Rheinfall | 14.02.2014 08:03 | Hallo Cosinus, die Logs über die Tools hatte ich erzeugt, bevor mir klar war, dass ich Eure TB-Hilfe in Anspruch nehmen wollte. Da mir der Inhalt der Logs nichts gesagt hat, habe ich sie leider vom Desktop entfernt.
Hier die fehlende Addition.txt und gmer.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by ***** at 2014-02-12 19:20:56
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122 - Adobe Systems, Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 2.0 (x32 Version: - )
Canon MP540 series Benutzerregistrierung (x32 Version: - )
Canon MP540 series MP Drivers (Version: - )
Canon Utilities CameraWindow DC 8 (x32 Version: 8.7.0.11 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (x32 Version: - )
Canon Utilities ImageBrowser EX (x32 Version: 1.4.0.5 - Canon Inc.)
Canon Utilities My Printer (x32 Version: - )
Canon Utilities PhotoStitch (x32 Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Solution Menu (x32 Version: - )
CCleaner (Version: 4.10 - Piriform)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.5.3416 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo dLAN Cockpit (x32 Version: 4.1.3.0 - devolo AG)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (x32 Version: 1.0.9 - Hewlett-Packard Company)
Eraser 6.0.10.2620 (Version: 6.0.2620 - The Eraser Project)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.2 (x32 Version: 4.1.2 - Ellora Assets Corporation)
Green Line 1 Sprachtrainer (x32 Version: 1.00.000 - Klett)
Helium Audio Joiner (build 263) (x32 Version: 1.8.0.263 - Imploded Software)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (x32 Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (x32 Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (x32 Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP My Display (x32 Version: 2.01.006 - Portrait Displays, Inc.)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (x32 Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (x32 Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Solutions Framework (x32 Version: 11.50.0011 - Hewlett-Packard Company)
HP System Event Utility (x32 Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (x32 Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (x32 Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
IrfanView (remove only) (x32 Version: 4.37 - Irfan Skiljan)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (x32 Version: 1.8.5 - F.J. Wechselberger)
Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 6.0 (x32 Version: 6.00.135 - Panasonic Corporation)
Pivot Software (x32 Version: 9.03.004 - Portrait Displays, Inc.) Hidden
QNAP Qfinder (x32 Version: 4.0.3.1025 - QNAP Systems, Inc.)
Realtek Card Reader (x32 Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (x32 Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
SDK (x32 Version: 2.33.005 - Portrait Displays, Inc.) Hidden
Sprachtrainer Fonts (x32 Version: 1.00.01 - Ernst Klett Verlag GmbH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 17.0.6.2 - Synaptics Incorporated)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Winamp (x32 Version: 5.666 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Restore Points =========================
07-02-2014 20:49:24 Geplanter Prüfpunkt
11-02-2014 20:27:29 Installed HP Support Solutions Framework
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0A6DA674-8E70-42CB-9FF9-AFC8B3145DAA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BBB8C1F-D7E0-47C6-BA49-EDC5B87FFB7A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {0DB81C06-0CA8-41E3-8CE4-50591EF55ABA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-01-24] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31C84CDA-BE99-4F7C-B984-C94364CCA3C8} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2013-10-25] (QNAP)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37189418-64E2-45E7-A8E8-3B40A769493F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {61E21360-E324-4E33-94FA-1AAB68C6969B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {675B76E5-E9D2-4A0E-B40A-254D07BDAEDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {84FEB1FA-1189-46CD-BDDB-83F87F6795CD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {907C564F-EAC9-4437-8003-ACCBA6BE8397} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-01-24] (Microsoft Corporation)
Task: {9C67117C-3B26-41E2-AD70-54FF0DEBC80B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A7BF565D-2E1D-42DF-95A6-7F9EF69F1165} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {BC5E083C-1997-4476-BD7E-8D95212CE114} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {C86F7CE7-6B5D-4A55-9981-64E73AD90F37} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D650567D-6715-4D19-B1F5-7284371B3DBF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC40CFD3-0DF0-4FE6-AC6C-05CBF91B1897} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {DFF90927-06FC-4D11-B47E-E531742E87A1} - System32\Tasks\HPCeeScheduleFor***** => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ED61F955-141D-424E-98F5-D4D6A85C6CBD} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {F62E9048-1C7F-45FA-87CE-C7668F741281} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFor*****.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-01-17 20:29 - 2013-01-10 15:26 - 00091944 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2014-01-17 20:28 - 2013-01-10 15:26 - 00275752 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2014-01-17 20:28 - 2009-03-03 11:42 - 00694824 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
2014-01-17 20:28 - 2009-03-03 11:42 - 00694824 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
2014-01-28 19:58 - 2014-01-28 19:58 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\600862031eb4d4cfdc6f4d2025a7990e\Windows.ApplicationModel.ni.dll
