Spotify / Steam nur im Offlinemodus nutzbar
Hallo,
Seid heute sind Steam und Spotify nur noch im offlinemodus nutzbar, obwohl mein Rechner (per lan) mit dem Internet verbunden ist. Google Chrome funktioniert soweit einwandfrei.
Ich vermute, dass Viren das Problem verursachen und habe schon einmal diverse Logfiles erstellt die ich nun posten werde.
Malwarebytes Anti-Malware Logfile
Datenbank lässt sich nicht aktualisieren, Database Version: v2014.11.20.06 Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 08.03.2015
Scan Time: 15:24:02
Logfile: malwarebytes Anti-Malware log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kurier
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316190
Time Elapsed: 3 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 9
PUP.Optional.Clara.A, C:\Users\Kurier\AppData\Local\Temp\setup.exe, Quarantined, [d63055e998e49a9c3e08606c61a0a15f],
PUP.Optional.Somoto, C:\Users\Kurier\AppData\Local\Temp\bitool.dll, Quarantined, [47bf80bef7851125784ac4c2bf43847c],
PUP.Optional.SupTab.A, C:\Users\Kurier\AppData\Local\Temp\~dlB94\~dljyb\tmp\STab_v4.0.exe, Quarantined, [e224b38bd4a839fdaadbbe77ce32ec14],
PUP.Optional.WindowsProtectManger.A, C:\Users\Kurier\AppData\Local\Temp\~dlB94\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [ee18c975e99367cf8001f5c72cd538c8],
PUP.Optional.SupTab.A, C:\Users\Kurier\AppData\Local\Temp\~dlF113\~dljyb\tmp\STab_v4.0.exe, Quarantined, [cd39ca74bbc10e28afd6013499671ae6],
PUP.Optional.WindowsProtectManger.A, C:\Users\Kurier\AppData\Local\Temp\~dlF113\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [c5419da16715ba7c4938a6164bb67789],
PUP.Optional.OpenCandy, C:\Users\Kurier\Downloads\SetupImgBurn_2.5.8.0.exe, Quarantined, [e4229f9f92ea52e4ab5bcaabd72e2ad6],
PUP.Optional.OpenCandy, C:\Users\Kurier\Downloads\DTLite4491-0356.exe, Quarantined, [ca3cd26c80fcab8ba264fd78b055d42c],
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, Quarantined, [c73f7fbfccb0b185b8003a779c6807f9],
Physical Sectors: 0
(No malicious items detected)
(end)
GMER Logfile:
GMER Logfile: Code:
GMER 2.1.19357 logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-08 16:37:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 KINGSTON_SV300S37A120G rev.541ABBF0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Kurier\AppData\Local\Temp\ufdiipod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a6faa8 5 bytes JMP 0000000173052e10
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a70038 5 bytes JMP 0000000173052dd0
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe[1548] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 000000007665b9f8 4 bytes [10, 3D, 05, 73]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b41465 2 bytes [B4, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b414bb 2 bytes [B4, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b41465 2 bytes [B4, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b414bb 2 bytes [B4, 76]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b41465 2 bytes [B4, 76]
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b414bb 2 bytes [B4, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3388] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 00000000777a0880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe[3136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076b41465 2 bytes [B4, 76]
.text C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe[3136] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076b414bb 2 bytes [B4, 76]
.text ... * 2
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076b41465 2 bytes [B4, 76]
.text C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076b414bb 2 bytes [B4, 76]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077871398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007787143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077871594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007787191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077871bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077871d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077871edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077871fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000778727d2 8 bytes {JMP 0x10}
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007787282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077872898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077872d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077872d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007787323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000778733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077873a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077873ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077873b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077874190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077874241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000778743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077874434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000778745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000778746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077874a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077874b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077874c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077874d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077874ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077874ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000778750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000778752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000778753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000778755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000778764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007787668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007787687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000778768d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007787692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077877166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077877dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077877e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778c1380 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000778c1500 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000778c1530 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778c1650 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000778c1700 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778c1d30 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000778c1f80 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778c27e0 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000753a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000753a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077871398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007787143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077871594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007787191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077871bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077871d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077871edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077871fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000778727d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007787282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077872898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077872d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077872d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007787323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000778733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077873a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077873ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077873b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077874190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077874241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000778743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077874434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000778745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000778746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077874a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077874b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077874c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077874d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077874ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077874ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000778750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000778752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000778753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000778755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000778764