| Calculus | 23.05.2015 07:47 |
DHL-E-Mail-Trojaner auf Windows 7
Hallo!
Auf einem Windows 7 Rechner wurde leider die zur Zeit im Umlauf befindliche DHL-Paketzustellungs-E-Mail geöffnet und in der Folge auch der Downloadlink in der PDF angeklickt.
Ein Durchlauf mit c't-Desinfect hat folgendes Ergebnis erbracht (ich vermute, bei den Bifrose-Funden handelt es sich um falsche Positive; die zip-Datei wurde mittlerweile vom infizierten Rechner gelöscht). Code:
Infizierte Datei ggf. Datei in Archiv Fund durch Avira Fund durch Kaspersky Fund durch ClamAV
/media/OS/Users/g_/Downloads/DHL_Report_2036361820.zip DHL_Report_3629033839____lang___SD18_05_2015___07_39_15___Message__ID18_DHL_DE_N05.exe TR/Dropper.VB.31844 Trojan-Ransom.Win32.Blocker.hbrl
/media/OS/Users/g_/AppData/Local/Temp/7zS48E8/Documents/program files/HP/HP LJ300-400 color M351-M451/Help_Learn/Help.exe Trojan.Bifrose-14946
/media/OS/Users/g_/AppData/Local/Temp/7zS48E8/InstallerContent/Help/CSIHelp.exe Trojan.Bifrose-14946
Hier sind die Logfiles (es wurde lediglich der Nutzername abgekürzt):
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:59 on 23/05/2015 (gerhold)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by g_ (administrator) on GERHOLDS-DELL on 23-05-2015 08:00:25
Running from C:\Users\g_\Downloads
Loaded Profiles: g_ (Available Profiles: g_ & petwoe)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Dropbox, Inc.) C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(PFU LIMITED) C:\Program Files (x86)\Common Files\PFU\ScanSnap\ScanToOffice\STOCS\ScanToMobileTrans.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel(R) Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [391152 2014-01-31] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [771568 2014-01-31] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [770544 2014-01-31] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\...\Run: [GoogleChromeAutoLaunch_8ABDD5EAB6B69DB07324550782F2DD1F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\...\Run: [ScanToMobile] => C:\Program Files (x86)\Common Files\PFU\ScanSnap\ScanToOffice\ScanToMobileStart.exe [127488 2011-03-05] (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk [2014-12-08]
ShortcutTarget: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-12-08]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\g_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\g_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-17]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2663205234-3862822762-712595649-1001 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-2663205234-3862822762-712595649-1001 -> {46095E4C-0506-4C24-B474-70246A648306} URL =
SearchScopes: HKU\S-1-5-21-2663205234-3862822762-712595649-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-05]
CHR Extension: (Google Docs) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-05]
CHR Extension: (Google Drive) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-05]
CHR Extension: (YouTube) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (Google Search) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (Google Sheets) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-05]
CHR Extension: (Bookmark Manager) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
CHR Extension: (Dropbox) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-12-07]
CHR Extension: (Clock and Weather forecast combo [FVD]) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgcejfcgcnbhiijhlfeilijbjenogpkp [2014-12-08]
CHR Extension: (Evernote Web) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-12-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2014-12-07]
CHR Extension: (Google Wallet) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Picasa) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-12-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-12-05]
CHR Extension: (Gmail) - C:\Users\g_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [518192 2014-01-27] (REINER SCT)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [75120 2015-03-04] (Dell)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) []
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) []
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-07] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [35192 2012-09-04] (REINER SCT)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-05] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2354648 2014-04-25] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 08:00 - 2015-05-23 08:00 - 00019110 _____ () C:\Users\g_\Downloads\FRST.txt
2015-05-23 08:00 - 2015-05-23 08:00 - 00000000 ____D () C:\FRST
2015-05-23 07:59 - 2015-05-23 07:59 - 02108416 _____ (Farbar) C:\Users\g_\Downloads\FRST64.exe
2015-05-23 07:59 - 2015-05-23 07:59 - 00380416 _____ () C:\Users\g_\Downloads\Gmer-19357.exe
2015-05-23 07:59 - 2015-05-23 07:59 - 00050477 _____ () C:\Users\g_\Downloads\Defogger.exe
2015-05-23 07:59 - 2015-05-23 07:59 - 00000476 _____ () C:\Users\g_\Downloads\defogger_disable.log
2015-05-23 07:59 - 2015-05-23 07:59 - 00000000 _____ () C:\Users\g_\defogger_reenable
2015-05-17 17:45 - 2015-05-20 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-05-17 17:45 - 2015-05-17 17:45 - 00000932 _____ () C:\Users\g_\Desktop\Evernote.lnk
2015-05-12 21:05 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:05 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 20:19 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:19 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:19 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 20:19 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 20:19 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 20:19 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 20:19 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 20:19 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 20:19 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 20:19 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 20:19 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 20:19 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 20:19 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 20:19 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 20:19 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 20:19 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 20:19 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 20:19 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 20:19 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 20:19 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 20:19 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 20:19 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 20:19 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 20:19 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 20:19 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 20:19 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 20:19 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 20:19 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 20:19 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 20:19 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 20:19 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 20:19 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 20:19 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 20:19 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 20:19 