JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? Hi,
ich musste mir JDownloader 2 installieren und hab mir dann gleichzeitig mysearchdial hijack und Online Games Verknüpfung (Online Games mysearchdials) eingefangen. Beim versuch JDonwloader 2 zu deinstallieren kamm die Fehlermeldung Zitat:
Exception:
java.io.FileNotFoundException: C:\Users\***\AppData\Local\JDownloader v2.0\cfg\versioninfo\JDU\filelist.txt (Das System kann den angegebenen Pfad nicht finden)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at org.appwork.updatesys.client.FileList.walk(FileList.java:349)
at org.appwork.install4j.updatesys.Webinstaller.uninstallByID(Webinstaller.java:746)
at org.appwork.install4j.updatesys.Webinstaller.uninstall(Webinstaller.java:655)
at com.install4j.runtime.installer.UninstallerContextImpl$2.fetchValue(Unknown Source)
at com.install4j.runtime.installer.helper.comm.actions.FetchObjectAction.execute(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionDirect(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionInt(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionChecked(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.fetchObjectChecked(Unknown Source)
at com.install4j.runtime.installer.UninstallerContextImpl.performActionIntStatic(Unknown Source)
at com.install4j.runtime.installer.UninstallerContextImpl.performActionInt(Unknown Source)
at com.install4j.runtime.installer.ContextImpl.performAction(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.executeActions(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.handleCommand(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.start(Unknown Source)
at com.install4j.runtime.installer.Uninstaller.runInProcess(Unknown Source)
at com.install4j.runtime.installer.Uninstaller.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)
at com.install4j.runtime.launcher.WinLauncher.main(Unknown Source)
System properties:
java.runtime.name=Java(TM) SE Runtime Environment
exe4j.moduleName=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
exe4j.processCommFile=C:\Users\***\AppData\Local\Temp\e4j_p4224.tmp
exe4j.semaphoreName=Local\c:_users_***_appdata_local_jdownloader_v2.0_uninstall_jdownloader.exe
sun.boot.library.path=c:\users\***\appdata\local\jdownloader v2.0\jre\bin
java.vm.version=23.25-b01
java.vm.vendor=Oracle Corporation
java.vendor.url=hxxp://java.oracle.com/
exe4j.consoleCodepage=cp0
path.separator=;
java.vm.name=Java HotSpot(TM) 64-Bit Server VM
file.encoding.pkg=sun.io
user.country=DE
user.script=
sun.os.patch.level=
install4j.exeDir=C:\Users\***\AppData\Local\JDownloader v2.0\
java.vm.specification.name=Java Virtual Machine Specification
user.dir=C:\Users\***\AppData\Local
java.runtime.version=1.7.0_25-b16
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\endorsed
os.arch=amd64
java.io.tmpdir=C:\Users\***\AppData\Local\Temp\
line.separator=
java.vm.specification.vendor=Oracle Corporation
user.variant=
exe4j.tempDir=
os.name=Windows 8
sun.jnu.encoding=Cp1252
java.library.path=C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;c:\users\***\appdata\loca l\jdownloader v2.0\jre\bin
sun.awt.enableExtraMouseButtons=true
java.specification.name=Java Platform API Specification
java.class.version=51.0
sun.management.compiler=HotSpot 64-Bit Tiered Compilers
exe4j.isInstall4j=true
os.version=6.2
user.home=C:\Users\***
user.timezone=Europe/Berlin
java.awt.printerjob=sun.awt.windows.WPrinterJob
file.encoding=Cp1252
java.specification.version=1.7
java.class.path=C:\Users\***\AppData\Local\JDownloader v2.0\.install4j\i4jruntime.jar;C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j\user.jar;C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j\user\proxyVole.jar;;C:\Users\***\AppData\Local\JDownloader v2.0\jre\lib\deploy.jar;C:\Users\***\AppData\Local\JDownloader v2.0\jre\lib\plugin.jar;C:\Users\***\AppData\Local\JDownloader v2.0\JDownloader.jar
user.name=***
java.vm.specification.version=1.7
sun.java.command=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
java.home=c:\users\***\appdata\local\jdownloader v2.0\jre
sun.arch.data.model=64
exe4j.launchName=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
user.language=de
java.specification.vendor=Oracle Corporation
awt.toolkit=sun.awt.windows.WToolkit
java.vm.info=mixed mode
exe4j.unextractedPosition=0
java.version=1.7.0_25
java.ext.dirs=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
sun.boot.class.path=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\resources.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\rt.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\sunrsasign.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jsse.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jce.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\charsets.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jfr.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\classes
install4j.appDir=C:\Users\***\AppData\Local\JDownloader v2.0\
java.vendor=Oracle Corporation
file.separator=\
java.vendor.url.bug=hxxp://bugreport.sun.com/bugreport/
sun.io.unicode.encoding=UnicodeLittle
sun.cpu.endian=little
install4j.systemLanguage=de
sun.desktop=windows
sun.cpu.isalist=amd64
| Wie werde ich jetzt alles los?