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007787668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007787687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000778768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007787692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077877166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077877dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077877e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000778c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000778c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000778c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000778c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000753a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000753a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077871398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007787143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077871594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007787191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077871bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077871d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077871edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077871fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000778727b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000778727d2 8 bytes {JMP 0x10}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007787282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077872898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077872d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077872d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007787323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000778733c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077873a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077873ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077873b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077874190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077874241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000778742b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000778743f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077874434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000778745d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000778746d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077874a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077874b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077874c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077874d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077874ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077874ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000778750f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000778752f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000778753f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000778755e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000778764d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007787668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007787687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000778768bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000778768d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007787692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077877166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077877dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077877e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000778c1380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000778c1500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000778c1530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000778c1650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000778c1700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000778c1d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000778c1f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778c27e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000753a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000753a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000753a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000753a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000753a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Kurier\Downloads\Gmer-19357.exe[2904] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000753a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff8800335cec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [768:3112] 0000000000e3ef60
Thread C:\Windows\system32\services.exe [768:3116] 0000000000e3ef60
Thread C:\Windows\system32\services.exe [768:3120] 0000000000e3ef60
Thread C:\Windows\system32\services.exe [768:3124] 0000000000e3ef60
Thread C:\Windows\system32\svchost.exe [220:472] 0000000000d6ef60
Thread C:\Windows\system32\svchost.exe [220:468] 0000000000d6ef60
Thread C:\Windows\system32\svchost.exe [220:620] 0000000000d6ef60
Thread C:\Windows\system32\svchost.exe [220:728] 0000000000d6ef60
Thread C:\Windows\system32\svchost.exe [1132:1688] 000000000277ef60
Thread C:\Windows\system32\svchost.exe [1132:1692] 000000000277ef60
Thread C:\Windows\system32\svchost.exe [1132:1696] 000000000277ef60
Thread C:\Windows\system32\svchost.exe [1132:1700] 000000000277ef60
Thread C:\Windows\System32\spoolsv.exe [1724:4324] 00000000020aef60
Thread C:\Windows\System32\spoolsv.exe [1724:4308] 00000000020aef60
Thread C:\Windows\System32\spoolsv.exe [1724:4660] 00000000020aef60
Thread C:\Windows\System32\spoolsv.exe [1724:5116] 00000000020aef60
Thread C:\Windows\system32\svchost.exe [1816:2024] 0000000000f7ef60
Thread C:\Windows\system32\svchost.exe [1816:2028] 0000000000f7ef60
Thread C:\Windows\system32\svchost.exe [1816:2032] 0000000000f7ef60
Thread C:\Windows\system32\svchost.exe [1816:2036] 0000000000f7ef60
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:3160] 00000000768f7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:3448] 0000000063390cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:1016] 0000000077aa2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:5224] 0000000077aa3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:2488] 0000000077aa3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4784:4396] 0000000077aa3e85
---- Processes - GMER 2.1 ----
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 0000000065cb0000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000065690000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:30) 0000000066160000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000063880000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004400000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\kurier\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-03-08 15:05:53) 0000000003df0000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000064d80000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 00000000618a0000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000063440000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000062f80000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000739a0000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:30) 00000000739f0000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 00000000738a0000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000073820000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000073780000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:28) 0000000072f50000
Library C:\Users\Kurier\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe [3136](2015-02-10 21:00:28) 0000000073860000
---- EOF - GMER 2.1 ----
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Kurier (administrator) on KURIER-PC on 08-03-2015 16:22:40
Running from C:\Users\Kurier\Downloads
Loaded Profiles: Kurier (Available profiles: Kurier)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Spotify Ltd) C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) F:\Steam\Steam.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [Spotify Web Helper] => C:\Users\Kurier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {080dcd91-99da-11e4-af5b-448a5b9af13c} - E:\autorun.exe
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\...\MountPoints2: {50d55878-a2ef-11e4-81b5-448a5b9af13c} - G:\SISetup.exe
Startup: C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kurier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kurier\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52507;https=127.0.0.1:52507
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3258624858-2044797830-3490162811-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-14] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-14] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-28] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Winsock: Catalog9 01 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\ColorMedia.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-29] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3258624858-2044797830-3490162811-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-19] ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-28]
Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hppp&ts=1421017826&from=cvs&uid=ST2000DM001-1CH164_Z1E812J5XXXXZ1E812J5"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12]
CHR Extension: (Google Docs) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (AdBlock) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Kurier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-25] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 16:22 - 2015-03-08 16:22 - 02095104 _____ (Farbar) C:\Users\Kurier\Downloads\FRST64.exe
2015-03-08 16:22 - 2015-03-08 16:22 - 00022472 _____ () C:\Users\Kurier\Downloads\FRST.txt
2015-03-08 16:22 - 2015-03-08 16:22 - 00000000 ____D () C:\FRST
2015-03-08 16:21 - 2015-03-08 16:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95 (1).exe
2015-03-08 16:15 - 2015-03-08 16:21 - 00001268 _____ () C:\Users\Kurier\Desktop\Revo Uninstaller.lnk
2015-03-08 16:15 - 2015-03-08 16:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-08 16:15 - 2015-03-08 16:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kurier\Downloads\revosetup95.exe
2015-03-08 15:23 - 2015-03-08 16:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 15:23 - 2015-03-08 15:23 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-08 15:23 - 2015-03-08 15:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 15:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 15:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 15:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 15:22 - 2015-03-08 15:22 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Kurier\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 12:37 - 2015-03-08 12:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-08 12:34 - 2015-03-08 12:35 - 00000000 ____D () C:\AdwCleaner
2015-03-08 12:34 - 2015-03-08 12:34 - 02126848 _____ () C:\Users\Kurier\Downloads\adwcleaner_4.111.exe
2015-03-05 20:38 - 2015-03-05 20:38 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\LavasoftStatistics
2015-03-05 20:28 - 2015-03-05 20:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-05 20:12 - 2015-03-05 20:12 - 01923888 _____ () C:\Users\Kurier\Downloads\Adaware_Installer_11.5.exe
2015-02-24 11:19 - 2015-02-24 11:19 - 00000000 ____D () C:\Users\Kurier\Documents\DyingLight
2015-02-24 10:52 - 2015-02-24 10:52 - 00000202 _____ () C:\Users\Kurier\Desktop\Dying Light.url
2015-02-24 10:23 - 2015-02-24 10:23 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Steam
2015-02-13 10:17 - 2015-01-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 10:17 - 2015-01-23 05:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 18:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 18:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 18:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 18:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 18:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 18:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 18:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 18:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 18:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 18:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 18:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 18:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 18:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 18:27 - 2015-01-13 07:58 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:27 - 2015-01-13 07:57 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:27 - 2015-01-13 06:00 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:27 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:26 - 2015-01-13 07:59 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:26 - 2015-01-13 07:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 18:26 - 2015-01-13 07:58 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 07:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 07:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:26 - 2015-01-13 06:01 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:26 - 2015-01-13 06:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 18:26 - 2015-01-13 06:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 18:26 - 2015-01-13 05:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 05:17 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 18:26 - 2015-01-13 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 18:26 - 2015-01-13 04:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-11 18:26 - 2015-01-13 04:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 18:26 - 2015-01-13 04:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-06 06:16 - 2015-02-06 06:32 - 00000000 ____D () C:\Program Files (x86)\GUMBD19.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 16:20 - 2014-10-28 23:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-08 16:12 - 2014-10-12 04:33 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2015-03-08 16:12 - 2014-10-12 04:33 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2015-03-08 16:12 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 16:12 - 2009-07-14 05:45 - 00023904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 16:08 - 2014-10-11 12:43 - 01096346 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 16:07 - 2014-10-11 13:19 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-08 16:05 - 2015-01-12 09:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 16:05 - 2014-10-11 13:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-08 16:05 - 2010-11-21 04:47 - 00176240 _____ () C:\Windows\PFRO.log
2015-03-08 16:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 16:05 - 2009-07-14 05:51 - 00209820 _____ () C:\Windows\setupact.log
2015-03-08 16:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-08 15:37 - 2015-01-12 09:03 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 13:47 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Spotify
2015-03-08 12:44 - 2014-10-12 21:21 - 00000000 ____D () C:\Users\Kurier\AppData\Local\Spotify
2015-03-08 12:38 - 2014-12-15 15:38 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-03-08 12:29 - 2014-10-12 01:07 - 00000000 ___RD () C:\Users\Kurier\Dropbox
2015-03-08 12:29 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Dropbox
2015-03-06 21:35 - 2014-11-04 18:46 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\NVIDIA
2015-03-06 19:07 - 2014-11-04 16:02 - 00000000 ____D () C:\Users\Kurier\Documents\My Games
2015-03-05 22:40 - 2014-10-11 20:20 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\TS3Client
2015-02-24 10:38 - 2015-01-12 09:03 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-13 10:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 10:16 - 2014-10-12 01:06 - 00000000 ____D () C:\Users\Kurier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 10:12 - 2009-07-14 05:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:30 - 2014-10-11 13:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 21:29 - 2014-10-13 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:28 - 2014-10-29 11:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:27 - 2014-10-29 11:12 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:46 - 2015-01-23 14:44 - 00000000 ____D () C:\Users\Kurier\Documents\Eigene Scans
2015-02-06 06:32 - 2015-01-12 09:03 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 06:32 - 2015-01-12 09:03 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2014-10-11 12:51 - 2014-10-11 12:51 - 0000017 _____ () C:\Users\Kurier\AppData\Local\resmon.resmoncfg
Some content of TEMP:
====================
C:\Users\Kurier\AppData\Local\Temp\AutoWifi.exe
C:\Users\Kurier\AppData\Local\Temp\devcon64.exe
C:\Users\Kurier\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3fjxfg.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVisionIePlugin64.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreaming64.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin.dll
C:\Users\Kurier\AppData\Local\Temp\Nv3DVStreamingIePlugin64.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kurier\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kurier\AppData\Local\Temp\nvStInst.exe
C:\Users\Kurier\AppData\Local\Temp\Quarantine.exe
C:\Users\Kurier\AppData\Local\Temp\siinst.exe
C:\Users\Kurier\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Kurier\AppData\Local\Temp\SpOrder.dll
C:\Users\Kurier\AppData\Local\Temp\sqlite3.dll
C:\Users\Kurier\AppData\Local\Temp\sqlite3.exe
C:\Users\Kurier\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 10:36
==================== End Of Log ============================
--- --- ---
--- --- ---
Durch das Addition Logfile von FRST wird dieser beitrag leider zu lang.
Ich werde diesen auf Wunsch als Antwort auf diesen hier posten.
Vielen Dank im voraus für Ihre Mühe. |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