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 20:19 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 20:19 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 20:19 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 20:19 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 20:19 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 20:19 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 20:19 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 20:19 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 20:19 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 20:19 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 20:19 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 20:19 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 20:19 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 20:19 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 20:19 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 20:19 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 20:19 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 20:19 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 20:19 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 20:19 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 20:19 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 20:19 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 20:19 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 20:19 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 20:19 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 20:19 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 20:19 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:19 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:19 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:19 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:19 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:19 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:19 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:19 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:19 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:19 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:19 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:19 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:19 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:19 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:19 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:19 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:19 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:19 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:16 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:16 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:16 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:16 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:16 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:16 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:16 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:16 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:16 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:16 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 07:59 - 2014-12-05 21:21 - 00000000 ____D () C:\Users\g_
2015-05-23 07:59 - 2014-11-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-23 07:57 - 2014-11-25 17:34 - 00115131 _____ () C:\Windows\SysWOW64\Gms.log
2015-05-23 07:54 - 2014-12-05 21:35 - 00000000 ___RD () C:\Users\g_\Dropbox
2015-05-23 07:54 - 2014-12-05 21:30 - 00000000 ____D () C:\Users\g_\AppData\Roaming\Dropbox
2015-05-23 07:54 - 2014-12-05 21:23 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 07:53 - 2014-11-25 17:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 07:53 - 2009-07-14 06:51 - 00118886 _____ () C:\Windows\setupact.log
2015-05-23 07:36 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 07:36 - 2009-07-14 06:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 07:34 - 2014-11-25 17:29 - 01794051 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 07:32 - 2010-11-21 08:50 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2015-05-23 07:32 - 2010-11-21 08:50 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2015-05-23 07:32 - 2009-07-14 07:13 - 01622706 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-23 07:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 05:54 - 2014-12-11 15:45 - 00000000 ____D () C:\Users\petwoe
2015-05-20 05:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-20 05:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-19 17:25 - 2014-12-05 21:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 17:10 - 2014-12-05 21:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 17:10 - 2014-12-05 21:23 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 03:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 19:39 - 2014-12-05 21:35 - 00001032 _____ () C:\Users\g_\Desktop\Dropbox.lnk
2015-05-13 19:39 - 2014-12-05 21:34 - 00000000 ____D () C:\Users\g_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-13 19:35 - 2009-07-14 06:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-12 21:12 - 2014-12-07 12:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 21:12 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 21:09 - 2014-12-07 12:10 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-10 09:38 - 2010-11-21 05:47 - 00159084 _____ () C:\Windows\PFRO.log
2015-05-08 16:08 - 2014-11-25 17:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-08 16:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
Some files in TEMP:
====================
C:\Users\g_\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkldmnl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 03:23
==================== End of log ============================
Addition.txt Code:
Ran by g_ at 2015-05-23 08:00:44
Running from C:\Users\g_\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2663205234-3862822762-712595649-500 - Administrator - Disabled)
Gast (S-1-5-21-2663205234-3862822762-712595649-501 - Limited - Disabled)
g_ (S-1-5-21-2663205234-3862822762-712595649-1001 - Administrator - Enabled) => C:\Users\g_
HomeGroupUser$ (S-1-5-21-2663205234-3862822762-712595649-1002 - Limited - Enabled)
petwoe (S-1-5-21-2663205234-3862822762-712595649-1003 - Administrator - Enabled) => C:\Users\petwoe
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.8 - REINER SCT)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{76966FD2-4189-41F1-9CF6-9D177B4DEC97}) (Version: 2.0.42.1 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
DJI driver version 2.02 (HKLM-x32\...\{EDFDE5EE-84C7-4936-804C-6563943E5754}_is1) (Version: 2.02 - DJI)
DJI Phantom 2 Vision Assistant version 3.6 (HKLM-x32\...\{610B86FC-5F48-406E-B283-90A8CA0C0EFB}_is1) (Version: 3.6 - DJI)
DJI RC System Assistant version 1.2 (HKLM-x32\...\{2849F48E-8A08-4C43-AC8D-97A367F0DCB6}_is1) (Version: 1.2 - DJI)
Dropbox (HKU\S-1-5-21-2663205234-3862822762-712595649-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hirschalter_2013v2_setup (HKLM-x32\...\{9331BC32-7322-4639-A489-2520631251F1}) (Version: 13.02 - FIWI)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.0.27.1 (HKLM\...\PROSetDX) (Version: 19.0.27.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Omron Health Management Software (HKLM-x32\...\{5441F067-5AF8-4284-9A8C-FD98DF05C981}) (Version: 1.60.0003 - Omron Healthcare)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6032 - Realtek Semiconductor Corp.)