ps.: Sytem Infos kommen gleich!
Die Sytem Infos... Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:54 on 19/07/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| OTL Logfile: Code:
OTL logfile created on: 19.07.2013 12:10:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,91 Gb Available Physical Memory | 86,43% Memory free
12,50 Gb Paging File | 11,29 Gb Available in Paging File | 90,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 66,83 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
Computer Name: BÜRODESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.19 12:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.07.03 23:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.06.20 14:48:37 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.20 14:48:21 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.20 14:48:21 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013.06.01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.06.20 14:48:37 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.20 14:48:24 | 000,811,064 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013.06.20 14:48:21 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.06.20 14:48:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.06.20 14:48:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.06.01 13:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.01 13:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.06.01 13:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.06.01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.05.08 13:29:12 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19A47CC2-9D45-DB02-B048-0CA434602A7D}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd72&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzytAyB0AtAzztAyCyC0F0AtN0D0Tzu0SyDyCyDtN1L2XzutBtFtBtFyEtFzzyDyDtN1L1Czu1L1C1H1B1QyBtB&cr=238750632&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 FB 93 76 5B 84 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Super Lyrics) - {B9020890-9E08-446B-87B0-0C5CD0436D86} - C:\Program Files (x86)\Super_Lyrics\116.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB43AF1-00A5-486D-B3CB-DC402B7785FD}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.18 17:03:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.07.19 12:09:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.19 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.07.19 11:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.07.19 11:08:04 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.07.19 11:08:04 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.07.19 11:08:04 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.07.19 11:08:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.07.19 11:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.07.19 11:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.07.19 11:05:07 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Microsoft
[2013.07.19 09:20:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
[2013.07.19 09:20:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\JDownloader v2.0
[2013.07.19 09:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.07.19 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera Software
[2013.07.19 08:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.07.19 08:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.07.19 08:34:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2013.07.18 21:54:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NVIDIA
[2013.07.18 19:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.18 19:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.07.18 17:24:46 | 000,287,840 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2013.07.18 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.07.18 17:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.18 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.07.18 17:16:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2013.07.18 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.18 17:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.07.18 16:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2013.07.18 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\***\.appwork
[2013.07.18 16:24:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera Software
[2013.07.18 15:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.07.18 15:57:00 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.07.18 15:51:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2013.07.18 15:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.07.18 15:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.18 15:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.07.16 21:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.07.15 20:48:35 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.07.15 20:40:55 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice
[2013.07.15 20:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013.07.15 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.07.15 20:05:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.07.15 20:05:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.07.15 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.07.15 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.15 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2013.07.15 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.07.15 19:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013.07.15 19:59:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packages