2014-01-16 19:05 - 2013-12-18 09:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-24 21:50 - 2014-01-24 21:50 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-17 20:29 - 2013-01-10 15:26 - 00086824 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2014-01-16 18:56 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-10-27 09:03 - 2013-10-27 09:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-03 20:58 - 2014-02-08 11:29 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-17 20:28 - 2009-03-03 11:40 - 00245760 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll
2014-01-17 20:28 - 2013-01-10 15:26 - 00189224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2014-01-17 20:28 - 2013-01-10 15:25 - 00123688 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
2014-01-25 15:16 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-17 20:29 - 2013-01-10 15:26 - 00164648 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/11/2014 07:09:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82036547
Error: (02/11/2014 07:09:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82036547
Error: (02/11/2014 07:09:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/11/2014 07:09:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82020922
Error: (02/11/2014 07:09:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82020922
Error: (02/11/2014 07:09:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/11/2014 07:08:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82005297
Error: (02/11/2014 07:08:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82005297
Error: (02/11/2014 07:08:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/11/2014 07:08:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 81990078
System errors:
=============
Error: (02/12/2014 06:07:07 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/11/2014 10:03:02 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/11/2014 09:24:18 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/11/2014 09:18:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (02/11/2014 09:18:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/11/2014 07:16:16 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/11/2014 07:15:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (02/11/2014 07:15:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/11/2014 07:12:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 10.02.2014 um 20:18:26 unerwartet heruntergefahren.
Error: (02/11/2014 07:10:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Microsoft Office Sessions:
=========================
Error: (02/11/2014 07:09:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82036547
Error: (02/11/2014 07:09:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82036547
Error: (02/11/2014 07:09:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/11/2014 07:09:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82020922
Error: (02/11/2014 07:09:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82020922
Error: (02/11/2014 07:09:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/11/2014 07:08:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 82005297
Error: (02/11/2014 07:08:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 82005297
Error: (02/11/2014 07:08:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/11/2014 07:08:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 81990078
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 7962.14 MB
Available physical RAM: 5049.75 MB
Total Pagefile: 16154.14 MB
Available Pagefile: 13116.77 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:909.79 GB) (Free:862.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 298DD091)
Partition: GPT Partition Type
==================== End Of Log ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-12 20:45:25
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c HGST_HTS541010A9E680 rev.JA0OA590 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\uwdyipow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000178700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000178710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1712] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1712] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1712] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1712] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4868] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4868] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4868] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4868] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffe1da530e0 7 bytes JMP 00007fff1cc802d0
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffe1da54478 7 bytes JMP 00007fff1cc80308
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffe1db011a8 7 bytes JMP 00007fff1cc80340
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffe1db0121c 7 bytes JMP 00007fff1cc803b0
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffe1db01668 7 bytes JMP 00007fff1cc80378
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffe1db072d0 7 bytes JMP 00007fff1cc80260
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffe1db2d5a4 7 bytes JMP 00007fff1cc80228
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffe1db2d614 7 bytes JMP 00007fff1cc80298
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffe1cc92124 7 bytes JMP 00007fff1cc800d8
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffe1cc950e8 5 bytes JMP 00007fff1cc80180
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe1cc952a0 5 bytes JMP 00007fff1cc80148
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffe1cc9a9b0 5 bytes JMP 00007fff1cc80110
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffe1d877b64 10 bytes JMP 00007fff1cc80490
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffe1d892910 5 bytes JMP 00007fff1cc80420
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffe1d894578 5 bytes JMP 00007fff1cc80458
