| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.01.2013, 18:56
| #1 |
| |  "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." Hallo, ich habe mir einen Redirect-Virus eingefanten... wenn ich im internet surfe kommt manchmal "document has moved, redirecting" und dann bin ich auf einer total anderen seite. Mein System: Windows 8 x64 mein Norton Internet Security findet auch nichts... Das " Sophos Virus Removal Tool " hat auch nichts gefunden ... Anbei findet ihr die Logdateien von Malwarebytes Anti-Malware und OTL Kann mir jemand helfen? =) Hier die OTL.txt, da zu groß für den Anhang: Code:
ATTFilter OTL logfile created on: 20.01.2013 18:47:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,84 Gb Total Physical Memory | 5,01 Gb Available Physical Memory | 63,89% Memory free 15,84 Gb Paging File | 13,17 Gb Available in Paging File | 83,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,42 Gb Total Space | 354,27 Gb Free Space | 76,12% Space Free | Partition Type: NTFS Computer Name: STEFAN-LAPTOP | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.20 18:47:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe PRC - [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2013.01.20 09:31:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.19 13:37:01 | 003,494,992 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2013.01.19 12:32:55 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.01.19 08:21:48 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.01.19 08:19:27 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.01.19 08:06:13 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.19 03:01:34 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2013.01.19 03:01:33 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2013.01.19 03:01:32 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2013.01.16 21:09:18 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.04 16:47:30 | 001,167,424 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe PRC - [2012.11.13 14:08:14 | 003,500,568 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.08.22 15:04:22 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe PRC - [2012.08.22 15:04:20 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe PRC - [2012.08.18 18:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe PRC - [2012.02.27 20:01:56 | 000,076,960 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe PRC - [2011.12.16 05:38:48 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.12.16 05:38:46 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.12.16 05:38:24 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.01.19 13:37:01 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll MOD - [2013.01.19 12:32:55 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.01.19 11:29:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e2f7dbe3bf08df200a4cdcf2e0eb82fa\System.Runtime.Remoting.ni.dll MOD - [2013.01.19 11:29:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.01.19 08:27:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.01.19 08:27:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d69481589eca8074e7ebbcafd108a2ca\System.Windows.Forms.ni.dll MOD - [2013.01.19 08:26:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.01.19 08:26:34 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.01.19 08:26:31 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2013.01.19 08:21:53 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll MOD - [2013.01.19 08:21:47 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.01.19 08:21:47 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2013.01.19 08:21:47 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.01.19 08:21:47 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2013.01.19 08:21:47 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2013.01.16 21:09:33 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.12.29 11:34:47 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.09.13 23:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.08.23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012.08.22 15:04:22 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe MOD - [2012.08.22 15:04:20 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe MOD - [2012.07.06 03:01:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.1.0.24\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2013.01.20 09:31:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.19 12:32:56 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.19 08:21:48 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.19 08:06:13 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.19 07:20:46 | 000,028,560 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Programme\Elantech\ETDService.exe -- (ETDService) SRV - [2013.01.19 03:01:32 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.08.22 21:36:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService) SRV - [2012.08.22 20:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2012.08.18 18:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe -- (NIS) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.02.27 20:01:56 | 000,076,960 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2011.12.16 05:38:48 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.12.16 05:38:46 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.16 05:38:24 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.12.08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.19 08:27:39 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.01.19 07:20:42 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2013.01.19 02:56:20 | 000,447,352 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2013.01.19 02:48:26 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.12.11 10:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.10 18:26:44 | 000,776,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.08.07 22:18:20 | 001,132,192 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012.08.06 18:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.07.27 20:25:32 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymDS64.sys -- (SymDS) DRV:64bit: - [2012.07.27 20:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.22 18:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\symnets.sys -- (SymNetS) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2012.06.20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.03.29 08:26:12 | 000,342,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.02.24 00:56:26 | 003,545,088 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor) DRV - [2013.01.19 01:39:24 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130119.024\ex64.sys -- (NAVEX15) DRV - [2013.01.19 01:39:24 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130119.024\eng64.sys -- (NAVENG) DRV - [2013.01.17 16:30:20 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64) DRV - [2013.01.11 02:08:40 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.08.18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C F4 31 31 E7 F5 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: tXsGT9QxoKlmxUz0Kj%40mDvNgXhNdd92G6vn.com:11 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013.01.19 08:27:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.01.20 14:05:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 02:08:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 02:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2013.01.20 16:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\jowwxm0x.default\extensions [2013.01.20 16:28:10 | 000,003,702 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\jowwxm0x.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi [2013.01.19 02:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA9758BC-4BF6-40EC-A1DC-E1C34659DE06}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFEAAEAB-9D22-4D66-BFC1-829EFD37CC60}: DhcpNameServer = 192.168.2.1 192.168.179.