:41.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:57:41.845
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:56:21.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-12-13 13:56:21.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 8049.12 MB
Available physical RAM: 6090.88 MB
Total Pagefile: 9265.12 MB
Available Pagefile: 7254.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.26 GB) (Free:683.95 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.49 GB) (Free:0.2 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.2 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:13.58 GB) (Free:0.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E70363BC)
Partition: GPT Partition Type
==================== End Of Log ============================
Gmer
GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-13 14:14:31
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000040 WDC_WD10JPVT-75A1YT0 rev.01.01A01 931,51GB
Running: cumuu7go.exe; Driver: C:\Users\XXX\AppData\Local\Temp\kxtoqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600009e100 7 bytes [40, 4F, 82, 01, 00, 51, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff9600009e108 7 bytes [01, 15, C0, FF, 00, 12, DB]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb3907257c 8 bytes JMP 000007fc36e003b0
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb39076b10 9 bytes JMP 000007fc36e00308
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb390f5658 7 bytes JMP 000007fc36e00260
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb390f5778 7 bytes JMP 000007fc36e002d0
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb39111564 7 bytes JMP 000007fc36e00340
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb391240e4 7 bytes JMP 000007fc36e00298
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb39124178 8 bytes JMP 000007fc36e00228
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb3912479c 8 bytes JMP 000007fc36e00378
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb36e128a0 7 bytes JMP 000007fc36e000d8
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb36e128e8 5 bytes JMP 000007fc36e00180
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb36e2f590 6 bytes JMP 000007fc36e00148
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb36e2f8ac 5 bytes JMP 000007fc36e00110
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb3926c5b0 7 bytes JMP 000007fc36e00490
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb392731f0 9 bytes JMP 000007fc36e003e8
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb392733e0 5 bytes JMP 000007fc36e00458
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb39277160 5 bytes JMP 000007fc36e00420
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb38f11070 8 bytes JMP 000007fc36e001f0
.text C:\Windows\system32\dwm.exe[1212] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb38f30c10 8 bytes JMP 000007fc36e001b8
.text C:\Windows\system32\WLANExt.exe[1768] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3847177a 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\WLANExt.exe[1768] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb38471782 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\WLANExt.exe[1768] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\WLANExt.exe[1768] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\WLANExt.exe[1768] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3847177a 4 bytes [47, 38, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb38471782 4 bytes [47, 38, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb2f131b32 4 bytes [13, 2F, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2204] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb2f131b3a 4 bytes [13, 2F, FB, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3847177a 4 bytes [47, 38, FB, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb38471782 4 bytes [47, 38, FB, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2592] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3847177a 4 bytes [47, 38, FB, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2676] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb38471782 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2288] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3847177a 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2288] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb38471782 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2288] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2288] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb3907257c 8 bytes JMP 000007fc36e00420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb39076b10 9 bytes JMP 000007fc36e00378
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb390f5658 7 bytes JMP 000007fc36e002d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb390f5778 7 bytes JMP 000007fc36e00340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb39111564 7 bytes JMP 000007fc36e003b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb391240e4 7 bytes JMP 000007fc36e00308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb39124178 8 bytes JMP 000007fc36e00298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb3912479c 8 bytes JMP 000007fc36e003e8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb36e128a0 7 bytes JMP 000007fc36e000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb36e128e8 5 bytes JMP 000007fc36e00180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb36e2f590 6 bytes JMP 000007fc36e00148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb36e2f8ac 5 bytes JMP 000007fc36e00110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb3926c5b0 7 bytes JMP 000007fc36e00500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb392731f0 9 bytes JMP 000007fc36e00458
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb392733e0 5 bytes JMP 000007fc36e004c8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb39277160 5 bytes JMP 000007fc36e00490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb38f11070 8 bytes JMP 000007fc36e001f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb38f30c10 8 bytes JMP 000007fc36e001b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb397e2100 5 bytes JMP 000007fc36e00228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb397f5d4c 7 bytes JMP 000007fc36e00260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3908] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[3916] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[3916] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[3916] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[3916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb3847177a 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\nvvsvc.exe[3916] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb38471782 4 bytes [47, 38, FB, 07]
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb3907257c 8 bytes JMP 000007fc36e003b0
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb39076b10 9 bytes JMP 000007fc36e00308
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb390f5658 7 bytes JMP 000007fc36e00260
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb390f5778 7 bytes JMP 000007fc36e002d0
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb39111564 7 bytes JMP 000007fc36e00340
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb391240e4 7 bytes JMP 000007fc36e00298
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb39124178 8 bytes JMP 000007fc36e00228
