| |  Troper-Gen
 Ich hab mir auf meinem Laptop mit Win8 einen Virus mit dem Namen "Troper-Gen" eingefangen, ich hoffe ihr könnt mir helfen.
Extras Zitat:
OTL Extras logfile created on: 09.01.2013 13:22:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas-PC\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,78% Memory free
5,45 Gb Paging File | 3,27 Gb Available in Paging File | 60,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 305,26 Gb Total Space | 244,49 Gb Free Space | 80,09% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 139,56 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 720,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DREA | User Name: Andreas-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{113D9814-BCC6-415E-B144-3184697AC27E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21EC58EA-2661-45D7-8DC2-2252D9FF1D5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F83034D-769A-428D-8B97-C6B1155CD627}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3198C044-4A1B-49B9-A00C-A0FDED46253C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{328A2178-3D58-4972-98FD-CAE183F461BC}" = rport=137 | protocol=17 | dir=out | app=system |
"{5176D65A-A2E5-4A44-A666-03D0DF8CF507}" = lport=139 | protocol=6 | dir=in | app=system |
"{65259BCD-EE9D-406B-BB5C-FE0B721FA16C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{883623F4-C4C5-46C2-9946-466ACC3652E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{92D02A41-642F-4FF4-87CF-8C291A8ABDE9}" = lport=138 | protocol=17 | dir=in | app=system |
"{9612651E-F754-4E4F-8715-E5B29AA703DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{99E6F241-22E8-42A9-93B7-6ADD94537010}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CEC51DA-D3F4-4119-A07D-7B398FE06906}" = rport=139 | protocol=6 | dir=out | app=system |
"{A85EAC7C-98A2-4A5E-99C8-8EC135D51F8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC8CC722-A225-4600-BDAC-FD4ACD7E3470}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9516007-4BDF-446E-BCD5-9384B6A4D6A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE8066DE-74F1-4784-9509-DE5DAD9C0E08}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BFB66476-3208-4711-864A-9AF92BABA78C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0B97EFA-7275-4321-A3AD-A01E43978619}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E5DB79ED-7141-48F2-86CF-CB0CE50C05E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EFDC1372-B0A5-4325-AE65-68D1BA3A9577}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F30AB283-AFB0-4E2B-92B7-858CDB7EA319}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF112353-52EF-4C4A-A050-06CA72D76A43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04135C20-394F-4413-990A-5DB403D5699D}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{0B7E46AD-75D4-462C-B9BE-E761A5F41533}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D524FA1-2AF4-4C54-A57E-C57215239B8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F68B1E6-1D0A-4B63-95D2-EB708E6A4995}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{103F2AE4-6844-4274-AB9F-574FB8BC9AD8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{11DE616B-0BF9-4693-AF1D-A0E189DC1D36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{12738261-D21D-4629-AFE7-02DADF7EAA37}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{1B3B133E-F8E3-4BFA-9B77-362E26A6905D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{225AE1D9-6611-4726-B54E-973A034DA812}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{25E9CF61-4F20-498D-9983-04E6FAE83DD2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{3193D3F6-8C2F-41B7-BFA4-A09977E89102}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3463D6FC-0A7A-40EF-A70E-542FA111DCE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37FD4BFB-C3AA-4BA0-BB78-1CAA93AB9276}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3C327B55-D8ED-4F6F-8FDE-48F0B591E446}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{50C09F31-E95F-490F-A34E-2D2322200A47}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{55C36EC4-48B5-4BB8-8412-4283901D6438}" = protocol=6 | dir=out | app=system |
"{5BD7EB4D-6E4F-4AE3-8BA7-D12523BB76B0}" = dir=out | name=windows_ie_ac_001 |
"{5C349701-0171-4C5D-A8EA-07B6753F0955}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63FF7693-9782-4294-9C56-BEFC83B19BF8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{6DA6F2DA-4DD5-4D4B-8CF6-D874E3B5C97B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7030134D-99F3-4C82-B5E5-506FA46B4ACF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D1AC622-98AD-4CB5-8087-D17BDEDFF4DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{82AA294D-6159-4D82-A84F-05BF0FCE025E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{82EE5F21-444B-485D-8E77-51984DC33A42}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{840AFFE0-B4E9-4EBE-A85E-098C7DB45242}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{85BBC75D-D39C-46F2-8004-89AEE783C374}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85F3C0A7-9D38-4866-BE08-06AE49511C76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87E957BB-466A-49B5-9784-2E9E8D29C5B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B37323D-5529-4CBB-A517-C15DA587838B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F5E84B1-DC09-4718-87F6-D9D654D3EECA}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{93FD320C-E360-44E7-9084-CCDB8A0F2E94}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{99527AF3-878E-40F7-9177-6B0BCEE6601F}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9B55AA49-47C0-4C64-8DEE-EFA6E7373E75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A032D274-5283-4878-BBF6-8F39295BE183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6F6F68E-22FB-40EA-A1A2-CE3D96F4D129}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A78CFF02-B476-4C55-9494-13F3D75420DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A798A913-6FE8-4423-AFFE-B3B306796E09}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B6CAB51B-1BAF-4B81-9CE3-68333D946CFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B7896257-0090-4A02-AF2C-921BB71455CB}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{CBFCE344-B499-49E2-97A6-941CCD05D918}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{CE10E839-3CED-41C6-9B2A-4BC83BF81D06}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{CE17E770-CE49-4740-A8CF-E69D68FA19A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0F8BDB9-1059-476B-8D80-7EBE75DE73A7}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{DEF105CF-4AA1-42EC-8B79-61F8E8977339}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2FC22DD-B0BC-42B2-B79E-B819A2504ECB}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F3A2B51E-9CAA-472E-9AF5-C298FB1FF9A0}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{F1290006-F37A-4CCE-BEBA-FBF97C66F787}" = calibre 64bit