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e3a9b050-61d6-11e2-be65-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3a9b050-61d6-11e2-be65-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\DistinguishOS.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 18:47:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2013.01.20 18:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.20 18:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.20 18:36:38 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.01.20 18:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.20 18:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013.01.20 18:17:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2013.01.20 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.01.20 17:03:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\NVIDIA [2013.01.20 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2013.01.20 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2013.01.20 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.20 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.20 16:52:02 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.20 16:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.20 16:51:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Programs [2013.01.20 10:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942 [2013.01.20 10:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World [2013.01.20 01:30:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Identities [2013.01.19 22:48:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\PunkBuster [2013.01.19 22:48:09 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Battlefield 3 [2013.01.19 22:47:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ESN [2013.01.19 22:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2013.01.19 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.01.19 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.01.19 22:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.01.19 22:38:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.01.19 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.01.19 13:37:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Origin [2013.01.19 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Origin [2013.01.19 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.01.19 13:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.01.19 13:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.01.19 13:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.01.19 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Criterion Games [2013.01.19 12:57:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.01.19 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.01.19 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2013.01.19 12:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2013.01.19 12:13:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\SystemRequirementsLab [2013.01.19 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.19 12:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.19 12:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.19 11:55:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Macromedia [2013.01.19 11:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.19 09:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2013.01.19 09:48:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\uTorrent [2013.01.19 08:27:39 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.01.19 08:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.01.19 08:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.01.19 08:27:35 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnets.sys [2013.01.19 08:27:35 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymELAM.sys [2013.01.19 08:27:34 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.sys [2013.01.19 08:27:34 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.sys [2013.01.19 08:27:34 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.sys [2013.01.19 08:27:34 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Ironx64.sys [2013.01.19 08:27:34 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.sys [2013.01.19 08:27:34 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.sys [2013.01.19 08:27:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.01.19 08:27:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1401000.018 [2013.01.19 08:26:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.01.19 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.01.19 08:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.01.19 08:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.01.19 08:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.01.19 08:24:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.19 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.19 08:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.01.19 08:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.01.19 08:10:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.01.19 08:10:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.01.19 08:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.19 08:08:06 | 000,000,000 | ---D | C] -- C:\temp [2013.01.19 08:05:57 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\VGA_NVIDIA_9.18.13.0546_W8x64 [2013.01.19 07:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2013.01.19 07:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2013.01.19 07:54:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Guild Wars 2 [2013.01.19 07:33:32 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2013.01.19 07:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2013.01.19 03:37:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Intel Corporation [2013.01.19 03:35:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.19 03:33:24 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.19 03:33:24 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.19 03:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.19 03:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.19 03:32:27 | 000,000,000 | ---D | C] -- C:\Dolby PCEE4 [2013.01.19 03:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [2013.01.19 03:32:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.19 03:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.19 03:31:54 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.01.19 03:31:54 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.19 03:31:54 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.19 03:31:54 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.19 03:31:54 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.19 03:31:53 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.01.19 03:31:53 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.01.19 03:31:53 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.01.19 03:31:53 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.01.19 03:31:52 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll [2013.01.19 03:31:52 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.19 03:31:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.19 03:31:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.19 03:31:52 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.19 03:31:52 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.19 03:31:52 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.19 03:31:51 | 007,598,456 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll [2013.01.19 03:31:51 | 007,163,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.01.19 03:31:51 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013.01.19 03:31:51 | 001,433,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.01.19 03:31:51 | 000,834,936 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.19 03:31:51 | 000,433,544 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.01.19 03:31:51 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.01.19 03:31:51 | 000,141,192 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.01.19 03:31:51 | 000,123,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.01.19 