|
Plagegeister aller Art und deren Bekämpfung: Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.07.2013, 14:32 | #1 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Hallo Leute, aus irgendeinem Grund werde ich dauern bei Facebook und anderen Internetseiten mit Werbung zugespamt wo unten dran steh ! ads not from this website ! kann mir da vllt jemand weiterhelfen ? lg Lovas |
30.07.2013, 14:45 | #2 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
30.07.2013, 18:07 | #3 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 7/30/2013 6:54:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marv\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11.98 Gb Total Physical Memory | 10.08 Gb Available Physical Memory | 84.12% Memory free 23.96 Gb Paging File | 22.00 Gb Available in Paging File | 91.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.54 Gb Total Space | 719.99 Gb Free Space | 78.38% Space Free | Partition Type: NTFS Drive D: | 12.87 Gb Total Space | 1.58 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Computer Name: MARV-HP | User Name: Marv | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CAE4279-75BB-45A0-9E03-3CF0D7957B96}" = rport=445 | protocol=6 | dir=out | app=system | "{11019523-E7DA-45E9-8332-AD3876F8E667}" = rport=137 | protocol=17 | dir=out | app=system | "{1F6C35E5-1789-4661-9F4A-5495334A03C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B0B45B4-51FF-43E1-96FC-7C113930AEB8}" = lport=137 | protocol=17 | dir=in | app=system | "{757DCE1E-CD52-4952-AB49-8385DBE44F36}" = lport=445 | protocol=6 | dir=in | app=system | "{953FB6EF-ABBD-4388-B3D8-43665040E388}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B1D98B58-2281-4459-94F8-4E670811847A}" = rport=138 | protocol=17 | dir=out | app=system | "{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{CB43B9A6-F9C3-477F-98F2-B165DD23E91B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D0D41F9C-06DD-4102-A623-94A542ED031E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D8D06593-01C4-4F82-9D8F-E89E46A4BC75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E0A7860C-F34C-43A2-AA5A-B70006D89BC0}" = rport=139 | protocol=6 | dir=out | app=system | "{E8FA9EB2-022F-44A6-A564-7CA7980F66CE}" = lport=139 | protocol=6 | dir=in | app=system | "{F97841AE-C7D2-4A43-82CC-1A8530F348C5}" = lport=138 | protocol=17 | dir=in | app=system | "{FBDB89E4-40C7-4A31-A8AC-E1E4C512CF7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{068B2735-3648-4CB7-B792-C2A8F5BA6523}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{0D2B6875-03F0-4621-B4EE-AC4747C9C06E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{0E62BDDF-E865-498A-9DFA-051016E6D0EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{11E3B4C2-C1BD-458F-877C-58EEC7F9EC5C}" = protocol=6 | dir=in | app=c:\wow\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{18190964-8B5C-4890-9D33-B1518AA4ABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | "{1886EC46-F36E-4A83-83FD-51B8B3275E51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | "{1E2DE15C-B5B9-4259-A765-F5565B6A9DB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "{2118F8A4-B7B4-4AAD-94B7-EA2D3FBFE557}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | "{22143931-9F95-49D1-928B-214873FF896F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{26EAFF00-CF4F-4471-9225-D994E1336CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{291F1DC8-6763-45A7-9F5B-F6FEC220FCF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2ADB7579-90AD-4516-B62E-C8D06E7DE584}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{2F44B827-EC06-4AA1-9F29-2EC177906FBA}" = protocol=17 | dir=in | app=c:\wow\world of warcraft\launcher.exe | "{2F86CE25-F95E-49B8-8D90-EBC45CFBE8EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | "{2FFC5521-5BA8-4921-BD1D-C55341248FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | "{320BF026-AE7E-4414-BB65-950F361E1BF0}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | "{3360EC3E-26BD-4AB9-83E3-307D38184D3C}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | "{364FDB61-0CD5-4173-AB84-CF62C1A3ECA4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{37EAA671-00C2-459F-B333-2AA785AF2A9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | "{3BD77D48-ECB3-44A8-A09A-C36AE4263B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | "{3DEC0DB3-98EB-4976-AF3D-BA78092103B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{42F0B067-FACD-43A5-9956-C70484EC1B9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | "{430A9297-253B-44D7-BAED-C377E965C2AC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{4329D1D1-76C1-48E2-91EA-44667B964830}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{4467EB55-62F9-4177-8F69-9A33DFB97CD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{51532817-4813-4401-B1C9-3BAE2AC61C23}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{57EB6DFD-B6F1-4AF3-AB1B-F7F9C006460B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{59A9275E-936D-45CE-90A5-8E11BD80E773}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{5ADF9FE0-7327-4452-984E-1DA10A7C3BE1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{5BF02FEC-F1F2-4133-88B5-DC29B75294C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{5DBB7125-8764-447E-AA23-1819AF845571}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{5E64954A-8618-4B57-9DBF-FFEB1ADE8AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{6264DD81-43B0-4E8E-9FF0-AF8FFD49E97C}" = protocol=58 | dir=in | app=system | "{6330C1B9-7D04-44D3-B302-32E92C0101E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{64AFB837-4115-4911-BC63-ECD94ABE5827}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{652B320E-BB4B-40B8-9033-21E2643CB6A0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{65E8DF57-E73E-4979-A1D1-DBBB2E3D5969}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{6A3315D2-8E8D-4E9D-8612-C049E5F28B32}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{6B481B71-E17D-4B15-BD52-1E0E73176090}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | "{6BB79193-E289-4FB8-A24C-8094759C8067}" = protocol=17 | dir=in | app=c:\wow\world of warcraft\launcher.patch.exe | "{6BE8619F-AC7A-49E0-A1EA-2FA7E6CCACE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | "{6E5E98E0-C467-409E-863F-146A5CA7A480}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | "{710C3E00-4F17-4DFC-A2C2-51A8CFB22FDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{7264ACBC-B5CD-4F48-9CBC-28828CA64E71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "{72D17936-DF7A-46C2-BDAA-C2C3470A172B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{739F0343-6D92-4CBD-9CB3-464983A9A7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{7772C83F-0698-464B-9592-8DB1F3CECEA8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{8019A9CD-A065-42F5-A768-7E59771C2F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{83043335-4F4F-4966-A323-4F5F36930E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | "{852E2E67-7327-48CF-8D7E-09E086E23DCA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{859AF957-3DD7-48CD-87E3-3FB0021848F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | "{8B3804AD-C1D7-40FF-8956-7FF965A3AB21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{8C22B513-1779-4F4A-A11F-F3921D2DFC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | "{8D1E4338-C2C7-4D6C-8381-5E26A4DB43F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | "{901BC7D7-73C5-408D-806D-17CD5F9BBA3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{919F6CF4-CCD1-45CD-9563-CE30102A1B50}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{97429FDB-479B-4982-901B-BD2D83A0AA0D}" = protocol=17 | dir=in | app=c:\wow\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{980A80CA-0C66-4815-AF35-940CDC32FD7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{98A0AE80-3DE0-4DBF-8D88-E79D09935419}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | "{98FD8012-4342-40BA-85EE-CD397E43288A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | "{9A46B132-22C6-4252-8DAD-31083D4F4F06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{9A9C8E57-0511-4C6C-AEF7-B78E64939838}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9C988C9D-8DCA-4A1B-9897-45FB10D27A60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{9E266393-8CDF-4C91-A8A5-E52D003AAEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{A39D9A38-62B2-461F-B412-626BEF0B2858}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A9180AF7-934F-487A-A9D3-F69D4F6A5FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{AADE1DFD-F71E-42C8-8746-EA707CF7B82D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | "{AD1AAD93-F40A-4851-8E36-DF0F762A1D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BEDEEDC1-4DEA-4031-A21E-5B5B4F613205}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{BF6815CD-9690-46E7-9A30-724465EEA21C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | "{C03C25AF-22C3-4179-8D19-EF53CAD8008C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C0583D36-55F2-4218-9A0D-C95187B7E905}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | "{C7219BA3-A38C-4E5A-B4A0-F66F821701F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{C7802FA5-461E-4154-9CB8-4EBFD17E0061}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{CBAF4B47-DD74-44F1-B571-5880CD92D526}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{CC82384E-4C88-47E6-A021-68DB024BAE6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | "{D1345674-D8C0-4B9D-8E44-0A4B965B38C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{D2A636D1-5C4E-4091-BA6B-9D73FBEB3AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D4F820FA-96AB-448E-9B9E-BF8B1A8ADB31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{D6349DDB-51C0-48D8-9133-76845C329D28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{DB0FD686-E85D-4587-93D2-377320593947}" = protocol=6 | dir=in | app=c:\wow\world of warcraft\launcher.patch.exe | "{DD701F4F-61FD-4333-8B08-81B559005407}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{DEC9A0D2-55BD-4251-87EF-BE1FDEADDCA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | "{E2ECCFAC-547A-4C24-BF94-188192F9D99A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | "{E502A41C-F824-4FC0-90E3-0FE219659F36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{E785CD61-349A-4331-AB2B-62F361611DEC}" = dir=in | app=c:\users\marv\documents\the war z\warz.exe | "{E79A49EA-F165-475D-82B6-3B83FB5D5BE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{E978C1B8-31DD-493D-8891-3C9395C45A53}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F2921749-87D6-4EFE-93DD-8C908833B1E4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F34EEF90-10E0-4953-A0DF-6D7832D00DE2}" = protocol=6 | dir=in | app=c:\wow\world of warcraft\launcher.exe | "{F3C7D3BC-653A-4B50-8832-244560A30B59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F96A5D42-D147-4B13-8E95-B0CC37C1F597}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{FB545546-6265-42D8-8676-4F83F0F42E8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | "TCP Query User{319F7A39-6B15-4DCF-9A92-CA4C61E97AF3}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "TCP Query User{3DCFEE93-876B-4A76-9B68-DD8A631291F6}C:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "TCP Query User{5EA6786A-9FF7-4922-84C0-001F47A493E1}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "TCP Query User{7C861EBA-AEC4-47C5-872A-D9FCE66F9E8B}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | "TCP Query User{9043395D-D953-464D-ACD4-1B0554BDA4CA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{16D983D1-6BDB-4024-BE75-E1B9B09C32C8}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | "UDP Query User{6FE88EAA-671A-44CC-A393-40216524C4F0}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | "UDP Query User{AC705F28-CED4-488D-BE64-5B137CB51AF8}C:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "UDP Query User{B8B30E5F-C18A-468C-9529-F28AB8E2A162}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "UDP Query User{EAC16B51-E598-42D1-9A31-CAB94A6EE812}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{D8A22D8A-0883-484B-92FA-765C5237EC6A}" = Free Driver Scout "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device "CPUID CPU-Z_is1" = CPUID CPU-Z 1.64.0 "Logitech Gaming Software" = Logitech Gaming Software 8.40 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.0.7 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter "{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36e136d1-209a-4733-9b4e-bcfa2797265a}" = Free Driver Scout "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian "{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai "{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}" = Alcor Micro USB Card Reader Driver "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese "{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2013 Home Edition "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish "{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common "{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian "{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Desura" = Desura "Desura_87986700025888" = Desura: Paranautical Activity "Diablo III" = Diablo III "FoxyDeal" = FoxyDeal "Fraps" = Fraps (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}" = Alcor Micro USB Card Reader Driver "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "Lyrics@LyricsContainer.co" = LyricsContainer "N360" = Norton 360 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "PDF Complete" = PDF Complete Special Edition "Plus-HD-2.4" = Plus-HD-2.4 "PunkBusterSvc" = PunkBuster Services "Steam App 105600" = Terraria "Steam App 108710" = Alan Wake "Steam App 113200" = The Binding of Isaac "Steam App 1250" = Killing Floor "Steam App 201790" = Orcs Must Die! 2 "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 204360" = Castle Crashers "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 213650" = Dwarfs F2P "Steam App 218230" = PlanetSide 2 "Steam App 240" = Counter-Strike: Source "Steam App 41070" = Serious Sam 3: BFE "Steam App 49520" = Borderlands 2 "Steam App 570" = Dota 2 "Steam App 730" = Counter-Strike: Global Offensive "VIP Access SDK" = VIP Access SDK (1.0.1.4) "Windows Utils" = Windows Utils "WinLiveSuite" = Windows Live Essentials "ZinioReader4" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/15/2013 2:16:58 AM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. Too many failures while downloading ranges: 2 Error - 7/15/2013 2:17:28 AM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed Error - 7/15/2013 3:46:21 AM | Computer Name = Marv-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0, Zeitstempel: 0x51e051dd Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015, Zeitstempel: 0x50b83c8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41f ID des fehlerhaften Prozesses: 0x150c Startzeit der fehlerhaften Anwendung: 0x01ce81289590b025 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\PlanetSide2.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: a3dda731-ed22-11e2-8438-3860778fe279 Error - 7/15/2013 1:31:10 PM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. Too many failures while downloading ranges: 2 Error - 7/15/2013 1:31:40 PM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed Error - 7/15/2013 2:01:30 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x890 Startzeit der fehlerhaften Anwendung: 0x01ce8182604dbbcd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 931715c4-ed78-11e2-ab8a-3860778fe279 Error - 7/15/2013 2:01:35 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x11fc Startzeit der fehlerhaften Anwendung: 0x01ce81855798ae07 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 95ee5c4a-ed78-11e2-ab8a-3860778fe279 Error - 7/15/2013 2:02:04 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1ac0 Startzeit der fehlerhaften Anwendung: 0x01ce8185693db13b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a73893fa-ed78-11e2-ab8a-3860778fe279 Error - 7/15/2013 2:04:48 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x750 Startzeit der fehlerhaften Anwendung: 0x01ce8185ca00daa0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 091a02d0-ed79-11e2-ab8a-3860778fe279 Error - 7/15/2013 2:14:14 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x18d0 Startzeit der fehlerhaften Anwendung: 0x01ce818718e96ab3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5a59ab09-ed7a-11e2-ab8a-3860778fe279 [ Hewlett-Packard Events ] Error - 4/2/2013 1:49:31 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000 Description = Error - 4/2/2013 1:51:44 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000 Description = Error - 4/2/2013 1:52:28 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000 Description = Error - 4/2/2013 1:53:18 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000 Description = [ System Events ] Error - 7/5/2013 10:53:25 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7030 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 7/5/2013 10:53:29 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error - 7/5/2013 10:53:29 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 7/8/2013 12:06:52 PM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7034 Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 7/10/2013 2:29:33 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 7/10/2013 2:29:33 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 7/10/2013 6:49:32 AM | Computer Name = Marv-HP | Source = BROWSER | ID = 8032 Description = Error - 7/10/2013 11:52:42 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 7/10/2013 11:52:42 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 7/11/2013 1:21:20 PM | Computer Name = Marv-HP | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden. < End of report > |