"{FA8AB91A-0B41-4797-9015-9B3FBC7834CC}" = SCM
"A007E57753F87B14A4737DA95057F173950A6A3D" = Windows Driver Package - Intel (NETwNe64) net (09/12/2012 15.5.4.45)
"B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251" = KB9X Radio Switch Driver
"Elantech" = ETDWare PS/2-X64 11.13.0.2_WHQL
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201207
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OTTO plus_is1" = OTTO plus 3.0
"OttoQuickOrder" = OTTO Quick Order - Bestellsoftware
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"019" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"01D" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"01F" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"0404" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"0416" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"0804" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID
"0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
enthält den Win32-Fehlercode.
Error - 11.10.2012 18:59:21 | Computer Name = WIN-1K1U7R6TT16 | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 04.01.2013 20:37:44 | Computer Name = WIN-1K1U7R6TT16 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ChargeService.exe, Version: 1.2.10.0,
Zeitstempel: 0x4fbb4866 Name des fehlerhaften Moduls: ChargeService.exe, Version:
1.2.10.0, Zeitstempel: 0x4fbb4866 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00007a9a
ID
des fehlerhaften Prozesses: 0x624 Startzeit der fehlerhaften Anwendung: 0x01cdeadcd8a39712
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
Berichtskennung:
1e065593-56d0-11e2-be79-0ad683000000 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 04.01.2013 11:28:38 | Computer Name = Drea | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16384,
Zeitstempel: 0x50107ee0 Name des fehlerhaften Moduls: Flash.ocx, Version: 11.3.372.94,
Zeitstempel: 0x5005c977 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00123816 ID des fehlerhaften
Prozesses: 0xf6c Startzeit der fehlerhaften Anwendung: 0x01cdea880d3cfad9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx Berichtskennung:
691bb200-5683-11e2-be7b-0ad683000000 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
[ System Events ]
Error - 07.01.2013 04:59:35 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:01:20 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:02:30 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:05:52 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:10:06 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:10:16 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:15:14 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:16:02 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 05:22:11 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 07.01.2013 07:15:20 | Computer Name = Drea | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
< End of report >
| OTL Zitat:
OTL logfile created on: 09.01.2013 13:22:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas-PC\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,78% Memory free
5,45 Gb Paging File | 3,27 Gb Available in Paging File | 60,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 305,26 Gb Total Space | 244,49 Gb Free Space | 80,09% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 139,56 Gb Free Space | 97,82% Space Free | Partition Type: NTFS
Drive E: | 720,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DREA | User Name: Andreas-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.09 13:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas-PC\Desktop\OTL.exe
PRC - [2013.01.04 19:54:48 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2013.01.04 19:54:48 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.22 00:08:12 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.22 00:07:49 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.09.22 00:07:49 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.09.22 00:07:49 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.09.13 18:26:04 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\SCM\MSIService.exe
PRC - [2012.09.06 12:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.09.02 02:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.09.02 02:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.08.27 16:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.07.04 00:50:00 | 000,603,536 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012.05.23 00:14:08 | 000,142,904 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012.05.23 00:14:06 | 000,502,328 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2012.03.29 02:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011.08.30 00:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.07.26 05:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.07.26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.07.26 04:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 04:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.06.20 03:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.01.08 20:49:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.04 19:54:48 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.22 00:08:12 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.22 00:08:03 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.22 00:07:49 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.09.22 00:07:49 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.09.22 00:07:49 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.09.13 18:26:04 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\SCM\MSIService.exe -- (Micro Star SCM)