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb3912479c 8 bytes JMP 000007fc36e00378
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb36e128a0 7 bytes JMP 000007fc36e000d8
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb36e128e8 5 bytes JMP 000007fc36e00180
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb36e2f590 6 bytes JMP 000007fc36e00148
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb36e2f8ac 5 bytes JMP 000007fc36e00110
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 000007fb3926c5b0 7 bytes JMP 000007fc36e00490
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 000007fb392731f0 9 bytes JMP 000007fc36e003e8
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 000007fb392733e0 5 bytes JMP 000007fc36e00458
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 000007fb39277160 5 bytes JMP 000007fc36e00420
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb38f11070 8 bytes JMP 000007fc36e001f0
.text C:\Windows\system32\taskhostex.exe[3544] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb38f30c10 8 bytes JMP 000007fc36e001b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb3907257c 8 bytes JMP 000007fc36e00420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb39076b10 9 bytes JMP 000007fc36e00378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb390f5658 7 bytes JMP 000007fc36e002d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb390f5778 7 bytes JMP 000007fc36e00340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb39111564 7 bytes JMP 000007fc36e003b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb391240e4 7 bytes JMP 000007fc36e00308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb39124178 8 bytes JMP 000007fc36e00298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb3912479c 8 bytes JMP 000007fc36e003e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb36e128a0 7 bytes JMP 000007fc36e000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb36e128e8 5 bytes JMP 000007fc36e00180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb36e2f590 6 bytes JMP 000007fc36e00148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb36e2f8ac 5 bytes JMP 000007fc36e00110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb3926c5b0 7 bytes JMP 000007fc36e00500
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb392731f0 9 bytes JMP 000007fc36e00458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb392733e0 5 bytes JMP 000007fc36e004c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb39277160 5 bytes JMP 000007fc36e00490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb38f11070 8 bytes JMP 000007fc36e001f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb38f30c10 8 bytes JMP 000007fc36e001b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 000007fb397e2100 5 bytes JMP 000007fc36e00228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4540] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fb397f5d4c 7 bytes JMP 000007fc36e00260
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1312] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb30c01532 4 bytes [C0, 30, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1312] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb30c0153a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1312] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb30c0165a 4 bytes [C0, 30, FB, 07]
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000007fb3907257c 8 bytes JMP 000007fc36e003b0
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 000007fb39076b10 9 bytes JMP 000007fc36e00308
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 000007fb390f5658 7 bytes JMP 000007fc36e00260
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 000007fb390f5778 7 bytes JMP 000007fc36e002d0
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 000007fb39111564 7 bytes JMP 000007fc36e00340
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000007fb391240e4 7 bytes JMP 000007fc36e00298
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 000007fb39124178 8 bytes JMP 000007fc36e00228
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000007fb3912479c 8 bytes JMP 000007fc36e00378
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb36e128a0 7 bytes JMP 000007fc36e000d8
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb36e128e8 5 bytes JMP 000007fc36e00180
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb36e2f590 6 bytes JMP 000007fc36e00148
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb36e2f8ac 5 bytes JMP 000007fc36e00110
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb3926c5b0 7 bytes JMP 000007fc36e00490
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb392731f0 9 bytes JMP 000007fc36e003e8
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb392733e0 5 bytes JMP 000007fc36e00458
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb39277160 5 bytes JMP 000007fc36e00420
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb38f11070 8 bytes JMP 000007fc36e001f0
.text C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe[2508] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb38f30c10 8 bytes JMP 000007fc36e001b8
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007fb3907257c 8 bytes JMP 000007fc36e003b0
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fb39076b10 9 bytes JMP 000007fc36e00308
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fb390f5658 7 bytes JMP 000007fc36e00260
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fb390f5778 7 bytes JMP 000007fc36e002d0
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fb39111564 7 bytes JMP 000007fc36e00340
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fb391240e4 7 bytes JMP 000007fc36e00298
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fb39124178 8 bytes JMP 000007fc36e00228
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007fb3912479c 8 bytes JMP 000007fc36e00378
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fb36e128a0 7 bytes JMP 000007fc36e000d8
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fb36e128e8 5 bytes JMP 000007fc36e00180
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fb36e2f590 6 bytes JMP 000007fc36e00148
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fb36e2f8ac 5 bytes JMP 000007fc36e00110
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\USER32.dll!CreateWindowExW 000007fb3926c5b0 7 bytes JMP 000007fc36e00490
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fb392731f0 9 bytes JMP 000007fc36e003e8
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007fb392733e0 5 bytes JMP 000007fc36e00458
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007fb39277160 5 bytes JMP 000007fc36e00420
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fb38f11070 8 bytes JMP 000007fc36e001f0
.text C:\Windows\splwow64.exe[380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fb38f30c10 8 bytes JMP 000007fc36e001b8
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [592:3648] fffff960009095e8
Thread C:\Windows\SYSTEM32\ntdll.dll [40:3664] 0000000000fc6a94
Thread C:\Windows\SYSTEM32\ntdll.dll [40:4076] 0000000065c59782
Thread C:\Windows\SYSTEM32\ntdll.dll [40:3676] 0000000065c59782
Thread C:\Windows\SYSTEM32\ntdll.dll [40:6536] 0000000065ea5de1
Thread C:\Windows\SYSTEM32\ntdll.dll [40:56] 0000000065c59782
---- EOF - GMER 2.1 ----
--- --- ---
Ich hoffe, ihr könnt mir helfen.
Gruß,
Philipp
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