30.07.2013, 18:09 | #4 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/30/2013 6:54:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marv\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11.98 Gb Total Physical Memory | 10.08 Gb Available Physical Memory | 84.12% Memory free 23.96 Gb Paging File | 22.00 Gb Available in Paging File | 91.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.54 Gb Total Space | 719.99 Gb Free Space | 78.38% Space Free | Partition Type: NTFS Drive D: | 12.87 Gb Total Space | 1.58 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Computer Name: MARV-HP | User Name: Marv | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/30 18:53:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Downloads\OTL.exe PRC - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013/07/27 15:16:24 | 000,709,120 | ---- | M] (Windows Net) -- C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/06/09 15:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/06/09 15:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2013/03/29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:64bit: - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012/04/24 20:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2010/10/11 12:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013/07/27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/06/12 18:26:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/04 15:05:06 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/07/09 09:26:12 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/06/21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2013/05/23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/17 17:27:56 | 000,040,696 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService) DRV:64bit: - [2013/05/16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/05/09 04:23:38 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:64bit: - [2013/05/07 16:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013/04/25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/24 12:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013/04/16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2013/04/10 11:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2013/03/29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/03/29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/03/05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw) DRV:64bit: - [2012/04/24 20:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/31 11:01:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2011/12/31 10:39:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/12/31 10:39:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/21 01:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011/04/21 01:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/08/18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010/04/27 19:43:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu) DRV:64bit: - [2009/11/24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/10/20 11:03:16 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013/07/29 11:59:12 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\ex64.sys -- (NAVEX15) DRV - [2013/07/29 11:59:12 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\eng64.sys -- (NAVENG) DRV - [2013/07/08 11:16:31 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/08 11:16:31 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/07/06 04:18:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130727.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/02 03:01:42 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F410269C-CFC8-4744-971B-DF17D3FD835C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKCU\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/07/30 18:50:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/07/08 17:52:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\125.xpi [2013/04/16 19:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions [2013/07/29 21:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions [2013/07/29 21:51:25 | 000,000,000 | ---D | M] ("Plus-HD-2.4") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com [2013/07/29 21:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\staged [2013/07/29 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com\chrome\content\extensionCode [2013/06/22 10:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/04/17 14:14:37 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Marv\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Battlefield Heroes = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\ CHR - Extension: Google-Suche = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Plus-HD-2.4) - {11111111-1111-1111-1111-110311341134} - C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-bho.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe (Windows Net) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001B9B5E-958A-4C68-A5E8-F264E017B527}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACF081F-C756-495C-B1C9-4F590E714AB7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/30 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor™ Warfighter [2013/07/30 15:24:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013/07/30 00:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013/07/30 00:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013/07/30 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013/07/30 00:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013/07/30 00:40:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/07/30 00:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013/07/30 00:38:04 | 000,033,008 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys [2013/07/30 00:34:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\WinBatch [2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmUStor [2013/07/30 00:31:14 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013/07/30 00:31:06 | 000,000,000 | ---D | C] -- C:\Intel [2013/07/30 00:31:01 | 000,000,000 | ---D | C] -- C:\temp [2013/07/29 21:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2013/07/29 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW 2013 Home Edition [2013/07/29 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Programs [2013/07/29 21:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater [2013/07/29 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Windows Net Data [2013/07/29 21:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal [2013/07/29 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Freemium Driver Utilities [2013/07/29 21:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDriverScout [2013/07/29 21:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium [2013/07/29 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013/07/29 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium [2013/07/29 21:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013/07/29 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\DownloadGuide [2013/07/29 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Shiner [2013/07/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Robot Entertainment [2013/07/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Robot Entertainment [2013/07/28 15:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits Magic Desktop for HP [2013/07/17 23:06:47 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Remedy [2013/07/16 20:14:22 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Dwarfs [2013/07/16 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\vlc [2013/07/16 19:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/07/15 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2013/07/15 20:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2013/07/15 20:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013/07/09 09:24:40 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys [2013/07/09 09:24:39 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys [2013/07/09 09:24:39 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys [2013/07/09 09:24:39 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys [2013/07/09 09:24:39 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys [2013/07/09 09:24:39 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys [2013/07/09 09:24:39 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys [2013/07/09 09:24:39 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys [2013/07/09 09:24:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1404000.028 [2013/07/08 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013/07/08 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Conduit [2013/07/08 17:52:12 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/07/08 17:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/07/08 17:51:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64 [2013/07/08 17:51:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2013/07/08 17:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2013/07/08 17:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Origin [2013/07/04 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Origin [2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013/07/04 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013/07/04 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\SCE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/30 18:54:57 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/30 18:54:57 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/30 18:47:49 | 000,001,830 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-firefoxinstaller.job [2013/07/30 18:47:49 | 000,001,286 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-updater.job [2013/07/30 18:47:46 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-codedownloader.job [2013/07/30 18:47:46 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-enabler.job [2013/07/30 18:47:43 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job [2013/07/30 18:47:40 | 000,001,906 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-chromeinstaller.job [2013/07/30 18:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/30 18:47:26 | 1058,258,942 | -HS- | M] () -- C:\hiberfil.sys [2013/07/30 15:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/30 15:24:20 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk [2013/07/30 15:24:00 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/07/30 15:23:52 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013/07/30 14:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job [2013/07/30 11:59:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job [2013/07/30 11:16:46 | 001,819,324 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB [2013/07/30 00:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2013/07/30 00:43:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf [2013/07/30 00:39:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2013/07/29 21:53:34 | 000,001,033 | ---- | M] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk [2013/07/29 21:51:56 | 000,001,942 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2013/07/29 21:50:24 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk [2013/07/29 21:19:32 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarv.job [2013/07/29 12:27:07 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url [2013/07/17 14:33:02 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Alan Wake.url [2013/07/17 14:32:21 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Terraria.url [2013/07/17 14:32:18 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url [2013/07/17 14:32:14 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\PlanetSide 2.url [2013/07/17 14:32:11 | 000,000,220 | ---- | M] () -- C:\Users\Marv\Desktop\Killing Floor.url [2013/07/17 14:32:06 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url [2013/07/17 14:32:03 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url [2013/07/17 14:32:00 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Castle Crashers.url [2013/07/17 14:31:57 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url [2013/07/17 14:31:53 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url [2013/07/17 14:31:49 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Borderlands 2.url [2013/07/17 10:36:07 | 000,510,899 | ---- | M] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe [2013/07/13 12:02:07 | 000,002,366 | ---- | M] () -- C:\Users\Marv\Desktop\Google Chrome.lnk [2013/07/11 19:39:26 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/11 19:39:26 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/07/11 19:39:26 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/11 19:39:26 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/07/11 19:39:26 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/10 17:51:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/07/10 08:18:26 | 000,001,100 | ---- | M] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk [2013/07/09 22:01:16 | 000,000,462 | ---- | M] () -- C:\Users\Marv\Desktop\HouseTime.asx [2013/07/09 22:00:25 | 000,000,470 | ---- | M] () -- C:\Users\Marv\Desktop\TechnoBase.asx [2013/07/09 19:25:19 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/07/09 09:26:12 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/07/09 09:26:12 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/07/09 09:26:12 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/07/08 17:54:59 | 000,000,009 | ---- | M] () -- C:\END [2013/07/08 17:50:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/04 15:24:08 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013/07/02 03:03:16 | 001,590,994 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/07/01 21:18:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARV-HP$.