SRV - [2012.09.06 12:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.09.02 02:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.27 16:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.07.26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.05.23 00:14:08 | 000,142,904 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.22 00:08:34 | 000,295,760 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.09.22 00:08:29 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.09.22 00:08:28 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.09.22 00:08:23 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2012.09.22 00:08:11 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.22 00:07:53 | 009,004,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.22 00:07:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.09.22 00:07:45 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.09.22 00:07:41 | 004,293,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012.09.02 02:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.29 16:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.08.27 16:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012.08.06 19:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.07.26 06:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.07.26 06:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.07.26 06:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.07.26 05:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.07.26 05:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.07.26 05:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.07.26 03:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.14 02:53:54 | 000,297,744 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\ahcix64s.sys -- (ahcix64s)
DRV - [2010.01.18 18:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/home.php
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.04 11:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.01.04 11:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas-PC\AppData\Roaming\mozilla\Extensions
[2013.01.04 11:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Radio Manager] C:\Program Files (x86)\SCM\Radio Manager.exe (MSI)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe (MSI)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0686C031-E4B7-47BA-85F1-172F59095E9A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{905A6F80-AFE7-4682-80CD-8CC199DCB409}: DhcpNameServer = 10.101.0.123
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{edf41f16-56cf-11e2-be79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edf41f16-56cf-11e2-be79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011.04.02 14:49:56 | 000,007,168 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.09 13:16:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas-PC\Desktop\OTL.exe
[2013.01.09 12:02:45 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Malwarebytes
[2013.01.09 12:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 12:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 12:02:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.09 12:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.09 12:02:13 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Programs
[2013.01.07 09:04:25 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.01.05 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Otto Interaktiv
[2013.01.05 15:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Otto Versand
[2013.01.05 15:27:25 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\Documents\OTTO Quick Order
[2013.01.05 15:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OTTO plus
[2013.01.05 15:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OTTO plus
[2013.01.04 20:02:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\Desktop\Büro
[2013.01.04 19:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.04 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.04 19:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.01.04 19:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.04 19:34:38 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.04 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013.01.04 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.04 19:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.04 19:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.04 19:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.04 19:27:43 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Microsoft Help
[2013.01.04 19:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.04 19:27:13 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.04 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Macromedia
[2013.01.04 14:55:12 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\MigWiz
[2013.01.04 14:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAESTIA
[2013.01.04 14:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.04 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.04 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\WinZip
[2013.01.04 14:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAESTIA
[2013.01.04 12:45:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\Documents\Calibre Bibliothek
[2013.01.04 12:45:25 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\calibre
[2013.01.04 12:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2013.01.04 12:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
[2013.01.04 12:38:02 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Adobe
[2013.01.04 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.04 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.04 12:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.04 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.04 11:53:01 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\WinRAR
[2013.01.04 11:41:28 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Mozilla
[2013.01.04 11:41:28 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Mozilla
[2013.01.04 11:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.04 11:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.04 11:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.04 11:38:44 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Macromedia
[2013.01.04 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Diagnostics
[2013.01.04 10:55:16 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Intel Corporation
[2013.01.04 10:54:30 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\MSI
[2013.01.04 10:53:25 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.04 10:53:25 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Searches
[2013.01.04 10:53:25 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Contacts
[2013.01.04 10:53:25 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.04 10:53:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Adobe
[2013.01.04 10:52:20 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\VirtualStore
[2013.01.04 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Packages
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Vorlagen
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\AppData\Local\Verlauf
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\AppData\Local\Temporary Internet Files
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Startmenü