[2013.07.15 19:59:28 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2013.07.15 19:59:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.07.15 19:56:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.07.15 19:53:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013.07.15 19:50:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.07.15 19:36:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.07.15 18:53:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.07.19 12:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.19 12:09:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.19 12:07:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.19 12:07:38 | 2574,901,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 11:54:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.19 11:53:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.19 11:11:22 | 001,654,648 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.07.19 11:11:22 | 000,714,240 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.07.19 11:11:22 | 000,674,750 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.07.19 11:11:22 | 000,147,840 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.07.19 11:11:22 | 000,124,636 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.07.19 11:08:05 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.19 09:29:06 | 000,289,768 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.07.19 09:20:39 | 000,002,088 | ---- | M] () -- C:\Users\***\Desktop\JDownloader 2.lnk
[2013.07.19 09:19:59 | 000,000,385 | ---- | M] () -- C:\Users\***\Desktop\Online Games.url
[2013.07.19 09:19:58 | 000,329,620 | ---- | M] () -- C:\Users\***\AppData\Local\mysearchdial-speeddial.crx
[2013.07.18 21:55:51 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.07.18 21:53:43 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswSP.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswSnx.sys.sum
[2013.07.18 17:24:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2013.07.18 17:03:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.15 20:03:48 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013.07.15 20:03:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2013.07.15 19:50:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.06.21 14:06:36 | 000,061,216 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.06.21 14:06:36 | 000,053,024 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.06.21 14:06:36 | 000,021,578 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb
[2013.06.20 14:48:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.06.20 14:48:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.06.20 06:17:49 | 003,253,909 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.07.19 11:54:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.19 11:53:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.19 11:08:05 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.19 09:29:04 | 000,289,768 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.07.19 09:20:39 | 000,002,088 | ---- | C] () -- C:\Users\***\Desktop\JDownloader 2.lnk
[2013.07.19 09:19:59 | 000,000,385 | ---- | C] () -- C:\Users\***\Desktop\Online Games.url
[2013.07.18 21:54:22 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.07.18 21:53:43 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.07.18 21:08:14 | 000,386,642 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.07.18 21:03:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2013.07.18 21:03:54 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswSP.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswSnx.sys.sum
[2013.07.18 17:24:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\config.nt
[2013.07.18 17:03:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.18 16:28:12 | 000,329,620 | ---- | C] () -- C:\Users\***\AppData\Local\mysearchdial-speeddial.crx
[2013.07.16 21:58:38 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
[2013.07.15 20:14:59 | 000,031,841 | ---- | C] () -- C:\WINDOWS\ProfessionalWMC.xml
[2013.07.15 20:05:45 | 003,253,909 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2013.07.15 20:03:48 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013.07.15 20:03:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2013.07.15 20:00:00 | 000,001,438 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.15 19:50:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.07.15 19:50:30 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013.07.15 18:53:56 | 2574,901,247 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.07.19 10:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera Software
========== Purity Check ==========
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 19.07.2013 12:10:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,91 Gb Available Physical Memory | 86,43% Memory free
12,50 Gb Paging File | 11,29 Gb Available in Paging File | 90,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 66,83 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
Computer Name: BÜRODESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EF0026-22E7-4EEF-B582-01083FC35518}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F14A030-8DCA-4480-B3A2-0B4B229CEDB1}" = lport=445 | protocol=6 | dir=in | app=system |
"{0F24913A-3774-4C46-A217-BE12BBAE4FF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16132184-9950-46F6-92AA-4F737CDE1038}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2692E00D-6B32-4065-85BC-2A471D01F406}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26E4DF95-BD53-4BF8-9558-1366D545A1A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4403B768-F67C-4A9F-9285-3C1153BEC492}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55CA3833-2AE9-49F0-A0DC-0E8ECEF0864B}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A62FC91-14B6-468C-9773-03D6FC25D06F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{774E5BEA-3C79-4224-B27F-E4ABC144504F}" = rport=137 | protocol=17 | dir=out | app=system |
"{88F0BF6A-E3F3-48EB-89C1-BB1BA7580993}" = rport=139 | protocol=6 | dir=out | app=system |
"{9228CC64-A158-41AE-BA23-29D1E3014B3E}" = lport=138 | protocol=17 | dir=in | app=system |
"{B26E055D-EFCA-41A7-83A7-F682D365518A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B44D4CC1-EA0F-49CC-8B8E-E797532832F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4E51244-1F00-4C12-AF8D-4A4BAC0D7A95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3BF2FFB-8EFF-4461-938B-E1A41133B3A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0E57571-EFD2-4942-BCA8-D76237CBA838}" = rport=138 | protocol=17 | dir=out | app=system |