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/30 15:24:19 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk [2013/07/30 00:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2013/07/30 00:43:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf [2013/07/30 00:39:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2013/07/29 21:53:34 | 000,001,033 | ---- | C] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk [2013/07/29 21:51:56 | 000,001,942 | ---- | C] () -- C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2013/07/29 21:51:45 | 000,001,286 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-updater.job [2013/07/29 21:51:41 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-enabler.job [2013/07/29 21:51:38 | 000,001,198 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-codedownloader.job [2013/07/29 21:51:22 | 000,001,830 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-firefoxinstaller.job [2013/07/29 21:51:19 | 000,001,906 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-chromeinstaller.job [2013/07/29 21:50:23 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk [2013/07/29 12:27:07 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url [2013/07/17 14:33:02 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Alan Wake.url [2013/07/17 14:32:21 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Terraria.url [2013/07/17 14:32:18 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url [2013/07/17 14:32:14 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\PlanetSide 2.url [2013/07/17 14:32:11 | 000,000,220 | ---- | C] () -- C:\Users\Marv\Desktop\Killing Floor.url [2013/07/17 14:32:06 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url [2013/07/17 14:32:03 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url [2013/07/17 14:32:00 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Castle Crashers.url [2013/07/17 14:31:57 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url [2013/07/17 14:31:53 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url [2013/07/17 14:31:49 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Borderlands 2.url [2013/07/17 10:36:17 | 000,510,899 | ---- | C] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe [2013/07/15 20:50:09 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013/07/15 20:03:47 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job [2013/07/10 08:18:26 | 000,001,100 | ---- | C] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk [2013/07/09 22:01:21 | 000,000,462 | ---- | C] () -- C:\Users\Marv\Desktop\HouseTime.asx [2013/07/09 22:00:31 | 000,000,470 | ---- | C] () -- C:\Users\Marv\Desktop\TechnoBase.asx [2013/07/09 19:24:28 | 001,819,324 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB [2013/07/09 09:26:59 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021 [2013/07/09 09:24:40 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat [2013/07/09 09:24:40 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat [2013/07/09 09:24:40 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf [2013/07/09 09:24:39 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat [2013/07/09 09:24:39 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat [2013/07/09 09:24:39 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat [2013/07/09 09:24:39 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat [2013/07/09 09:24:39 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf [2013/07/09 09:24:39 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf [2013/07/09 09:24:39 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf [2013/07/09 09:24:39 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf [2013/07/09 09:24:39 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf [2013/07/09 09:24:39 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf [2013/07/09 09:24:39 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf [2013/07/09 09:24:20 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat [2013/07/09 09:24:20 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat [2013/07/09 09:24:20 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini [2013/07/08 17:54:36 | 000,000,009 | ---- | C] () -- C:\END [2013/07/08 17:52:12 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/07/08 17:52:12 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/07/08 17:52:10 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/07/04 15:24:08 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013/05/24 21:12:26 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2013/05/24 21:12:26 | 000,000,232 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2013/05/24 21:12:14 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2013/05/24 21:12:14 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini [2013/05/24 21:12:14 | 000,000,112 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2013/04/17 22:30:55 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/04/17 22:30:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013/03/30 17:58:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/03/30 16:13:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2013/03/29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013/03/29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012/12/19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/12/19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/12/31 11:01:55 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2011/12/31 10:52:59 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/07/17 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.minecraft [2013/04/23 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.technic [2013/04/04 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Curse Advertising [2013/04/17 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoft [2013/07/16 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Dwarfs [2013/05/13 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ftblauncher [2013/03/30 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Leadertech [2013/04/12 21:25:47 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\LolClient [2013/07/30 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Origin [2013/06/22 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\SoftGrid Client [2013/04/26 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Teeworlds [2013/03/30 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TP [2013/07/16 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TS3Client [2013/07/30 00:34:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\WinBatch [2013/07/29 21:51:56 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Windows Net Data ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013/03/30 16:19:08 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2013/03/30 17:56:08 | 000,000,000 | ---D | M] -- C:\AMD [2011/02/11 19:00:41 | 000,000,000 | -HSD | M] -- C:\Boot [2013/07/30 11:16:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013/06/22 10:19:13 | 000,000,000 | ---D | M] -- C:\Fraps [2011/12/31 11:02:35 | 000,000,000 | RHSD | M] -- C:\hp [2013/07/30 00:31:06 | 000,000,000 | ---D | M] -- C:\Intel [2013/04/02 12:59:48 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013/07/30 00:44:02 | 000,000,000 | R--D | M] -- C:\Program Files [2013/07/30 15:23:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013/07/30 00:42:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/02/11 21:24:35 | 000,000,000 | -HSD | M] -- C:\Recovery [2013/04/16 13:19:20 | 000,000,000 | ---D | M] -- C:\SWSETUP [2013/07/30 18:56:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013/03/30 16:18:58 | 000,000,000 | RH-D | M] -- C:\SYSTEM.SAV [2013/07/30 00:46:32 | 000,000,000 | ---D | M] -- C:\temp [2013/03/30 16:12:58 | 000,000,000 | R--D | M] -- C:\Users [2013/07/30 11:18:02 | 000,000,000 | ---D | M] -- C:\Windows [2013/06/22 10:25:07 | 000,000,000 | ---D | M] -- C:\WoW < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 07:08:49 | 000,032,628 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013/03/30 16:18:40 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMARV-HP$.job [2013/03/30 16:34:13 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job [2013/03/30 16:34:13 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job [2013/04/16 13:28:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013/06/12 19:29:09 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMarv.job [2013/07/15 20:03:47 | 000,000,406 | ---- | C] () -- C:\Windows\Tasks\LyricsContainer Update.job [2013/07/29 21:51:19 | 000,001,906 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-chromeinstaller.job [2013/07/29 21:51:22 | 000,001,830 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-firefoxinstaller.job [2013/07/29 21:51:38 | 000,001,198 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job [2013/07/29 21:51:41 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-enabler.job [2013/07/29 21:51:45 | 000,001,286 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-updater.job < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: AHCIX86S.SYS > [2013/03/11 00:03:26 | 000,243,960 | ---- | M] (Advanced Micro Devices, Inc) MD5=0A365981E36E06A3684C59FE74F7192E -- C:\temp\e651fbbdf7ca158bfb48bd8f3b7d530b\Packages\Drivers\SBDrv\hseries\RAID\W8\ahcix86s.sys [2012/12/10 04:02:36 | 000,238,936 | ---- | M] (Advanced Micro Devices, Inc) MD5=64D26A4E5BD72B9E87E1CEF439FA4BBD -- C:\temp\e651fbbdf7ca158bfb48bd8f3b7d530b\Packages\Drivers\SBDrv\hseries\RAID\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/12/31 10:36:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/12/31 10:36:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/12/31 10:36:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/12/31 10:36:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/12/31 10:36:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/12/31 10:36:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\SWSETUP\DRV\Storage\Intel\RST\10.5\x64\iaStor.sys [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_63a9e23bdf18fe5e\iaStor.sys [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_8e151c6491cbb9c5\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013/07/30 18:59:50 | 004,980,736 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT [2013/07/30 18:59:50 | 000,262,144 | -HS- | M] () -- C:\Users\Marv\ntuser.dat.LOG1 [2013/03/30 16:12:58 | 000,000,000 | -HS- | M] () -- C:\Users\Marv\ntuser.dat.LOG2 [2013/04/02 20:20:42 | 001,048,576 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms [2013/04/02 20:20:42 | 001,048,576 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms [2013/04/02 20:20:42 | 001,048,576 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms [2013/04/02 20:20:42 | 000,065,536 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf [2013/03/30 16:20:25 | 000,065,536 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2013/03/30 16:20:25 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2013/03/30 16:20:25 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013/04/21 10:00:16 | 000,065,536 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{77e761f0-aa59-11e2-852e-806e6f6e6963}.TM.blf [2013/04/21 10:00:16 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{77e761f0-aa59-11e2-852e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2013/04/21 10:00:16 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{77e761f0-aa59-11e2-852e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2013/03/30 16:12:58 | 000,000,020 | -HS- | M] () -- C:\Users\Marv\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Hier ich hoffe du kannst mir weiterhelfen ! |
30.07.2013, 18:16 | #5 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL [2013/07/29 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Windows Net Data PRC - [2013/07/27 15:16:24 | 000,709,120 | ---- | M] (Windows Net) -- C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe O4 - Startup: C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe (Windows Net) :files :Commands [emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
30.07.2013, 20:00 | #6 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Hi, nächstes mal, bitte kurze Rückmeldung, wenn was hochgeladen wurde, in den Uploadchannel, sonst musst du leider was länger warten. Es sind 2 Logs zu posten, bitte gleichzeitig. 1. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
2. Scan mit Combofix
__________________ --> Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) |
30.07.2013, 20:30 | #7 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) 21:09:14.0601 4400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:09:15.0083 4400 ============================================================ 21:09:15.0083 4400 Current date / time: 2013/07/30 21:09:15.0083 21:09:15.0083 4400 SystemInfo: 21:09:15.0083 4400 21:09:15.0083 4400 OS Version: 6.1.7601 ServicePack: 1.0 21:09:15.0083 4400 Product type: Workstation 21:09:15.0083 4400 ComputerName: MARV-HP 21:09:15.0083 4400 UserName: Marv 21:09:15.0083 4400 Windows directory: C:\Windows 21:09:15.0083 4400 System windows directory: C:\Windows 21:09:15.0083 4400 Running under WOW64 21:09:15.0083 4400 Processor architecture: Intel x64 21:09:15.0083 4400 Number of processors: 8 21:09:15.0083 4400 Page size: 0x1000 21:09:15.0083 4400 Boot type: Normal boot 21:09:15.0083 4400 ============================================================ 21:09:16.0303 4400 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:09:16.0317 4400 ============================================================ 21:09:16.0317 4400 \Device\Harddisk0\DR0: 21:09:16.0317 4400 MBR partitions: 21:09:16.0317 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:09:16.0317 4400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72D14800 21:09:16.0317 4400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72D47000, BlocksNum 0x19BF000 21:09:16.0317 4400 ============================================================ 21:09:16.0339 4400 C: <-> \Device\Harddisk0\DR0\Partition2 21:09:16.0383 4400 D: <-> \Device\Harddisk0\DR0\Partition3 21:09:16.0383 4400 ============================================================ 21:09:16.0383 4400 Initialize success 21:09:16.0383 4400 ============================================================ 21:09:41.0626 4400 ============================================================ 21:09:41.0626 4400 Scan started 21:09:41.0626 4400 Mode: Manual; SigCheck; TDLFS; 21:09:41.0626 4400 ============================================================ 21:09:42.0245 4400 ================ Scan system memory ======================== 21:09:42.0245 4400 System memory - ok 21:09:42.0245 4400 ================ Scan services ============================= 21:09:42.0354 4400 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:09:42.0403 4400 1394ohci - ok 21:09:42.0415 4400 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:09:42.0426 4400 ACPI - ok 21:09:42.0438 4400 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:09:42.0470 4400 AcpiPmi - ok 21:09:42.0551 4400 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:09:42.0564 4400 AdobeARMservice - ok 21:09:42.0642 4400 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:09:42.0654 4400 AdobeFlashPlayerUpdateSvc - ok 21:09:42.0681 4400 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:09:42.0698 4400 adp94xx - ok 21:09:42.0720 4400 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:09:42.0734 4400 adpahci - ok 21:09:42.0738 4400 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:09:42.0750 4400 adpu320 - ok 21:09:42.0773 4400 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:09:42.0816 4400 AeLookupSvc - ok 21:09:42.0875 4400 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 21:09:42.0903 4400 AESTFilters - ok 21:09:42.0933 4400 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:09:42.0962 4400 AFD - ok 21:09:42.0986 4400 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:09:42.0997 4400 agp440 - ok 21:09:43.0017 4400 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:09:43.0031 4400 ALG - ok 21:09:43.0058 4400 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:09:43.0068 4400 aliide - ok 21:09:43.0101 4400 [ 310F86335B0505DDC6D2DD48E66EF06B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:09:43.0136 4400 AMD External Events Utility - ok 21:09:43.0147 4400 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:09:43.0157 4400 amdide - ok 21:09:43.0168 4400 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:09:43.0186 4400 AmdK8 - ok 21:09:43.0323 4400 [ 79CC9BE187E3144E1B58A54B842475E7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:09:43.0500 4400 amdkmdag - ok 21:09:43.0532 4400 [ 07561D3B7FD99F6E186C49C2D0628E38 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:09:43.0548 4400 amdkmdap - ok 21:09:43.0565 4400 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:09:43.0593 4400 AmdPPM - ok 21:09:43.0616 4400 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:09:43.0624 4400 amdsata - ok 21:09:43.0652 4400 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:09:43.0661 4400 amdsbs - ok 21:09:43.0673 4400 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:09:43.0680 4400 amdxata - ok 21:09:43.0693 4400 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:09:43.0728 4400 AppID - ok 21:09:43.0749 4400 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:09:43.0786 4400 AppIDSvc - ok 21:09:43.0819 4400 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 21:09:43.0842 4400 Appinfo - ok 21:09:43.0881 4400 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:09:43.0891 4400 Apple Mobile Device - ok 21:09:43.0928 4400 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 21:09:43.0981 4400 arc - ok 21:09:44.0055 4400 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:09:44.0089 4400 arcsas - ok 21:09:44.0186 4400 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:09:44.0194 4400 aspnet_state - ok 21:09:44.0227 4400 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:09:44.0276 4400 AsyncMac - ok 21:09:44.0278 4400 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 21:09:44.0284 4400 