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\SendTo
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Recent
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Netzwerkumgebung
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Lokale Einstellungen
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Documents\Eigene Videos
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Documents\Eigene Musik
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Eigene Dateien
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Documents\Eigene Bilder
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Druckumgebung
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Cookies
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\AppData\Local\Anwendungsdaten
[2013.01.04 10:52:01 | 000,000,000 | -HSD | C] -- C:\Users\Andreas-PC\Anwendungsdaten
[2013.01.04 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Temp
[2013.01.04 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Local\Microsoft
[2013.01.04 10:51:59 | 000,000,000 | --SD | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Videos
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Saved Games
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Pictures
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Music
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Links
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Favorites
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Downloads
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Documents
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\Desktop
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.04 10:51:59 | 000,000,000 | R--D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.01.04 10:51:59 | 000,000,000 | -H-D | C] -- C:\Users\Andreas-PC\AppData
[2013.01.04 10:51:59 | 000,000,000 | ---D | C] -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.04 10:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2013.01.09 13:20:34 | 000,000,000 | ---- | M] () -- C:\Users\Andreas-PC\defogger_reenable
[2013.01.09 13:18:45 | 000,050,477 | ---- | M] () -- C:\Users\Andreas-PC\Desktop\Defogger.exe
[2013.01.09 13:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas-PC\Desktop\OTL.exe
[2013.01.09 12:50:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 12:02:38 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 11:06:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 10:03:26 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.08 10:03:22 | 3341,058,048 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 09:14:11 | 000,791,060 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.01.07 09:14:11 | 000,788,984 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.01.07 09:14:11 | 000,777,732 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.01.07 09:14:11 | 000,769,726 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.01.07 09:14:11 | 000,763,854 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013.01.07 09:14:11 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.07 09:14:11 | 000,731,582 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.01.07 09:14:11 | 000,713,560 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013.01.07 09:14:11 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.07 09:14:11 | 000,703,484 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013.01.07 09:14:11 | 000,495,782 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013.01.07 09:14:11 | 000,441,800 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.01.07 09:14:11 | 000,438,200 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.01.07 09:14:11 | 000,423,880 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013.01.07 09:14:11 | 000,422,458 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.01.07 09:14:11 | 000,174,554 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.01.07 09:14:11 | 000,162,890 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.01.07 09:14:11 | 000,160,510 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.01.07 09:14:11 | 000,158,362 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.01.07 09:14:11 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.07 09:14:11 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.01.07 09:14:11 | 000,155,144 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013.01.07 09:14:11 | 000,149,444 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013.01.07 09:14:11 | 000,147,116 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013.01.07 09:14:11 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.07 09:14:11 | 000,133,088 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013.01.07 09:14:11 | 000,133,088 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.01.07 09:14:11 | 000,133,088 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013.01.07 09:14:11 | 000,077,450 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.01.07 09:14:11 | 000,065,162 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.01.07 09:14:09 | 014,331,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.07 08:30:55 | 000,421,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.05 15:40:46 | 000,001,287 | ---- | M] () -- C:\Users\Andreas-PC\Desktop\startOttoQuickOrder - Verknüpfung.lnk
[2013.01.05 15:23:32 | 000,000,958 | ---- | M] () -- C:\Users\Andreas-PC\Desktop\OTTO plus.lnk
[2013.01.04 19:54:48 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2013.01.04 19:54:48 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2013.01.04 14:47:01 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\MAESTIA.lnk
[2013.01.04 12:45:17 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
[2013.01.04 12:31:11 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.04 11:41:10 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 11:32:27 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013.01.09 13:20:34 | 000,000,000 | ---- | C] () -- C:\Users\Andreas-PC\defogger_reenable
[2013.01.09 13:18:39 | 000,050,477 | ---- | C] () -- C:\Users\Andreas-PC\Desktop\Defogger.exe
[2013.01.09 12:02:38 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 11:59:10 | 000,000,663 | ---- | C] () -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bilder (2).lnk
[2013.01.09 11:58:54 | 000,000,663 | ---- | C] () -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bilder.lnk
[2013.01.07 08:30:42 | 000,421,792 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.05 15:40:46 | 000,001,287 | ---- | C] () -- C:\Users\Andreas-PC\Desktop\startOttoQuickOrder - Verknüpfung.lnk