"{D85BCF07-2B90-4842-93CD-35925FA4475D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3DE65CB-81EC-4F1A-831D-02DDC9827013}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8D924C1-9E82-4F38-BACA-CECF6D783406}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC04431E-32CD-4156-ACFD-0B8765251EA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012726B8-47B8-4C70-8A92-7339C17784EA}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{03FA29CA-B76D-463C-8235-83258352719F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{10E89673-794F-4703-8200-382890CED81B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{18E3006C-74CC-42B9-B809-3A479AFA3385}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1A5931F8-D489-4540-98A5-0206F747C2C5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1CB6AD4C-D31A-41B4-BE97-114191494D27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23F728E8-E7AB-4A41-AD93-0F8FF91A8596}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{24F18129-9073-45B9-A41D-CDF0C581C0C3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{269B6314-86B1-4762-8CAF-920711398277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2749F89A-E25A-4BC7-84DA-F1C0F450C80A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2B2C5A02-5A4D-4170-A1F9-CAECF574A77C}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{2E1217B4-884D-4BEF-BC82-E81C9A4B97F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{35608C4D-974B-4C97-9050-4376DA0C0FB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38ABDD5D-D841-48B3-A851-DE080B1C1498}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DBF81EF-19D6-46CA-98A3-DF34F80716AE}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{413FE1E2-F623-4788-833A-0CF50BD95233}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{4679DE7E-514C-42D7-9D01-A48BAACA5828}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{4E25ECCE-2FCB-47CE-93B9-5399B45A92AD}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{60CF9028-8853-4879-8D78-D951BD53EA4B}" = protocol=6 | dir=out | app=system |
"{66B982BF-B31F-4C95-BD8D-C58CA010D056}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BF3DC46-40DD-4496-B85C-E162DDA46D75}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{6EF1FCA1-3F5B-4311-8924-4C50FC038A04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7359A345-D2F8-4D71-BC2E-1689D04E96BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78F8F129-4B58-4082-A056-ACE4DCA1D963}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{794D44F7-0338-468D-892E-042D6F196BF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CF3586B-76C2-46C0-B913-520EFBD25749}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{7F579887-E2E8-47E9-9834-844C46186B25}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{820FEC0C-7A8C-4BC8-A0A1-E5BC23AFCCE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8526807F-A1B6-4934-88DB-57AD92B8EA13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86643846-20CC-4A22-9E8D-6C912A5AE6C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A28F4366-BA29-4CDE-A681-ACC633547DFA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{AA01AFE9-C0E5-4E8A-BD75-933FAB2F90FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4CE7B9F-2B50-46E8-93CF-A390D79E8BF5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{BF27F77D-724A-4C30-B63D-83BEF09A2E5E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C7515C06-A8DB-4FAF-917B-6B90B8C23883}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9A997E3-3FA8-438B-8CE3-1695DCBF51FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D833DA58-84E2-4C1B-A3D2-914EF284660B}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9F2762E-10E5-4DEE-8B69-5BD319462D9D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FBC1DFF5-E5A8-45CD-A408-43B35CD85CFA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"TCP Query User{31D999BB-C371-4DD6-A6E7-53F9EE3EA07E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{F8EA6C80-9E74-4DAA-9BF1-E15A82BA616E}C:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe |
"UDP Query User{B992EDBA-811C-4802-A708-98FF52EE3454}C:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe |
"UDP Query User{D2F5E895-C146-4CA7-AD2A-3B79B3E8EF50}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"jdownloader2" = JDownloader 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.07.2013 13:44:35 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 18.07.2013 13:44:55 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 18.07.2013 13:45:08 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 18.07.2013 14:29:36 | Computer Name = BüroDesktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
0x50f9475d Name des fehlerhaften Moduls: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
0x50f9475d Ausnahmecode: 0xc0000417 Fehleroffset: 0x00051955 ID des fehlerhaften Prozesses:
0x1080 Startzeit der fehlerhaften Anwendung: 0x01ce83e4be724819 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update
Core\daemonu.exe Berichtskennung: ff482921-efd7-11e2-be6f-50e54937a383 Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 19.07.2013 04:27:54 | Computer Name = BüroDesktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628,
Zeitstempel: 0x51a94434 Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16604,
Zeitstempel: 0x5184a60b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000a43e6
ID
des fehlerhaften Prozesses: 0xb1c Startzeit der fehlerhaften Anwendung: 0x01ce8459bedb7001
Pfad
der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\System32\twinui.dll Berichtskennung: 1b563b4f-f04d-11e2-be72-50e54937a383
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 18.07.2013 14:27:09 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 18.07.2013 14:29:41 | Computer Name = BüroDesktop | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report > --- --- ---
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 12:56:04
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e OCZ-AGILITY3 rev.2.22 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\pwtoypog.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text C:\WINDOWS\system32\dwm.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fff00a1782 4 bytes [0A, F0, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fff00a1782 4 bytes [0A, F0, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fff00a1782 4 bytes [0A, F0, FF, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [448:472] fffff9600095f5e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1236595191
---- EOF - GMER 2.1 ---- --- --- --- |