atapi - ok 21:09:44.0343 4400 [ 4E5C72F003BFCB75701480DDCA5F0F09 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 21:09:44.0363 4400 AtiHDAudioService - ok 21:09:44.0399 4400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:09:44.0453 4400 AudioEndpointBuilder - ok 21:09:44.0458 4400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:09:44.0486 4400 AudioSrv - ok 21:09:44.0514 4400 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:09:44.0546 4400 AxInstSV - ok 21:09:44.0572 4400 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:09:44.0593 4400 b06bdrv - ok 21:09:44.0610 4400 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:09:44.0632 4400 b57nd60a - ok 21:09:44.0667 4400 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:09:44.0692 4400 BDESVC - ok 21:09:44.0699 4400 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:09:44.0728 4400 Beep - ok 21:09:44.0755 4400 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:09:44.0787 4400 BFE - ok 21:09:44.0959 4400 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys 21:09:44.0979 4400 BHDrvx64 - ok 21:09:45.0008 4400 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:09:45.0053 4400 BITS - ok 21:09:45.0104 4400 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 21:09:45.0127 4400 blbdrive - ok 21:09:45.0159 4400 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:09:45.0187 4400 bowser - ok 21:09:45.0210 4400 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:09:45.0237 4400 BrFiltLo - ok 21:09:45.0240 4400 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:09:45.0257 4400 BrFiltUp - ok 21:09:45.0284 4400 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:09:45.0307 4400 Browser - ok 21:09:45.0323 4400 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:09:45.0351 4400 Brserid - ok 21:09:45.0353 4400 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:09:45.0373 4400 BrSerWdm - ok 21:09:45.0375 4400 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:09:45.0386 4400 BrUsbMdm - ok 21:09:45.0388 4400 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:09:45.0397 4400 BrUsbSer - ok 21:09:45.0407 4400 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:09:45.0428 4400 BTHMODEM - ok 21:09:45.0465 4400 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:09:45.0489 4400 bthserv - ok 21:09:45.0547 4400 [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys 21:09:45.0553 4400 ccSet_N360 - ok 21:09:45.0574 4400 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:09:45.0606 4400 cdfs - ok 21:09:45.0640 4400 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:09:45.0662 4400 cdrom - ok 21:09:45.0690 4400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:09:45.0723 4400 CertPropSvc - ok 21:09:45.0735 4400 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 21:09:45.0747 4400 circlass - ok 21:09:45.0757 4400 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:09:45.0774 4400 CLFS - ok 21:09:45.0831 4400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:09:45.0837 4400 clr_optimization_v2.0.50727_32 - ok 21:09:45.0870 4400 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:09:45.0877 4400 clr_optimization_v2.0.50727_64 - ok 21:09:45.0938 4400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:09:45.0958 4400 clr_optimization_v4.0.30319_32 - ok 21:09:45.0972 4400 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:09:45.0985 4400 clr_optimization_v4.0.30319_64 - ok 21:09:46.0008 4400 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 21:09:46.0032 4400 CmBatt - ok 21:09:46.0035 4400 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:09:46.0044 4400 cmdide - ok 21:09:46.0078 4400 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 21:09:46.0094 4400 CNG - ok 21:09:46.0109 4400 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 21:09:46.0116 4400 Compbatt - ok 21:09:46.0132 4400 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:09:46.0151 4400 CompositeBus - ok 21:09:46.0158 4400 COMSysApp - ok 21:09:46.0194 4400 [ 2285B31039611D509F6120D691CA661F ] CpqDfw C:\Windows\system32\drivers\CpqDfw.sys 21:09:46.0201 4400 CpqDfw - ok 21:09:46.0248 4400 [ 10FB0FF62AF6262BF88E3607E2AE2A69 ] cqcpu C:\Windows\system32\drivers\cqcpu.sys 21:09:46.0254 4400 cqcpu - ok 21:09:46.0270 4400 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:09:46.0277 4400 crcdisk - ok 21:09:46.0299 4400 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:09:46.0321 4400 CryptSvc - ok 21:09:46.0376 4400 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 21:09:46.0392 4400 cvhsvc - ok 21:09:46.0420 4400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:09:46.0458 4400 DcomLaunch - ok 21:09:46.0477 4400 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:09:46.0514 4400 defragsvc - ok 21:09:46.0552 4400 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe 21:09:46.0559 4400 Desura Install Service - ok 21:09:46.0574 4400 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:09:46.0603 4400 DfsC - ok 21:09:46.0628 4400 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:09:46.0660 4400 Dhcp - ok 21:09:46.0678 4400 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:09:46.0713 4400 discache - ok 21:09:46.0741 4400 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 21:09:46.0748 4400 Disk - ok 21:09:46.0768 4400 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:09:46.0785 4400 Dnscache - ok 21:09:46.0810 4400 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:09:46.0843 4400 dot3svc - ok 21:09:46.0854 4400 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:09:46.0887 4400 DPS - ok 21:09:46.0910 4400 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:09:46.0924 4400 drmkaud - ok 21:09:46.0954 4400 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:09:46.0970 4400 DXGKrnl - ok 21:09:46.0991 4400 EagleX64 - ok 21:09:47.0005 4400 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:09:47.0034 4400 EapHost - ok 21:09:47.0075 4400 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:09:47.0111 4400 ebdrv - ok 21:09:47.0162 4400 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 21:09:47.0171 4400 eeCtrl - ok 21:09:47.0187 4400 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:09:47.0208 4400 EFS - ok 21:09:47.0241 4400 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:09:47.0253 4400 elxstor - ok 21:09:47.0287 4400 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 21:09:47.0294 4400 EraserUtilRebootDrv - ok 21:09:47.0302 4400 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:09:47.0320 4400 ErrDev - ok 21:09:47.0383 4400 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:09:47.0421 4400 EventSystem - ok 21:09:47.0453 4400 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:09:47.0476 4400 exfat - ok 21:09:47.0490 4400 ezSharedSvc - ok 21:09:47.0501 4400 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:09:47.0536 4400 fastfat - ok 21:09:47.0566 4400 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:09:47.0590 4400 Fax - ok 21:09:47.0619 4400 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 21:09:47.0634 4400 fdc - ok 21:09:47.0647 4400 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:09:47.0669 4400 fdPHost - ok 21:09:47.0676 4400 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:09:47.0712 4400 FDResPub - ok 21:09:47.0738 4400 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:09:47.0745 4400 FileInfo - ok 21:09:47.0759 4400 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:09:47.0781 4400 Filetrace - ok 21:09:47.0783 4400 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:09:47.0791 4400 flpydisk - ok 21:09:47.0801 4400 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:09:47.0811 4400 FltMgr - ok 21:09:47.0858 4400 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 21:09:47.0876 4400 FontCache - ok 21:09:47.0905 4400 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:09:47.0911 4400 FontCache3.0.0.0 - ok 21:09:47.0968 4400 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 21:09:47.0976 4400 FPLService - ok 21:09:47.0995 4400 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:09:48.0003 4400 FsDepends - ok 21:09:48.0024 4400 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:09:48.0031 4400 Fs_Rec - ok 21:09:48.0052 4400 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:09:48.0063 4400 fvevol - ok 21:09:48.0082 4400 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:09:48.0090 4400 gagp30kx - ok 21:09:48.0124 4400 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:09:48.0130 4400 GEARAspiWDM - ok 21:09:48.0155 4400 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:09:48.0184 4400 gpsvc - ok 21:09:48.0222 4400 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 21:09:48.0229 4400 hamachi - ok 21:09:48.0241 4400 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:09:48.0256 4400 hcw85cir - ok 21:09:48.0276 4400 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:09:48.0293 4400 HdAudAddService - ok 21:09:48.0319 4400 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:09:48.0337 4400 HDAudBus - ok 21:09:48.0339 4400 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:09:48.0349 4400 HidBatt - ok 21:09:48.0361 4400 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:09:48.0372 4400 HidBth - ok 21:09:48.0403 4400 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 21:09:48.0413 4400 HidIr - ok 21:09:48.0433 4400 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:09:48.0456 4400 hidserv - ok 21:09:48.0467 4400 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:09:48.0475 4400 HidUsb - ok 21:09:48.0484 4400 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:09:48.0514 4400 hkmsvc - ok 21:09:48.0524 4400 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:09:48.0539 4400 HomeGroupListener - ok 21:09:48.0564 4400 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:09:48.0582 4400 HomeGroupProvider - ok 21:09:48.0649 4400 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 21:09:48.0652 4400 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning 21:09:48.0652 4400 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1) 21:09:48.0690 4400 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 21:09:48.0699 4400 HPClientSvc - ok 21:09:48.0734 4400 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 21:09:48.0751 4400 hpqwmiex - ok 21:09:48.0783 4400 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:09:48.0791 4400 HpSAMD - ok 21:09:48.0816 4400 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:09:48.0852 4400 HTTP - ok 21:09:48.0860 4400 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:09:48.0867 4400 hwpolicy - ok 21:09:48.0876 4400 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 21:09:48.0885 4400 i8042prt - ok 21:09:48.0901 4400 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys 21:09:48.0913 4400 iaStor - ok 21:09:48.0953 4400 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:09:48.0964 4400 iaStorV - ok 21:09:48.0992 4400 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys 21:09:48.0998 4400 ICCWDT - ok 21:09:49.0035 4400 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:09:49.0050 4400 idsvc - ok 21:09:49.0150 4400 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130727.001\IDSvia64.sys 21:09:49.0167 4400 IDSVia64 - ok 21:09:49.0262 4400 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:09:49.0332 4400 igfx - ok 21:09:49.0353 4400 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:09:49.0360 4400 iirsp - ok 21:09:49.0380 4400 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:09:49.0416 4400 IKEEXT - ok 21:09:49.0506 4400 [ DDA8E5AD97231AB50B81FED04C28F64C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 21:09:49.0535 4400 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning 21:09:49.0535 4400 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic (1) 21:09:49.0585 4400 [ 86FE509640D77FB0998FC8B1FF5523C6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 21:09:49.0600 4400 Intel(R) Capability Licensing Service TCP IP Interface - ok 21:09:49.0628 4400 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:09:49.0635 4400 intelide - ok 21:09:49.0655 4400 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:09:49.0677 4400 intelppm - ok 21:09:49.0696 4400 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:09:49.0731 4400 IPBusEnum - ok 21:09:49.0733 4400 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:09:49.0755 4400 IpFilterDriver - ok 21:09:49.0790 4400 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:09:49.0810 4400 iphlpsvc - ok 21:09:49.0837 4400 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:09:49.0845 4400 IPMIDRV - ok 21:09:49.0857 4400 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:09:49.0889 4400 IPNAT - ok 21:09:49.0911 4400 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:09:49.0924 4400 iPod Service - ok 21:09:49.0946 4400 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:09:49.0957 4400 IRENUM - ok 21:09:49.0970 4400 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:09:49.0977 4400 isapnp - ok 21:09:49.0996 4400 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:09:50.0006 4400 iScsiPrt - ok 21:09:50.0057 4400 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 21:09:50.0066 4400 jhi_service - ok 21:09:50.0085 4400 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:09:50.0093 4400 kbdclass - ok 21:09:50.0097 4400 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:09:50.0117 4400 kbdhid - ok 21:09:50.0129 4400 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:09:50.0136 4400 KeyIso - ok 21:09:50.0158 4400 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:09:50.0166 4400 KSecDD - ok 21:09:50.0208 4400 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:09:50.0216 4400 KSecPkg - ok 21:09:50.0234 4400 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:09:50.0264 4400 ksthunk - ok 21:09:50.0291 4400 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:09:50.0324 4400 KtmRm - ok 21:09:50.0359 4400 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:09:50.0398 4400 LanmanServer - ok 21:09:50.0411 4400 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:09:50.0447 4400 LanmanWorkstation - ok 21:09:50.0473 4400 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys 21:09:50.0479 4400 LGBusEnum - ok 21:09:50.0502 4400 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys 21:09:50.0507 4400 LGVirHid - ok 21:09:50.0532 4400 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:09:50.0562 4400 lltdio - ok 21:09:50.0594 4400 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:09:50.0634 4400 lltdsvc - ok 21:09:50.0647 4400 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:09:50.0685 4400 lmhosts - ok 21:09:50.0772 4400 [ 36DCEA3101D8CB56852EF5D7A4079164 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:09:50.0791 4400 LMS - ok 21:09:50.0825 4400 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:09:50.0839 4400 LSI_FC - ok 21:09:50.0862 4400 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:09:50.0875 4400 LSI_SAS - ok 21:09:50.0878 4400 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:09:50.0890 4400 LSI_SAS2 - ok 21:09:50.0894 4400 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:09:50.0905 4400 LSI_SCSI - ok 21:09:50.0914 4400 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:09:50.0946 4400 luafv - ok 21:09:50.0971 4400 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 21:09:50.0978 4400 megasas - ok 21:09:50.0983 4400 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:09:50.0993 4400 MegaSR - ok 21:09:51.0016 4400 [ CFBDB416E1DC172327C099DB122FE15D ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys 21:09:51.0023 4400 MEIx64 - ok 21:09:51.0050 4400 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:09:51.0080 4400 MMCSS - ok 21:09:51.0082 4400 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:09:51.0111 4400 Modem - ok 21:09:51.0136 4400 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:09:51.0152 4400 monitor - ok 21:09:51.0174 4400 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:09:51.0181 4400 mouclass - ok 21:09:51.0198 4400 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:09:51.0220 4400 mouhid - ok 21:09:51.0241 4400 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:09:51.0249 4400 mountmgr - ok 21:09:51.0251 4400 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:09:51.0260 4400 mpio - ok 21:09:51.0269 4400 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:09:51.0292 4400 mpsdrv - ok 21:09:51.0306 4400 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:09:51.0343 4400 MpsSvc - ok 21:09:51.0355 4400 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:09:51.0378 4400 MRxDAV - ok 21:09:51.0390 4400 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:09:51.0412 4400 mrxsmb - ok 21:09:51.0433 4400 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:09:51.0443 4400 mrxsmb10 - ok 21:09:51.0457 4400 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:09:51.0466 4400 mrxsmb20 - ok 21:09:51.0482 4400 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 21:09:51.0489 4400 msahci - ok 21:09:51.0500 4400 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:09:51.0509 4400 msdsm - ok 21:09:51.0523 4400 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:09:51.0545 4400 MSDTC - ok 21:09:51.0555 4400 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:09:51.0577 4400 Msfs - ok 21:09:51.0595 4400 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:09:51.0627 4400 mshidkmdf - ok 21:09:51.0640 4400 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:09:51.0647 4400 msisadrv - ok 21:09:51.0670 4400 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:09:51.0693 4400 MSiSCSI - ok 21:09:51.0695 4400 msiserver - ok 21:09:51.0705 4400 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:09:51.0737 4400 MSKSSRV - ok 21:09:51.0752 4400 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:09:51.0787 4400 MSPCLOCK - ok 21:09:51.0789 4400 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:09:51.0812 4400 MSPQM - ok 21:09:51.0828 4400 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:09:51.0839 4400 MsRPC - ok 21:09:51.0850 4400 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:09:51.0856 4400 mssmbios - ok 21:09:51.0864 4400 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:09:51.0894 4400 MSTEE - ok 21:09:51.0909 4400 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:09:51.0917 4400 MTConfig - ok 21:09:51.0926 4400 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:09:51.0933 4400 Mup - ok 21:09:51.0978 4400 [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe 21:09:51.0985 4400 N360 - ok 21:09:52.0007 4400 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:09:52.0041 4400 napagent - ok 21:09:52.0070 4400 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:09:52.0095 4400 NativeWifiP - ok 21:09:52.0209 4400 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\ENG64.SYS 21:09:52.0216 4400 NAVENG - ok 21:09:52.0251 4400 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\EX64.SYS 21:09:52.0275 4400 NAVEX15 - ok 21:09:52.0321 4400 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:09:52.0351 4400 NDIS - ok 21:09:52.0370 4400 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:09:52.0407 4400 NdisCap - ok 21:09:52.0441 4400 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:09:52.0468 4400 NdisTapi - ok 21:09:52.0481 4400 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:09:52.0508 4400 Ndisuio - ok 21:09:52.0515 4400 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:09:52.0551 4400 NdisWan - ok 21:09:52.0564 4400 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:09:52.0585 4400 NDProxy - ok 21:09:52.0622 4400 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 21:09:52.0629 4400 Netaapl - ok 21:09:52.0639 4400 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:09:52.0672 4400 NetBIOS - ok 21:09:52.0685 4400 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:09:52.0708 4400 NetBT - ok 21:09:52.0721 4400 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:09:52.0729 4400 Netlogon - ok 21:09:52.0757 4400 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:09:52.0791 4400 Netman - ok 21:09:52.0820 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:09:52.0827 4400 NetMsmqActivator - ok 21:09:52.0829 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:09:52.0836 4400 NetPipeActivator - ok 21:09:52.0851 4400 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:09:52.0883 4400 netprofm - ok 21:09:52.0885 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:09:52.0891 4400 NetTcpActivator - ok 21:09:52.0893 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:09:52.0900 4400 NetTcpPortSharing - ok 21:09:52.0923 4400 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:09:52.0931 4400 nfrd960 - ok 21:09:52.0949 4400 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:09:52.0969 4400 NlaSvc - ok 21:09:52.0982 4400 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:09:53.0004 4400 Npfs - ok 21:09:53.0015 4400 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:09:53.0049 4400 nsi - ok 21:09:53.0058 4400 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:09:53.0081 4400 nsiproxy - ok 21:09:53.0117 4400 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:09:53.0142 4400 Ntfs - ok 21:09:53.0161 4400 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:09:53.0183 4400 Null - ok 21:09:53.0208 4400 [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 21:09:53.0216 4400 NVHDA - ok 21:09:53.0226 4400 nvlddmkm - ok 21:09:53.0252 4400 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:09:53.0261 4400 nvraid - ok 21:09:53.0274 4400 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:09:53.0283 4400 nvstor - ok 21:09:53.0310 4400 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:09:53.0318 4400 nv_agp - ok 21:09:53.0335 4400 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:09:53.0344 4400 ohci1394 - ok 21:09:53.0356 4400 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:09:53.0363 4400 ose - ok 21:09:53.0440 4400 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:09:53.0504 4400 osppsvc - ok 21:09:53.0516 4400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:09:53.0539 4400 p2pimsvc - ok 21:09:53.0574 4400 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:09:53.0584 4400 p2psvc - ok 21:09:53.0615 4400 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 21:09:53.0633 4400 Parport - ok 21:09:53.0650 4400 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:09:53.0657 4400 partmgr - ok 21:09:53.0668 4400 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:09:53.0688 4400 PcaSvc - ok 21:09:53.0701 4400 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:09:53.0709 4400 pci - ok 21:09:53.0719 4400 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:09:53.0726 4400 pciide - ok 21:09:53.0737 4400 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:09:53.0746 4400 pcmcia - ok 21:09:53.0767 4400 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:09:53.0775 4400 pcw - ok 21:09:53.0791 4400 pdfcDispatcher - ok 21:09:53.0808 4400 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:09:53.0843 4400 PEAUTH - ok 21:09:53.0902 4400 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:09:53.0925 4400 PerfHost - ok 21:09:53.0993 4400 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:09:54.0035 4400 pla - ok 21:09:54.0070 4400 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:09:54.0092 4400 PlugPlay - ok 21:09:54.0099 4400 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys 21:09:54.0105 4400 pmxdrv - ok 21:09:54.0115 4400 PnkBstrA - ok 21:09:54.0122 4400 PnkBstrB - ok 21:09:54.0254 4400 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:09:54.0384 4400 PNRPAutoReg - ok 21:09:54.0475 4400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:09:54.0496 4400 PNRPsvc - ok 21:09:54.0522 4400 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:09:54.0555 4400 PolicyAgent - ok 21:09:54.0579 4400 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 21:09:54.0602 4400 Power - ok 21:09:54.0625 4400 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:09:54.0657 4400 PptpMiniport - ok 21:09:54.0668 4400 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 21:09:54.0677 4400 Processor - ok 21:09:54.0699 4400 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:09:54.0709 4400 ProfSvc - ok 21:09:54.0712 4400 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:09:54.0720 4400 ProtectedStorage - ok 21:09:54.0735 4400 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:09:54.0771 4400 Psched - ok 21:09:54.0806 4400 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:09:54.0830 4400 ql2300 - ok 21:09:54.0855 4400 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:09:54.0863 4400 ql40xx - ok 21:09:54.0885 4400 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:09:54.0899 4400 QWAVE - ok 21:09:54.0913 4400 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:09:54.0933 4400 QWAVEdrv - ok 21:09:54.0947 4400 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:09:54.0970 4400 RasAcd - ok 21:09:54.0988 4400 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:09:55.0010 4400 RasAgileVpn - ok 21:09:55.0020 4400 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:09:55.0057 4400 RasAuto - ok 21:09:55.0069 4400 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:09:55.0091 4400 Rasl2tp - ok 21:09:55.0125 4400 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:09:55.0150 4400 RasMan - ok 21:09:55.0157 4400 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:09:55.0192 4400 RasPppoe - ok 21:09:55.0212 4400 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:09:55.0248 4400 RasSstp - ok 21:09:55.0271 4400 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:09:55.0295 4400 rdbss - ok 21:09:55.0310 4400 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 21:09:55.0324 4400 rdpbus - ok 21:09:55.0344 4400 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:09:55.0366 4400 RDPCDD - ok 21:09:55.0376 4400 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:09:55.0410 4400 RDPENCDD - ok 21:09:55.0421 4400 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:09:55.0443 4400 RDPREFMP - ok 21:09:55.0478 4400 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 21:09:55.0495 4400 RdpVideoMiniport - ok 21:09:55.0521 4400 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:09:55.0531 4400 RDPWD - ok 21:09:55.0551 4400 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:09:55.0560 4400 rdyboost - ok 21:09:55.0580 4400 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:09:55.0603 4400 RemoteAccess - ok 21:09:55.0615 4400 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:09:55.0652 4400 RemoteRegistry - ok 21:09:55.0662 4400 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:09:55.0698 4400 RpcEptMapper - ok 21:09:55.0716 4400 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:09:55.0736 4400 RpcLocator - ok 21:09:55.0754 4400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:09:55.0779 4400 RpcSs - ok 21:09:55.0787 4400 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:09:55.0816 4400 rspndr - ok 21:09:55.0851 4400 [ 130DD683DCC902F47A4AC35201D07E2F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 21:09:55.0865 4400 RTL8167 - ok 21:09:55.0893 4400 [ A1973C20C6837FA453445AEF8FCF7EF4 ] RZMAELSTROMVADService C:\Windows\system32\drivers\RzMaelstromVAD.sys 21:09:55.0900 4400 RZMAELSTROMVADService - ok 21:09:55.0912 4400 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:09:55.0920 4400 SamSs - ok 21:09:55.0941 4400 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:09:55.0948 4400 sbp2port - ok 21:09:55.0973 4400 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:09:55.0997 4400 SCardSvr - ok 21:09:56.0010 4400 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:09:56.0044 4400 scfilter - ok 21:09:56.0061 4400 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:09:56.0098 4400 Schedule - ok 21:09:56.0123 4400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:09:56.0144 4400 SCPolicySvc - ok 21:09:56.0157 4400 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:09:56.0167 4400 SDRSVC - ok 21:09:56.0183 4400 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:09:56.0217 4400 secdrv - ok 21:09:56.0235 4400 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:09:56.0257 4400 seclogon - ok 21:09:56.0277 4400 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:09:56.0308 4400 SENS - ok 21:09:56.0322 4400 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:09:56.0343 4400 SensrSvc - ok 21:09:56.0385 4400 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 21:09:56.0399 4400 Serenum - ok 21:09:56.0401 4400 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 21:09:56.0419 4400 Serial - ok 21:09:56.0431 4400 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:09:56.0453 4400 sermouse - ok 21:09:56.0462 4400 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:09:56.0489 4400 SessionEnv - ok 21:09:56.0500 4400 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:09:56.0510 4400 sffdisk - ok 21:09:56.0512 4400 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:09:56.0531 4400 sffp_mmc - ok 21:09:56.0546 4400 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:09:56.0556 4400 sffp_sd - ok 21:09:56.0564 4400 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:09:56.0582 4400 sfloppy - ok 21:09:56.0612 4400 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 21:09:56.0626 4400 Sftfs - ok 21:09:56.0654 4400 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 21:09:56.0665 4400 sftlist - ok 21:09:56.0687 4400 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 21:09:56.0695 4400 Sftplay - ok 21:09:56.0700 4400 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 21:09:56.0705 4400 Sftredir - ok 21:09:56.0710 4400 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 21:09:56.0715 4400 Sftvol - ok 21:09:56.0728 4400 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 21:09:56.0736 4400 sftvsa - ok 21:09:56.0757 4400 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:09:56.0790 4400 SharedAccess - ok 21:09:56.0808 4400 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:09:56.0841 4400 ShellHWDetection - ok 21:09:56.0858 4400 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:09:56.0866 4400 SiSRaid2 - ok 21:09:56.0880 4400 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:09:56.0888 4400 SiSRaid4 - ok 21:09:56.0932 4400 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:09:56.0940 4400 SkypeUpdate - ok 21:09:56.0964 4400 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:09:56.0989 4400 Smb - ok 21:09:57.0017 4400 [ 962ABD93C70B28CE97F78B8F115FF1B2 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 21:09:57.0023 4400 SmbDrvI - ok 21:09:57.0037 4400 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:09:57.0047 4400 SNMPTRAP - ok 21:09:57.0052 4400 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:09:57.0060 4400 spldr - ok 21:09:57.0079 4400 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:09:57.0092 4400 Spooler - ok 21:09:57.0139 4400 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:09:57.0208 4400 sppsvc - ok 21:09:57.0229 4400 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:09:57.0254 4400 sppuinotify - ok 21:09:57.0380 4400 [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS 21:09:57.0404 4400 SRTSP - ok 21:09:57.0418 4400 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS 21:09:57.0424 4400 SRTSPX - ok 21:09:57.0444 4400 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:09:57.0469 4400 srv - ok 21:09:57.0485 4400 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:09:57.0511 4400 srv2 - ok 21:09:57.0521 4400 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:09:57.0531 4400 srvnet - ok 21:09:57.0554 4400 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:09:57.0582 4400 SSDPSRV - ok 21:09:57.0592 4400 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:09:57.0615 4400 SstpSvc - ok 21:09:57.0664 4400 [ 605ECCCE95ACF7AF12CBCCDAB55B8DD0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 21:09:57.0689 4400 STacSV - ok 21:09:57.0719 4400 [ 9E1380328C39D661E085B24D6A6E044E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 21:09:57.0730 4400 Steam Client Service - ok 21:09:57.0749 4400 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 21:09:57.0756 4400 stexstor - ok 21:09:57.0796 4400 [ 5709F6AEECC9C43AD9D550FB1D882209 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 21:09:57.0809 4400 STHDA - ok 21:09:57.0840 4400 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:09:57.0866 4400 stisvc - ok 21:09:57.0880 4400 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 21:09:57.0887 4400 swenum - ok 21:09:57.0909 4400 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:09:57.0944 4400 swprv - ok 21:09:57.0961 4400 [ 52DC0048D667757A8A2E4C87182890AC ] SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS 21:09:57.0972 4400 SymDS - ok 21:09:57.0992 4400 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS 21:09:58.0011 4400 SymEFA - ok 21:09:58.0046 4400 [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 21:09:58.0052 4400 SymEvent - ok 21:09:58.0077 4400 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS 21:09:58.0085 4400 SymIRON - ok 21:09:58.0095 4400 [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS 21:09:58.0104 4400 SymNetS - ok 21:09:58.0143 4400 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:09:58.0177 4400 SysMain - ok 21:09:58.0184 4400 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:09:58.0197 4400 TabletInputService - ok 21:09:58.0217 4400 [ 3A7CABF7DE8F1325BE8F46685469AEC3 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 21:09:58.0224 4400 taphss6 - ok 21:09:58.0231 4400 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:09:58.0255 4400 TapiSrv - ok 21:09:58.0270 4400 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:09:58.0293 4400 TBS - ok 21:09:58.0339 4400 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:09:58.0367 4400 Tcpip - ok 21:09:58.0386 4400 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:09:58.0410 4400 TCPIP6 - ok 21:09:58.0427 4400 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:09:58.0435 4400 tcpipreg - ok 21:09:58.0453 4400 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:09:58.0470 4400 TDPIPE - ok 21:09:58.0493 4400 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:09:58.0500 4400 TDTCP - ok 21:09:58.0508 4400 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:09:58.0530 4400 tdx - ok 21:09:58.0540 4400 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:09:58.0547 4400 TermDD - ok 21:09:58.0574 4400 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:09:58.0602 4400 TermService - ok 21:09:58.0614 4400 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:09:58.0626 4400 Themes - ok 21:09:58.0633 4400 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:09:58.0655 4400 THREADORDER - ok 21:09:58.0679 4400 [ FF879027C552A37897D107BE6CEDF6DF ] tihub3 C:\Windows\system32\drivers\tihub3.sys 21:09:58.0686 4400 tihub3 - ok 21:09:58.0706 4400 [ 133C3B4A3E44616F8F571A0EBBEF9B74 ] tixhci C:\Windows\system32\drivers\tixhci.sys 21:09:58.0714 4400 tixhci - ok 21:09:58.0722 4400 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:09:58.0756 4400 TrkWks - ok 21:09:58.0795 4400 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:09:58.0831 4400 TrustedInstaller - ok 21:09:58.0838 4400 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:09:58.0874 4400 tssecsrv - ok 21:09:58.0918 4400 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:09:58.0946 4400 TsUsbFlt - ok 21:09:58.0973 4400 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 21:09:58.0992 4400 TsUsbGD - ok 21:09:59.0021 4400 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:09:59.0068 4400 tunnel - ok 21:09:59.0083 4400 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:09:59.0092 4400 uagp35 - ok 21:09:59.0107 4400 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:09:59.0143 4400 udfs - ok 21:09:59.0169 4400 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:09:59.0197 4400 UI0Detect - ok 21:09:59.0216 4400 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:09:59.0233 4400 uliagpkx - ok 21:09:59.0246 4400 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:09:59.0270 4400 umbus - ok 21:09:59.0285 4400 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 21:09:59.0302 4400 UmPass - ok 21:09:59.0317 4400 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:09:59.0359 4400 upnphost - ok 21:09:59.0398 4400 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 21:09:59.0408 4400 USBAAPL64 - ok 21:09:59.0430 4400 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:09:59.0441 4400 usbccgp - ok 21:09:59.0457 4400 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:09:59.0470 4400 usbcir - ok 21:09:59.0512 4400 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:09:59.0557 4400 usbehci - ok 21:09:59.0622 4400 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 21:09:59.0646 4400 usbhub - ok 21:09:59.0708 4400 [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys 21:09:59.0738 4400 USBMULCD - ok 21:09:59.0752 4400 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:09:59.0779 4400 usbohci - ok 21:09:59.0798 4400 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 21:09:59.0824 4400 usbprint - ok 21:09:59.0845 4400 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:09:59.0856 4400 USBSTOR - ok 21:09:59.0880 4400 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:09:59.0903 4400 usbuhci - ok 21:09:59.0919 4400 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:09:59.0961 4400 UxSms - ok 21:09:59.0970 4400 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:09:59.0978 4400 VaultSvc - ok 21:10:00.0004 4400 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:10:00.0011 4400 vdrvroot - ok 21:10:00.0023 4400 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:10:00.0053 4400 vds - ok 21:10:00.0070 4400 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:10:00.0082 4400 vga - ok 21:10:00.0091 4400 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:10:00.0127 4400 VgaSave - ok 21:10:00.0143 4400 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:10:00.0152 4400 vhdmp - ok 21:10:00.0186 4400 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:10:00.0194 4400 viaide - ok 21:10:00.0209 4400 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:10:00.0216 4400 volmgr - ok 21:10:00.0230 4400 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:10:00.0241 4400 volmgrx - ok 21:10:00.0252 4400 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:10:00.0262 4400 volsnap - ok 21:10:00.0270 4400 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:10:00.0278 4400 vsmraid - ok 21:10:00.0324 4400 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:10:00.0361 4400 VSS - ok 21:10:00.0372 4400 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 21:10:00.0389 4400 vwifibus - ok 21:10:00.0412 4400 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:10:00.0451 4400 W32Time - ok 21:10:00.0469 4400 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:10:00.0477 4400 WacomPen - ok 21:10:00.0503 4400 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:10:00.0532 4400 WANARP - ok 21:10:00.0534 4400 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:10:00.0555 4400 Wanarpv6 - ok 21:10:00.0591 4400 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:10:00.0613 4400 wbengine - ok 21:10:00.0646 4400 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:10:00.0659 4400 WbioSrvc - ok 21:10:00.0677 4400 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:10:00.0703 4400 wcncsvc - ok 21:10:00.0713 4400 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:10:00.0732 4400 WcsPlugInService - ok 21:10:00.0752 4400 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 21:10:00.0759 4400 Wd - ok 21:10:00.0786 4400 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:10:00.0802 4400 Wdf01000 - ok 21:10:00.0814 4400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:10:00.0849 4400 WdiServiceHost - ok 21:10:00.0851 4400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:10:00.0863 4400 WdiSystemHost - ok 21:10:00.0885 4400 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:10:00.0908 4400 WebClient - ok 21:10:00.0916 4400 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:10:00.0950 4400 Wecsvc - ok 21:10:00.0959 4400 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:10:00.0982 4400 wercplsupport - ok 21:10:00.0995 4400 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:10:01.0018 4400 WerSvc - ok 21:10:01.0043 4400 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:10:01.0065 4400 WfpLwf - ok 21:10:01.0076 4400 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:10:01.0082 4400 WIMMount - ok 21:10:01.0098 4400 WinDefend - ok 21:10:01.0107 4400 WinHttpAutoProxySvc - ok 21:10:01.0150 4400 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:10:01.0174 4400 Winmgmt - ok 21:10:01.0208 4400 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:10:01.0247 4400 WinRM - ok 21:10:01.0283 4400 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:10:01.0303 4400 WinUsb - ok 21:10:01.0345 4400 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:10:01.0382 4400 Wlansvc - ok 21:10:01.0419 4400 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 21:10:01.0426 4400 wlcrasvc - ok 21:10:01.0475 4400 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:10:01.0507 4400 wlidsvc - ok 21:10:01.0532 4400 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:10:01.0550 4400 WmiAcpi - ok 21:10:01.0574 4400 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:10:01.0592 4400 wmiApSrv - ok 21:10:01.0616 4400 WMPNetworkSvc - ok 21:10:01.0643 4400 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:10:01.0651 4400 WPCSvc - ok 21:10:01.0664 4400 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:10:01.0675 4400 WPDBusEnum - ok 21:10:01.0680 4400 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:10:01.0703 4400 ws2ifsl - ok 21:10:01.0717 4400 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:10:01.0739 4400 wscsvc - ok 21:10:01.0740 4400 WSearch - ok 21:10:01.0782 4400 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:10:01.0816 4400 wuauserv - ok 21:10:01.0832 4400 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:10:01.0854 4400 WudfPf - ok 21:10:01.0877 4400 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:10:01.0886 4400 WUDFRd - ok 21:10:01.0898 4400 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:10:01.0920 4400 wudfsvc - ok 21:10:01.0945 4400 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:10:01.0963 4400 WwanSvc - ok 21:10:01.0992 4400 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 21:10:01.0999 4400 xusb21 - ok 21:10:02.0010 4400 ================ Scan global =============================== 21:10:02.0026 4400 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:10:02.0044 4400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:10:02.0057 4400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:10:02.0069 4400 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:10:02.0090 4400 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:10:02.0093 4400 [Global] - ok 21:10:02.0093 4400 ================ Scan MBR ================================== 21:10:02.0100 4400 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:10:02.0420 4400 \Device\Harddisk0\DR0 - ok 21:10:02.0420 4400 ================ Scan VBR ================================== 21:10:02.0422 4400 [ 9B4AD56C341A563FF669ED8129EFB49D ] \Device\Harddisk0\DR0\Partition1 21:10:02.0424 4400 \Device\Harddisk0\DR0\Partition1 - ok 21:10:02.0463 4400 [ 8056FDB0E5402E7EF044D32A3F24CB92 ] \Device\Harddisk0\DR0\Partition2 21:10:02.0464 4400 \Device\Harddisk0\DR0\Partition2 - ok 21:10:02.0503 4400 [ D090948AD1CB70F43FE3B895B70DCFDB ] \Device\Harddisk0\DR0\Partition3 21:10:02.0504 4400 \Device\Harddisk0\DR0\Partition3 - ok 21:10:02.0505 4400 ============================================================ 21:10:02.0505 4400 Scan finished 21:10:02.0505 4400 ============================================================ 21:10:02.0512 4976 Detected object count: 2 21:10:02.0512 4976 Actual detected object count: 2 21:10:15.0200 4976 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:15.0200 4976 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:15.0201 4976 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:15.0201 4976 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:21.0336 3920 Deinitialize success Combofix Logfile: Code:
ATTFilter ComboFix 13-07-30.03 - Marv 30.07.2013 21:24:35.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12268.9752 [GMT 2:00] ausgeführt von:: c:\users\Marv\Downloads\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-28 bis 2013-07-30 )))))))))))))))))))))))))))))) . . 2013-07-30 19:28 . 2013-07-30 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-30 19:09 . 2013-07-30 19:09 208216 ----a-w- c:\windows\system32\drivers\01910157.sys 2013-07-30 18:49 . 2013-07-30 18:56 -------- d-----w- C:\_OTL 2013-07-30 13:24 . 2013-07-30 13:24 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2013-07-29 22:44 . 2013-07-29 22:44 -------- d-----w- c:\program files\Intel 2013-07-29 22:42 . 2013-07-29 22:42 -------- d-----w- c:\programdata\ATI 2013-07-29 22:41 . 2013-07-29 22:41 -------- d-----w- c:\program files (x86)\AMD AVT 2013-07-29 22:38 . 2013-07-29 22:38 -------- d-----w- c:\program files\Synaptics 2013-07-29 22:38 . 2013-05-07 14:41 33008 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2013-07-29 22:34 . 2013-07-29 22:34 -------- d-----w- c:\users\Marv\AppData\Roaming\WinBatch 2013-07-29 22:33 . 2013-07-29 22:33 -------- d-----w- c:\programdata\AmUStor 2013-07-29 22:33 . 2013-07-29 22:33 -------- d-----w- c:\program files (x86)\AmUStor 2013-07-29 22:31 . 2013-02-27 13:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2013-07-29 22:31 . 2013-07-29 22:31 -------- d-----w- C:\Intel 2013-07-29 22:31 . 2013-07-29 22:46 -------- d-----w- C:\temp 2013-07-29 19:53 . 2013-07-29 19:53 -------- d-----w- c:\program files (x86)\SIW 2013 Home Edition 2013-07-29 19:53 . 2013-07-29 19:53 -------- d-----w- c:\users\Marv\AppData\Local\Programs 2013-07-29 19:51 . 2013-07-29 19:51 -------- d-----w- c:\program files (x86)\SoftwareUpdater 2013-07-29 19:51 . 2013-07-29 19:51 -------- d-----w- c:\program files (x86)\FoxyDeal 2013-07-29 19:51 . 2013-07-29 19:52 -------- d-----w- c:\programdata\FreeDriverScout 2013-07-29 19:50 . 2013-07-30 18:57 -------- d-----w- c:\program files\SoftwareUpdater 2013-07-29 19:50 . 2013-07-29 19:50 -------- d-----w- c:\program files\Covus Freemium 2013-07-29 19:50 . 2013-07-29 19:50 -------- d-----w- c:\programdata\Package Cache 2013-07-29 19:48 . 2013-07-29 19:49 -------- d-----w- c:\users\Marv\AppData\Local\DownloadGuide 2013-07-29 10:28 . 2013-07-29 10:28 -------- d-----w- c:\users\Marv\AppData\Local\Robot Entertainment 2013-07-28 13:04 . 2013-07-29 08:49 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP 2013-07-16 18:14 . 2013-07-16 18:41 -------- d-----w- c:\users\Marv\AppData\Roaming\Dwarfs 2013-07-16 17:42 . 2013-07-16 17:45 -------- d-----w- c:\users\Marv\AppData\Roaming\vlc 2013-07-15 18:03 . 2013-07-15 18:05 -------- d-----w- c:\programdata\Tarma Installer 2013-07-10 10:31 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll 2013-07-10 10:31 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-07-10 10:31 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-10 10:31 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-10 10:31 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-10 10:31 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-07-10 10:31 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-07-10 10:31 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-07-10 10:31 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-07-10 10:31 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 10:31 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-10 10:30 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-07-10 10:30 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-10 10:30 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-10 10:30 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-10 10:30 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 10:30 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-10 10:30 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-10 10:30 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-08 15:54 . 2013-07-08 15:54 -------- d-----w- c:\program files (x86)\Conduit 2013-07-08 15:54 . 2013-07-08 16:07 -------- d-----w- c:\users\Marv\AppData\Local\Conduit 2013-07-08 15:51 . 2013-07-30 19:22 -------- d-----w- c:\program files (x86)\Norton 360 2013-07-04 13:28 . 2013-07-30 09:52 -------- d-----w- c:\users\Marv\AppData\Roaming\Origin 2013-07-04 13:28 . 2013-07-29 10:28 -------- d-----w- c:\program files (x86)\Origin Games 2013-07-04 13:28 . 2013-07-30 13:32 -------- d-----w- c:\users\Marv\AppData\Local\Origin 2013-07-04 13:24 . 2013-07-30 17:11 -------- d-----w- c:\programdata\Origin 2013-07-04 13:24 . 2013-07-30 17:11 -------- d-----w- c:\programdata\Electronic Arts 2013-07-04 13:24 . 2013-07-30 18:57 -------- d-----w- c:\program files (x86)\Origin 2013-07-04 05:24 . 2013-07-04 05:24 -------- d-----w- c:\users\Marv\AppData\Local\SCE . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-30 19:00 . 2013-04-17 20:42 291328 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-07-30 19:00 . 2013-04-17 20:30 291328 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-07-30 18:58 . 