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L61 - PFU)
ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
ScanSnap Organizer (x32 Version: 4.1.61.1 - PFU LIMITED) Hidden
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Windows-Treiberpaket - dji-innovations inc. (usbser) Ports (12/06/2012 5.1.2600.5512) (HKLM\...\F731C4A8B354FB9B7579C5D98402D2F988E8B95C) (Version: 12/06/2012 5.1.2600.5512 - dji-innovations inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2663205234-3862822762-712595649-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g_\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-05-2015 19:50:58 Geplanter Prüfpunkt
08-05-2015 21:05:12 Windows Update
12-05-2015 20:14:46 Windows Update
12-05-2015 21:05:48 Windows Update
14-05-2015 03:00:32 Windows Update
17-05-2015 17:42:32 Removed Evernote v. 5.8.6
17-05-2015 17:45:03 Installed Evernote v. 5.8.6
19-05-2015 17:36:36 Windows Update
23-05-2015 07:33:10 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B9F0372-D0D1-4AE2-B4AE-CE2C1133C95C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {269F9A32-0A4C-4962-828E-0EBD8FD18D6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {28EA278F-7CA3-469F-B085-EE222FF28790} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {4D2CEE4E-D897-4122-BE59-DB75556FA629} - System32\Tasks\{CC97E99A-A6B9-4993-AFA4-4D738D730743} => pcalua.exe -a C:\Users\g_\Downloads\sp47515.exe -d C:\Users\g_\Downloads
Task: {B38B3501-5771-4148-AE81-948D813D203A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C9E3EA83-AD22-4D43-81B9-AC3514F216B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-04 16:39 - 2015-03-04 16:39 - 00074168 _____ () C:\Program Files\Dell\Dell Foundation Services\Dell.Notification.Agent.Plugins.SinkEngine.dll
2015-03-04 16:39 - 2015-03-04 16:39 - 00045480 _____ () C:\Program Files\Dell\Dell Foundation Services\Dell.Notification.SinkEngine.Common.dll
2015-03-04 16:39 - 2015-03-04 16:39 - 00036280 _____ () C:\Program Files\Dell\Dell Foundation Services\Dell.Notification.SinkEngine.Configuration.dll
2014-11-25 17:38 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-11-25 17:38 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-11-25 17:38 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-12-08 18:42 - 2007-05-31 08:38 - 00167936 _____ () C:\Windows\SysWOW64\SerialXP.dll
2014-04-29 17:23 - 2014-04-29 17:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-08 09:05 - 2012-01-18 17:35 - 00385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-12-08 09:05 - 2011-12-14 22:49 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-12-08 09:05 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-12-08 09:05 - 2010-08-24 17:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2015-05-23 07:54 - 2015-05-23 07:54 - 00043008 _____ () c:\users\g_\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkldmnl.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\g_\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\g_\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\g_\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\g_\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-05-16 18:43 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-16 18:43 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2014-11-25 17:38 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-11-25 17:38 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-11-25 17:38 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3945
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3999
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:4097
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2663205234-3862822762-712595649-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\g_\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94E001B4-A2C7-458A-9CF9-88264CAF2FB6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B51704E4-433C-46CB-BFD6-07DF4D055689}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{950733FF-57B1-46D4-BEC4-983C5A46625C}] => (Allow) C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{60AF0334-ED7A-46BF-8F98-0885FBAAFA6B}] => (Allow) C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A3642A41-612A-4547-B48F-A8154AB6F43F}C:\users\g_\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\g_\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{6A34D86D-379C-49D6-BEBC-F4DB51D7BCEF}C:\users\g_\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\g_\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{7561E4A5-9904-4099-914F-85240F25E265}C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe] => (Allow) C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe
FirewallRules: [UDP Query User{9B59A062-638A-47A2-B530-1B2E3C579D82}C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe] => (Allow) C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe
FirewallRules: [TCP Query User{3320FA2D-749F-48BB-8BC8-637D8CD6B65F}C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe] => (Allow) C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe
FirewallRules: [UDP Query User{FAD97BFB-0F7D-4285-B0F3-B91FB8111E4F}C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe] => (Allow) C:\program files (x86)\common files\pfu\scansnap\scantooffice\stocs\scantomobiletrans.exe
FirewallRules: [{907E5CAD-9EF1-46AB-8371-B91E145BAC87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2015 07:46:05 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/23/2015 07:28:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2015 07:55:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2015 05:58:51 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/14/2015 03:24:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/13/2015 07:35:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2015 09:38:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 07:44:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/08/2015 04:00:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2015 11:24:18 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (05/23/2015 07:29:28 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/13/2015 07:36:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/12/2015 09:07:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80080005 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB3023215)
Error: (05/12/2015 09:07:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (05/12/2015 09:06:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/10/2015 09:39:45 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/08/2015 04:01:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/02/2015 11:46:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.