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffe1d894980 9 bytes JMP 00007fff1cc803e8
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffe1db91500 8 bytes JMP 00007fff1cc801b8
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffe1db91750 8 bytes JMP 00007fff1cc801f0
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ffe1a64705c 5 bytes JMP 00007fff1a6300d8
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ffe1a647678 5 bytes JMP 00007fff1a630110
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\System32\dwm.exe[2540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5564] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[7704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[7704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[7704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[7704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7576] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7576] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7576] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7576] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\taskhostex.exe[7280] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\taskhostex.exe[7280] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\taskhostex.exe[7280] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\taskhostex.exe[7280] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3096] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3096] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3096] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3096] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxtray.exe[5248] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxtray.exe[5248] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxtray.exe[5248] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxtray.exe[5248] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxsrvc.exe[7904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxsrvc.exe[7904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxsrvc.exe[7904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxsrvc.exe[7904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\hkcmd.exe[8040] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\hkcmd.exe[8040] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\hkcmd.exe[8040] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\hkcmd.exe[8040] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5332] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5332] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5332] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Windows\System32\igfxpers.exe[5332] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5864] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5864] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5864] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5864] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8116] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[8116] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe[2768] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe[2768] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe[2768] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe[2768] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxext.exe[6652] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxext.exe[6652] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxext.exe[6652] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\WINDOWS\system32\igfxext.exe[6652] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe[6424] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1d17169a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe[6424] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1d1716a2 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe[6424] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1d17181a 4 bytes [17, 1D, FE, 7F]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe[6424] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1d171832 4 bytes [17, 1D, FE, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:744] 00000000008f1c24
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:5572] 0000000064ade54e
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:5772] 00000000639a0eb8
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:5776] 00000000639a0eb8
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:5780] 00000000639a0eb8
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:6128] 0000000063ce319b
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:6016] 0000000073271892
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:4456] 000000005e4f8d99
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4368:5104] 000000005e474b0d
Thread C:\WINDOWS\system32\csrss.exe [7396:4972] fffff960009884d0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4668:5440] 00000000008f1c24
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4668:6320] 0000000010002960
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4668:3492] 0000000010001070
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4668:7220] 0000000064ade54e
Thread C:\WINDOWS\Explorer.EXE [5028:6196] 00007ffe0a445130
Thread C:\WINDOWS\Explorer.EXE [5028:4892] 00007ffe12d91e40
Thread C:\WINDOWS\Explorer.EXE [5028:6204] 0000000002e82b00
Thread C:\WINDOWS\Explorer.EXE [5028:188] 0000000002e81000
Thread C:\WINDOWS\Explorer.EXE [5028:6860] 00007ffe197764f4
Thread C:\WINDOWS\Explorer.EXE [5028:7944] 00007ffe12798c54
Thread C:\WINDOWS\Explorer.EXE [5028:7360] 00007ffe1279d6bc
Thread C:\WINDOWS\Explorer.EXE [5028:5456] 00007ffe1123c904
Thread C:\WINDOWS\Explorer.EXE [5028:7132] 00007ffe10a7a760
Thread C:\WINDOWS\Explorer.EXE [5028:1184] 00007ffe1c0f7ea8
Thread C:\WINDOWS\Explorer.EXE [5028:7128] 00007ffe1d3d2764
Thread C:\WINDOWS\Explorer.EXE [5028:3612] 00007ffe1c961b54
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- |