[2013.01.05 15:23:32 | 000,000,958 | ---- | C] () -- C:\Users\Andreas-PC\Desktop\OTTO plus.lnk
[2013.01.04 19:56:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2013.01.04 19:56:06 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013.01.04 17:07:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.04 14:47:01 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\MAESTIA.lnk
[2013.01.04 12:45:17 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
[2013.01.04 12:31:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.04 12:31:11 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.04 11:41:10 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.04 11:41:10 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 11:32:27 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.04 10:53:17 | 000,001,448 | ---- | C] () -- C:\Users\Andreas-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.22 00:07:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.22 00:07:52 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.09.22 00:07:52 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.09.22 00:06:53 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.09.22 00:06:53 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.09.22 00:06:53 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.09.22 00:06:52 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.09.22 00:06:52 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.09.21 23:56:11 | 018,657,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.26 01:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.20 02:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.10.11 06:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.10.11 06:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.01.04 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas-PC\AppData\Roaming\calibre
========== Purity Check ==========
< End of report >
| Gimer Zitat:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-09 13:45:33
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003f WDC_WD5000BPVT-22HXZT3 rev.01.01A01 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\fgtoapow.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001f7300 7 bytes [C0, B7, 1C, 01, 00, EB, 9B]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001f7308 7 bytes [01, 99, E4, FF, 00, EB, E8]
---- User code sections - GMER 2.0 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7044] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7044] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[7044] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
.text C:\Windows\system32\nvvsvc.exe[7256] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Windows\system32\nvvsvc.exe[7256] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Windows\system32\nvvsvc.exe[7256] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
.text C:\Windows\system32\nvvsvc.exe[7256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fde029177a 4 bytes [29, E0, FD, 07]
.text C:\Windows\system32\nvvsvc.exe[7256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fde0291782 4 bytes [29, E0, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7368] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7368] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7368] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
.text C:\Windows\System32\igfxpers.exe[7020] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fde029177a 4 bytes [29, E0, FD, 07]
.text C:\Windows\System32\igfxpers.exe[7020] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fde0291782 4 bytes [29, E0, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3112] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3112] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[5844] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[5844] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[5844] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
.text C:\Windows\System32\rundll32.exe[7000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Windows\System32\rundll32.exe[7000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Windows\System32\rundll32.exe[7000] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6048] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fddd4a1532 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6048] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fddd4a153a 4 bytes [4A, DD, FD, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6048] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fddd4a165a 4 bytes [4A, DD, FD, 07]
---- Threads - GMER 2.0 ----
Thread C:\Windows\system32\csrss.exe [5292:6888] fffff960009485e8
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:7092] 0000000067b5fee5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:8672] 0000000067b58f6c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:8124] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:5804] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:3088] 00000000752274e5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:6020] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:2844] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:8608] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:4648] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:5948] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:6396] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:8432] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:1724] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:6972] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:700] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:6900] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:496] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:6388] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:3772] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:4628] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:1332] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:6064] 0000000074e6248a
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:5056] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:9052] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:5660] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:7100] 000000007030c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8376:4116] 0000000077e56ef8
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files\Windows Defender\MsMpEng.exe [320] 000007fddf0b0000
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
| Es wäre klasse wenn ihr mir helfen könntet.
Gruß Quasi
|
09.01.2013, 14:07
Linear-Darstellung