Error: (04/30/2015 10:12:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.
Error: (04/29/2015 02:50:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR121 gefunden.
Microsoft Office:
=========================
Error: (05/23/2015 07:46:05 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dllC:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dll9
Error: (05/23/2015 07:28:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2015 07:55:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2015 05:58:51 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dllC:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dll9
Error: (05/14/2015 03:24:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dllC:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dll9
Error: (05/13/2015 07:35:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/10/2015 09:38:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/08/2015 07:44:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dllC:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dll9
Error: (05/08/2015 04:00:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/23/2015 11:24:18 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64C:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dllC:\Program Files (x86)\FIWI\Hirschalter_2013v2\R\Tcl\bin64\tk85.dll9
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz
Percentage of memory in use: 30%
Total physical RAM: 8097.9 MB
Available physical RAM: 5628.19 MB
Total Pagefile: 16194 MB
Available Pagefile: 13484.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:109 GB) (Free:52.75 GB) NTFS
Drive v: (RECOVERY) (Fixed) (Total:10.2 GB) (Free:2.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive w: (Videos) (Network) (Total:2780.66 GB) (Free:816.27 GB) NTFS
Drive x: (Music) (Network) (Total:2780.66 GB) (Free:816.27 GB) NTFS
Drive y: (Pictures) (Network) (Total:2780.66 GB) (Free:816.27 GB) NTFS
Drive z: (g_) (Network) (Total:2780.66 GB) (Free:816.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 5475176C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=109 GB) - (Type=07 NTFS)
==================== End of log ============================
Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-23 08:20:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 SAMSUNG_ rev.DXM0 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\g_\AppData\Local\Temp\kwldrfob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 74f0b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 74f0b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 74f88f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 74ee4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 74f88802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 74f889d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 74f886f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 74effc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750e1555 2 bytes JMP 74f068bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 74f88fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 74f88b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 74f886bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 74effd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 74f0b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 74f88e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 74f88651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 74f0b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 74f0b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 74f88f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 74ee4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 74f88802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 74f889d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 74f886f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 74effc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750e1555 2 bytes JMP 74f068bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 74f88fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 74f88b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 74f886bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 74effd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 74f0b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 74f88e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 74f88651 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 74f0b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 74f0b31a C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 74f88f09 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 74ee4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 74f88802 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 74f889d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 74f886f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 74effc78 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000750e1555 2 bytes JMP 74f068bf C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 74f88fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 74f88b22 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 74f886bc C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 74effd11 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 74f0b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 74f88e84 C:\Windows\syswow64\kernel32.dll
.text C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe[4584] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 74f88651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000750e1401 2 bytes JMP 74f0b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000750e1419 2 bytes JMP 74f0b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000750e1431 2 bytes JMP 74f88f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000750e144a 2 bytes CALL 74ee4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750e14dd 2 bytes JMP 74f88802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750e14f5 2 bytes JMP 74f889d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000750e150d 2 bytes JMP 74f886f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000750e1525 2 bytes JMP 74f88ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000750e153d 2 bytes JMP 74effc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000750e1555 2 bytes JMP 74f068bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000750e156d 2 bytes JMP 74f88fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000750e1585 2 bytes JMP 74f88b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000750e159d 2 bytes JMP 74f886bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750e15b5 2 bytes JMP 74effd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750e15cd 2 bytes JMP 74f0b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750e16b2 2 bytes JMP 74f88e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4876] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750e16bd 2 bytes JMP 74f88651 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3968:3648] 000007feeae79688
---- Processes - GMER 2.1 ----
Library c:\users\g_\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkldmnl.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584](2015-05-23 05:54:11) 0000000004d30000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000005fcf0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005cf0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000005f840000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005f550000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584](2015-03-04 21:45:30) 000000005f490000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005f2b0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005e2c0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005e0a0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005de40000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005de10000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584](2015-03-04 21:45:30) 0000000074440000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000005dde0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005dda0000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005dd50000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584](2015-03-04 21:45:30) 000000005dc70000
Library C:\Users\g_\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\g_\AppData\Roaming\Dropbox\bin\Dropbox.exe [4584](2015-03-04 21:45:30) 000000005dc30000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e8b1fc446d66
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e8b1fc446d66 (not active ControlSet)
---- EOF - GMER 2.1 ----
Danke für Eure Hilfe! |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
Emsisoft Emergency Kit herunter.