03:31:51 | 000,074,632 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.01.19 03:31:50 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.01.19 03:31:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.19 03:31:49 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.19 03:31:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.01.19 03:31:49 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.01.19 03:31:49 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.01.19 03:31:49 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.01.19 03:31:49 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.01.19 03:31:49 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.01.19 03:31:49 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.01.19 03:31:49 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.01.19 03:31:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.01.19 03:31:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.01.19 03:31:49 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.01.19 03:31:48 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.01.19 03:31:48 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013.01.19 03:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.19 03:31:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.19 03:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.19 03:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.19 03:31:10 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.19 03:04:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Macromedia [2013.01.19 03:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2013.01.19 03:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2013.01.19 03:02:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.01.19 03:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2013.01.19 03:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2013.01.19 03:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager [2013.01.19 03:02:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\lm [2013.01.19 02:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM [2013.01.19 02:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer [2013.01.19 02:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer [2013.01.19 02:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K [2013.01.19 02:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [2013.01.19 02:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Acer [2013.01.19 02:48:31 | 003,545,088 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013.01.19 02:48:31 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll [2013.01.19 02:48:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO [2013.01.19 02:48:29 | 000,442,528 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll [2013.01.19 02:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros [2013.01.19 02:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2013.01.19 02:45:38 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.01.19 02:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.01.19 02:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.01.19 02:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.01.19 02:43:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.01.19 02:43:33 | 000,000,000 | ---D | C] -- C:\Intel [2013.01.19 02:43:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.01.19 02:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.01.19 02:43:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\InstallShield [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Searches [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Contacts [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.19 02:29:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Adobe [2013.01.19 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\VirtualStore [2013.01.19 02:28:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Packages [2013.01.19 02:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Vorlagen [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Verlauf [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Temporary Internet Files [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Startmenü [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\SendTo [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Recent [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Netzwerkumgebung [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Lokale Einstellungen [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Videos [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Musik [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Eigene Dateien [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Bilder [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Druckumgebung [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Cookies [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Anwendungsdaten [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Anwendungsdaten [2013.01.19 02:28:29 | 000,000,000 | --SD | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Videos [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Saved Games [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Pictures [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Music [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Links [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Favorites [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Downloads [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Documents [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013.01.19 02:28:29 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData [2013.01.19 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Temp [2013.01.19 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft [2013.01.19 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.19 02:28:28 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2013.01.19 02:28:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.19 02:24:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.19 02:24:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.19 02:23:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.01.19 02:09:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla [2013.01.19 02:09:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Mozilla [2013.01.19 02:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.19 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.19 02:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.19 02:03:50 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\CrashDumps [2013.01.19 01:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.20 18:47:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2013.01.20 18:46:50 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2013.01.20 18:46:34 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe [2013.01.20 18:36:42 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.20 18:31:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.20 18:17:02 | 000,003,211 | ---- | M] () -- C:\Users\Stefan\Desktop\Sophos Virus Removal Tool.lnk [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.20 17:22:06 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.20 16:52:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.20 14:09:05 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.20 14:09:05 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.20 14:09:05 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.20 14:09:05 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.20 14:09:05 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.20 14:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.20 14:02:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.01.20 14:02:20 | 2441,379,839 | -HS- | M] () -- C:\hiberfil.sys [2013.01.20 13:56:23 | 530,690,274 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.20 12:30:25 | 000,281,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.20 10:20:43 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2013.01.20 10:16:04 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed World.lnk [2013.01.20 09:31:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.19 22:38:49 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.01.19 13:36:11 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.01.19 12:55:25 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.01.19 11:56:20 | 000,263,186 | ---- | M] () -- C:\Users\Stefan\Desktop\Minecraft.exe [2013.01.19 10:35:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.01.19 09:49:26 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013.01.19 09:48:39 | 000,007,609 | ---- | M] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg [2013.01.19 09:36:24 | 000,016,298 | ---- | M] () -- C:\Windows\SysNative\results.xml [2013.01.19 09:33:04 | 002,087,179 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Cat.DB [2013.01.19 08:27:39 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.01.19 08:27:39 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.01.19 08:27:39 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.01.19 08:19:01 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.01.19 07:55:07 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.01.19 07:20:42 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys [2013.01.19 03:32:28 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl [2013.01.19 03:02:17 | 000,000,184 | ---- | M] () -- C:\Windows\LMv7.UNI [2013.01.19 03:01:37 | 000,284,240 | ---- | M] (Dritek System Inc.) -- C:\Windows\UNINSTLMv7.EXE [2013.01.19 02:56:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013.01.19 02:25:55 | 000,052,435 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.19 02:25:55 | 000,052,435 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.19 02:08:58 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.19 01:39:08 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\VT20130115.021 [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.20 18:46:50 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2013.01.20 18:46:34 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe [2013.01.20 18:36:42 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.20 18:36:42 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.20 18:17:02 | 000,003,211 | ---- | C] () -- C:\Users\Stefan\Desktop\Sophos Virus Removal Tool.lnk [2013.01.20 16:52:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.20 12:30:02 | 000,281,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.20 10:20:43 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2013.01.20 10:16:04 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed World.lnk [2013.01.19 22:48:16 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.19 22:38:49 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.01.19 22:38:34 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.19 22:38:34 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.19 22:38:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.19 13:36:11 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.01.19 12:55:25 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.01.19 11:56:11 | 000,263,186 | ---- | C] () -- C:\Users\Stefan\Desktop\Minecraft.exe [2013.01.19 11:54:13 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.19 10:35:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.01.19 09:49:26 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013.01.19 09:48:39 | 000,007,609 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg [2013.01.19 09:36:24 | 000,016,298 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.01.19 08:27:40 | 002,087,179 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Cat.DB [2013.01.19 08:27:39 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.01.19 08:27:39 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.01.19 08:27:13 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA.inf [2013.01.19 08:27:13 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS.inf [2013.01.19 08:27:13 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymNet.inf [2013.01.19 08:27:13 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.inf [2013.01.19 08:27:13 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.inf [2013.01.19 08:27:13 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symELAM.inf [2013.01.19 08:27:13 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.inf [2013.01.19 08:27:13 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Iron.inf [2013.01.19 08:27:02 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymVTcer.dat [2013.01.19 08:27:01 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymELAM64.cat [2013.01.19 08:27:01 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.cat [2013.01.19 08:27:01 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.cat [2013.01.19 08:27:01 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.cat [2013.01.19 08:27:01 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnet64.cat [2013.01.19 08:27:01 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.cat [2013.01.19 08:27:01 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.cat [2013.01.19 08:27:01 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\iron.cat [2013.01.19 08:27:00 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\isolate.ini [2013.01.19 08:19:01 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.01.19 08:08:25 | 003,544,134 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.19 07:55:07 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.01.19 07:35:47 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk [2013.01.19 03:35:06 | 530,690,274 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.19 03:32:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.01.19 03:32:03 | 000,014,148 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.19 03:31:55 | 000,247,560 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat [2013.01.19 03:31:55 | 000,177,462 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT [2013.01.19 03:31:55 | 000,039,672 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT [2013.01.19 03:31:55 | 000,001,448 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat [2013.01.19 03:31:55 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat [2013.01.19 03:31:55 | 000,000,024 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat [2013.01.19 03:31:52 | 000,326,245 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.19 03:02:17 | 000,000,184 | ---- | C] () -- C:\Windows\LMv7.UNI [2013.01.19 02:56:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013.01.19 02:44:45 | 000,015,128 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.01.19 02:29:53 | 000,001,438 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.19 02:26:18 | 2441,379,839 | -HS- | C] () -- C:\hiberfil.sys [2013.01.19 02:24:03 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys [2013.01.19 02:08:58 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.19 02:08:58 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.19 01:43:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2013.01.19 01:43:39 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.01.19 01:42:57 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.01.19 01:39:49 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\VT20130115.021 [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.01.19 13:00:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.20 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2013.01.19 03:36:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\lm [2013.01.20 13:58:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Origin [2013.01.19 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
| Themen zu "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." |
| adobe, adobe flash player, autorun, bho, down, explorer, firefox, flash player, focus, format, home, installation, internet, launch, logfile, mozilla, nvidia, nvidia update, nvpciflt.sys, origin, plug-in, programme, realtek, registry, safer networking, scan, security, software, symantec, system, windows, windows xp |
Baum-Darstellung