2013-04-17 20:30 280600 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-07-30 13:23 . 2013-04-17 20:30 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-07-10 11:06 . 2013-03-31 16:29 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-06-23 20:48 . 2013-06-23 20:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-23 20:48 . 2013-04-07 12:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-23 20:48 . 2013-04-07 12:14 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-21 01:09 . 2013-06-21 01:09 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys 2013-06-12 16:26 . 2013-04-16 11:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 16:26 . 2011-12-31 08:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-21 23:45 . 2011-12-31 08:48 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-05-17 15:27 . 2013-05-17 15:27 40696 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys 2013-05-17 15:25 . 2013-05-17 15:25 245248 ----a-w- c:\windows\system32\DriverInstallCACMD.exe 2013-05-17 15:25 . 2013-05-17 15:25 69120 ----a-w- c:\windows\system32\DriverInstallCA.dll 2013-05-13 05:51 . 2013-06-13 05:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-13 05:53 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-13 05:53 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-13 05:53 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-13 05:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 05:53 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-13 05:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-13 05:53 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 05:53 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-13 05:53 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-11 11:09 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-10 05:49 . 2013-06-13 05:54 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-13 05:54 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-05-09 02:23 . 2013-05-09 02:23 99800 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys 2013-05-09 02:23 . 2013-05-09 02:23 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2013-05-08 06:39 . 2013-06-13 05:55 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-07-28 1238016] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S4 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 69426961 *Deregistered* - 69426961 . Inhalt des "geplante Tasks" Ordners . 2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-16 16:26] . 2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job - c:\users\Marv\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-30 14:34] . 2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job - c:\users\Marv\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-30 14:34] . 2013-07-01 c:\windows\Tasks\HPCeeScheduleForMARV-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2013-07-30 c:\windows\Tasks\HPCeeScheduleForMarv.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-24 1425408] "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{11111111-1111-1111-1111-110311341134} - c:\program files (x86)\Plus-HD-2.4\Plus-HD-2.4-bho.dll BHO-{DA3D98A6-868D-4E1B-BB78-0887230DA405} - c:\program files (x86)\LyricsContainer\125.dll Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll AddRemove-Lyrics@LyricsContainer.co - c:\program files (x86)\LyricsContainer\uninstall.exe AddRemove-Plus-HD-2.4 - c:\program files (x86)\Plus-HD-2.4\Uninstall.exe AddRemove-Windows Utils - c:\users\Marv\AppData\Roaming\Windows Net Data\uninstaller.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-30 21:29:15 ComboFix-quarantined-files.txt 2013-07-30 19:29 . Vor Suchlauf: 13 Verzeichnis(se), 773.393.170.432 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 773.003.452.416 Bytes frei . - - End Of File - - 9282A77494D9D5CFDF3704D57C6B40A0 A36C5E4F47E84449FF07ED3517B43A31 |
31.07.2013, 12:29 | #8 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Hi, es sind 2 Logs zu posten, poste diese möglichst gleichzeitig. 1. Downloade Dir bitte Malwarebytes Anti-Malware
2. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.07.2013, 18:59 | #9 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.07.31.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Marv :: MARV-HP [Administrator] Schutz: Aktiviert 31.07.2013 19:31:33 mbam-log-2013-07-31 (19-31-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218936 Laufzeit: 1 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 6 C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Marv\Downloads\Setup.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.07.31.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Marv :: MARV-HP [Administrator] Schutz: Aktiviert 31.07.2013 19:31:05 mbam-log-2013-07-31 (19-31-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 0 Laufzeit: 2 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Adobe AIR Adobe Systems Incorporated 31.12.2011 2.6.0.19120 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2013 6,00 MB 11.7.700.224 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00 MB 11.7.700.224 notwendig Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 19.06.2013 133 MB 11.0.03 notwendig Alan Wake Remedy Entertainment 17.07.2013 notwendig Alcor Micro USB Card Reader Driver Alcor Micro Corp. 30.07.2013 3.1.45.72435 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 30.07.2013 26,3 MB 8.0.911.0 notwendig Apple Application Support Apple Inc. 17.04.2013 62,7 MB 2.3.3 notwendig Apple Mobile Device Support Apple Inc. 17.04.2013 25,2 MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 17.04.2013 2,38 MB 2.1.3.127 notwendig Borderlands 2 Gearbox Software 25.05.2013 notwendig Call of Duty: Black Ops II 27.04.2013 Call of Duty: Black Ops II - Multiplayer 27.04.2013 notwendig Call of Duty: Black Ops II - Zombies 27.04.2013 notwendig CanoScan Toolbox Ver4.9 10.04.2013 notwendig Castle Crashers The Behemoth 16.07.2013 notwendig CCleaner Piriform 22.07.2013 4.04 notwendig Counter-Strike: Global Offensive Valve 18.05.2013 notwendig Counter-Strike: Source Valve 22.06.2013 notwendig CPUID CPU-Z 1.64.0 22.06.2013 3,26 MB notwendig Desura Desura 04.06.2013 100.53 notwendig Desura: Paranautical Activity CodeAvarice 26.06.2013 252 MB Beta notwendig Diablo III Blizzard Entertainment 24.06.2013 1.0.8.16603 notwendig Dota 2 Valve 29.06.2013 notwendig Dwarfs F2P Power of 2 16.07.2013 notwendig FoxyDeal R&E Media GmbH 29.07.2013 813 KB 1.1.0 unbekannt Fraps (remove only) 22.06.2013 unnötig Free Driver Scout Covus Freemium 29.07.2013 10,8 MB 1.0.0.101 notwendig Free YouTube to MP3 Converter version 3.12.1.320 DVDVideoSoft Ltd. 17.04.2013 76,1 MB 3.12.1.320 notwendig Google Chrome Google Inc. 30.03.2013 28.0.1500.72 notwendig HD Tune 2.55 EFD Software 31.07.2013 notwendig HP Odometer Hewlett-Packard 31.12.2011 48,0 KB 2.10.0000 notwendig HP Setup Hewlett-Packard Company 31.12.2011 118 MB 8.7.4747.3786 notwendig HP Setup Manager Hewlett-Packard Company 31.12.2011 8,32 MB 1.1.13880.3792 notwendig HP SimplePass PE 2011 Hewlett-Packard 31.12.2011 65,4 MB 5.3.0.194 notwendig HP Support Assistant Hewlett-Packard Company 16.04.2013 91,7 MB 7.0.39.15 notwendig HP Support Information Hewlett-Packard 31.12.2011 156 KB 10.1.1000 notwendig HP Update Hewlett-Packard 31.12.2011 2,97 MB 5.002.003.003 notwendig HP Vision Hardware Diagnostics Hewlett-Packard 31.12.2011 11,7 MB 2.9.0.0 notwendig IDT Audio IDT 31.12.2011 1.0.6346.0 notwendig Intel(R) Identity Protection Technology 1.1.2.0 Intel Corporation 31.12.2011 1,13 MB 1.1.2.0 notwendig Intel(R) Management Engine Components Intel Corporation 30.07.2013 9.5.3.1520 notwendig Intel® Watchdog Timer Driver (Intel® WDT) Intel Corporation 30.07.2013 5,03 MB notwendig iTunes Apple Inc. 22.04.2013 187 MB 11.0.2.26 notwendig Java 7 Update 25 Oracle 23.06.2013 129 MB 7.0.250 notwendig Killing Floor Tripwire Interactive 03.06.2013 notwendig LabelPrint CyberLink Corp. 31.12.2011 229 MB 2.5.3925 notwendig Logitech Gaming Software 8.40 Logitech Inc. 30.03.2013 89,7 MB 8.40.83 notwendig LyricsContainer RYD Software 28.07.2013 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 31.07.2013 19,2 MB 1.75.0.1300 notwendig Medal of Honor™ Warfighter Electronic Arts 30.07.2013 16,7 GB 1.0.0.3 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8 MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9 MB 4.0.30319 notwendig Microsoft Mathematics Microsoft Corporation 30.03.2013 18,1 MB 4.0 notwendig Microsoft Office 2010 Microsoft Corporation 31.12.2011 6,40 MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 30.03.2013 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 30.03.2013 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 10.07.2013 100 MB 5.1.20513.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 31.12.2011 1,69 MB 3.1.0000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 31.03.2013 300 KB 8.0.59193 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 31.12.2011 620 KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 11.02.2011 788 KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 31.12.2011 784 KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 31.03.2013 788 KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.02.2011 596 KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 31.12.2011 592 KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31.03.2013 600 KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 30.07.2013 13,8 MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.07.2013 15,0 MB 10.0.40219 notwendig Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 16.07.2013 7,48 MB 3.1.10527.0 notwendig Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 08.05.2013 8,03 MB 4.0.20823.0 notwendig Nexon Game Manager 29.05.2013 unnötig Norton 360 Symantec Corporation 30.07.2013 20.4.0.40 notwendig Norton PC Checkup Symantec Corporation 31.07.2013 51,4 MB 3.0.5.71.0 notwendig Orcs Must Die! 2 Robot Entertainment 29.07.2013 notwendig Origin Electronic Arts, Inc. 04.07.2013 9.2.1.4399 notwendig Pando Media Booster Pando Networks Inc. 22.06.2013 5,46 MB 2.6.0.9 unnötig PDF Complete Special Edition PDF Complete, Inc 31.03.2013 4.0.54 notwendig PlanetSide 2 Sony Online Entertainment 03.07.2013 notwendig PlayReady PC Runtime amd64 Microsoft Corporation 31.12.2011 2,05 MB 1.3.0 notwendig Plus-HD-2.4 Plus HD 29.07.2013 1.27.153.10 notwendig Power2Go CyberLink Corp. 31.12.2011 175 MB 6.1.5331 notwendig PunkBuster Services Even Balance, Inc. 30.07.2013 0.993 notwendig Serious Sam 3: BFE Croteam 17.07.2013 notwendig SIW 2013 Home Edition Topala Software Solutions 29.07.2013 6,39 MB 2013.05.14 notwendig Skype™ 6.3 Skype Technologies S.A. 05.06.2013 21,0 MB 6.3.107 notwendig Steam Valve Corporation 30.03.2013 35,4 MB 1.0.0.0 notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 08.04.2013 3.0.10.1 notwendig Terraria 08.05.2013 notwendig The Binding of Isaac Edmund McMillen and Florian Himsl 28.07.2013 notwendig USB Multi-Channel Audio Device 24.05.2013 notwendig VIP Access SDK (1.0.1.4) Symantec Inc. 31.03.2013 1.0.1.4 unbekannt VLC media player 2.0.7 VideoLAN 16.07.2013 2.0.7 notwendig Windows Live Essentials Microsoft Corporation 31.12.2011 15.4.3508.1109 notwendig Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 31.12.2011 5,57 MB 15.4.5722.2 notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 31.12.2011 5,57 MB 15.4.5722.2 notwendig Windows Utils 29.07.2013 unbekannt WinRAR 4.20 (64-Bit) win.rar GmbH 09.04.2013 4.20.0 notwendig Zinio Reader 4 Zinio LLC 31.12.2011 4.2.4164 notwendig |
31.07.2013, 19:06 | #10 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Hi, wenn du Programme instalierst: - informiere dich via Google Suche, Plus-HD: weg damit ist adware. z.B. ist Adware, hättest du auch als Info bei uns gefunden. - lies die Lizenzverträge bzw AGBS - instaliere Programme bzw Updates immer Nutzerdefiniert, wähle toolbars etc ab. es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig. Stoppe bei Problemen, poste diese. 1. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: FoxyDeal LyricsContainer Plus-HD: weg damit ist adware. Öffne CCleaner, analysieren, starten, PC neustarten. 2. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten. 3. HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen. Log speichern und posten, bzw als XML exportieren, packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.07.2013, 19:44 | #11 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 31/07/2013 um 20:26:12 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Marv - MARV-HP # Bootmodus : Normal # Ausgeführt unter : C:\Users\Marv\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Gelöscht mit Neustart : C:\Program Files\SoftwareUpdater Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater Ordner Gelöscht : C:\Program Files\Covus Freemium Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium Ordner Gelöscht : C:\Users\Marv\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Marv\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\Marv\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\staged ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.4 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\FoxyDeal Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033434.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033434.Sandbox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033434.Sandbox.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341134} Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\Software\Plus-HD-2.4 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311341134} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322342234} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355345534} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366346634} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341134} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345534} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346634} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\ub8y3vr2.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v28.0.1500.72 Datei : C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [5339 octets] - [31/07/2013 20:26:12] ########## EOF - C:\AdwCleaner[S1].txt - [5399 octets] ########## Code:
ATTFilter HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : MARV-HP Windows . . . . . . . : 6.1.1.7601.X64/8 User name . . . . . . : Marv-HP\Marv UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-07-31 20:38:24 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 211 Objects scanned . . . : 1.286.091 Files scanned . . . . : 38.352 Remnants scanned . . : 365.199 files / 882.540 keys Suspicious files ____________________________________________________________ C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wc002316.dll Size . . . . . . . : 951.565 bytes Age . . . . . . . : 1.2 days (2013-07-30 15:23:47) Entropy . . . . . : 7.6 SHA-256 . . . . . : 28FDCBC64DEB82D8A64A4770F2B616CE5E95B4751BBE6FA459DD2B64A12298CF Fuzzy . . . . . . : 23.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. The file appears to be part of an installation package or setup program. This is typical for most programs. Forensic Cluster -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\ -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\ -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\ -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.dll -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbag.dll -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wc002316.htm -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbns_c.dat -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wa001388.htm 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wc002316.dll 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wa001388.dll 2.3s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10 2.3s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10 2.5s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 2.5s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.dll Size . . . . . . . : 951.565 bytes Age . . . . . . . : 1.2 days (2013-07-30 15:23:47) Entropy . . . . . : 7.6 SHA-256 . . . . . : 28FDCBC64DEB82D8A64A4770F2B616CE5E95B4751BBE6FA459DD2B64A12298CF Fuzzy . . . . . . : 23.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. The file appears to be part of an installation package or setup program. This is typical for most programs. Forensic Cluster -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\ -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\ 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\ 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.dll 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbag.dll 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wc002316.htm 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbns_c.dat 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wa001388.htm 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wc002316.dll 0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wa001388.dll 2.4s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10 2.4s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10 2.6s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 2.6s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll Size . . . . . . . : 956.648 bytes Age . . . . . . . : 104.9 days (2013-04-17 22:56:30) Entropy . . . . . : 7.6 SHA-256 . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll Size . . . . . . . : 956.648 bytes Age . . . . . . . : 104.9 days (2013-04-17 22:56:30) Entropy . . . . . : 7.6 SHA-256 . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll Size . . . . . . . : 947.283 bytes Age . . . . . . . : 104.9 days (2013-04-17 22:41:38) Entropy . . . . . : 7.6 SHA-256 . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys Size . . . . . . . : 139.648 bytes Age . . . . . . . : 104.9 days (2013-04-17 22:42:30) Entropy . . . . . : 7.8 SHA-256 . . . . . : 164A5F0B9153B75F8955C44BFAE12B594B8D53922AE090132695FF2DAD191C8A RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\AppData\Local\PunkBuster\TWZ\pb\pbcl.dll Size . . . . . . . : 964.936 bytes Age . . . . . . . : 55.5 days (2013-06-06 07:41:32) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4B79C9E2ED01AF93CE240F235DB266B9276F6EEB9497D341B2CC04B7B640B3AE RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\AppData\Local\PunkBuster\TWZ\pb\PnkBstrK.sys Size . . . . . . . : 139.528 bytes Age . . . . . . . : 55.5 days (2013-06-06 07:41:46) Entropy . . . . . : 7.7 SHA-256 . . . . . : C2657515354653B5A7C17F3F9CA4B5F97B9442C976F5A9FC9A5FDB8A7392138E RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\wc002324.dll Size . . . . . . . : 966.584 bytes Age . . . . . . . : 1.1 days (2013-07-30 19:21:19) Entropy . . . . . : 7.6 SHA-256 . . . . . : F31CCD85C6A207C7650223676ED7FEDD1CB30F77D23B813F3C349FBD35879E51 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 24.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. Forensic Cluster -0.2s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\htm\wc002324.htm 0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\wc002324.dll C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbcl.dll Size . . . . . . . : 966.584 bytes Age . . . . . . . : 0.4 days (2013-07-31 11:10:36) Entropy . . . . . : 7.6 SHA-256 . . . . . : F31CCD85C6A207C7650223676ED7FEDD1CB30F77D23B813F3C349FBD35879E51 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 24.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbclold.dll Size . . . . . . . : 966.584 bytes Age . . . . . . . : 1.1 days (2013-07-30 19:12:29) Entropy . . . . . : 7.6 SHA-256 . . . . . : F31CCD85C6A207C7650223676ED7FEDD1CB30F77D23B813F3C349FBD35879E51 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 24.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. Forensic Cluster -3.9s C:\Users\Marv\Documents\MOHW\ -3.7s C:\Users\Marv\Documents\MOHW\Screenshots\ -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.db -0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\ -0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\ -0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbcl.db 0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbclold.dll 0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbag.dll 0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\scrnshot\ 0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\ 0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\htm\ 0.3s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrB.exe 10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys Size . . . . . . . : 140.768 bytes Age . . . . . . . : 1.1 days (2013-07-30 19:12:39) Entropy . . . . . : 7.8 SHA-256 . . . . . : 2851FAC9951AF256AEBFF91C734A747F9A0C91BE24BEDD982FE46EC43713BF4C RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 24.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. Forensic Cluster -14.7s C:\Users\Marv\Documents\MOHW\ -14.5s C:\Users\Marv\Documents\MOHW\Screenshots\ -10.7s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.db -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\ -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\ -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbcl.db -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbclold.dll -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbag.dll -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\scrnshot\ -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\ -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\htm\ -10.5s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrB.exe 0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys C:\Users\Marv\Documents\The War Z\pb\dll\wc002316.dll Size . . . . . . . : 964.936 bytes Age . . . . . . . : 55.5 days (2013-06-06 07:40:58) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4B79C9E2ED01AF93CE240F235DB266B9276F6EEB9497D341B2CC04B7B640B3AE RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. C:\Users\Marv\Documents\The War Z\pb\pbcl.dll Size . . . . . . . : 964.936 bytes Age . . . . . . . : 55.5 days (2013-06-06 07:40:58) Entropy . . . . . : 7.6 SHA-256 . . . . . : 4B79C9E2ED01AF93CE240F235DB266B9276F6EEB9497D341B2CC04B7B640B3AE RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. Program is code signed with a valid Authenticode certificate. Cookies _____________________________________________________________________ C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\0TGBW48L.txt C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\1DN6DDSZ.txt C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\H7QDCHAK.txt C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\U4SFAMZ6.txt |
31.07.2013, 20:58 | #12 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Hi, 1. alle Browser schließen, Hitmanpro Kookies löschen lassen. 2. neues OTL Log, nach Neustart
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.07.2013, 21:28 | #13 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) Wie meinen sie das mit Hitmanpro Kookies löschen ?? |
31.07.2013, 21:39 | #14 |
/// Malware-holic | Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) die Funde in dieser kategorie löschen. wenn du das nicht findest, lass es weg.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.07.2013, 21:58 | #15 |
| Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/31/2013 10:48:21 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marv\Desktop\Viren Vernichtungstrakt\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11.98 Gb Total Physical Memory | 10.03 Gb Available Physical Memory | 83.75% Memory free 23.96 Gb Paging File | 21.82 Gb Available in Paging File | 91.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.54 Gb Total Space | 721.74 Gb Free Space | 78.58% Space Free | Partition Type: NTFS Drive D: | 12.87 Gb Total Space | 1.58 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Computer Name: MARV-HP | User Name: Marv | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/30 18:53:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\Viren Vernichtungstrakt\OTL\OTL.exe PRC - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013/07/28 15:04:59 | 001,238,016 | ---- | M] (Easybits) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/03/11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/06/09 15:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/06/09 15:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2013/03/29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:64bit: - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012/04/24 20:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2010/10/11 12:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013/07/27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/06/12 18:26:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/04 15:05:06 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/05/09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/03/11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/07/30 22:16:34 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/06/21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2013/05/23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/17 17:27:56 | 000,040,696 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService) DRV:64bit: - [2013/05/16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/05/09 04:23:38 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:64bit: - [2013/05/07 16:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2013/04/25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/24 12:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2013/04/16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2013/04/10 11:09:24 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/03/29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/03/05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw) DRV:64bit: - [2012/04/24 20:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/31 11:01:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2011/12/31 10:39:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/12/31 10:39:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/21 01:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011/04/21 01:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/08/18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010/04/27 19:43:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu) DRV:64bit: - [2009/11/24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/10/20 11:03:16 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013/07/30 12:13:19 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130730.032\ex64.sys -- (NAVEX15) DRV - [2013/07/30 12:13:19 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/30 12:13:19 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/07/30 12:13:19 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130730.032\eng64.sys -- (NAVENG) DRV - [2013/07/27 05:08:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130730.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus IE - HKCU\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/07/31 22:46:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/07/30 21:47:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\125.xpi [2013/04/16 19:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions [2013/07/31 20:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions [2013/07/29 21:51:25 | 000,000,000 | ---D | M] ("Plus-HD-2.4") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com [2013/07/29 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com\chrome\content\extensionCode [2013/06/22 10:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/04/17 14:14:37 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Marv\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Battlefield Heroes = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\ CHR - Extension: Google-Suche = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/07/30 21:28:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001B9B5E-958A-4C68-A5E8-F264E017B527}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACF081F-C756-495C-B1C9-4F590E714AB7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/31 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Viren Vernichtungstrakt [2013/07/31 20:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/07/31 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater [2013/07/31 19:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/07/31 19:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/07/31 19:29:09 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Malwarebytes [2013/07/31 19:28:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/07/31 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/31 19:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/07/31 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/31 14:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup 3.0 [2013/07/31 14:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0 [2013/07/31 12:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2013/07/31 12:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune [2013/07/31 11:55:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/07/31 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\PCCUStubInstaller [2013/07/30 22:15:42 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys [2013/07/30 22:15:42 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys [2013/07/30 22:15:42 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys [2013/07/30 22:15:42 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys [2013/07/30 22:15:42 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys [2013/07/30 22:15:42 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys [2013/07/30 22:15:42 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys [2013/07/30 22:15:42 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys [2013/07/30 22:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1404000.028 [2013/07/30 21:46:53 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/07/30 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/07/30 21:45:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64 [2013/07/30 21:45:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2013/07/30 21:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2013/07/30 21:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013/07/30 21:31:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/30 21:23:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/30 21:23:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/30 21:23:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/30 21:15:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/30 21:15:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/30 21:09:15 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\01910157.sys [2013/07/30 20:49:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/30 19:12:25 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\MOHW [2013/07/30 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor™ Warfighter [2013/07/30 15:24:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013/07/30 00:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013/07/30 00:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013/07/30 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013/07/30 00:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013/07/30 00:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013/07/30 00:38:04 | 000,033,008 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys [2013/07/30 00:34:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\WinBatch [2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmUStor [2013/07/30 00:31:14 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013/07/30 00:31:06 | 000,000,000 | ---D | C] -- C:\Intel [2013/07/30 00:31:01 | 000,000,000 | ---D | C] -- C:\temp [2013/07/29 21:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2013/07/29 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW 2013 Home Edition [2013/07/29 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Programs [2013/07/29 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Freemium Driver Utilities [2013/07/29 21:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDriverScout [2013/07/29 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater [2013/07/29 21:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013/07/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Robot Entertainment [2013/07/28 15:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits Magic Desktop for HP [2013/07/17 23:06:47 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Remedy [2013/07/16 20:14:22 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Dwarfs [2013/07/16 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\vlc [2013/07/16 19:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/07/15 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2013/07/15 20:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Origin [2013/07/04 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Origin [2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013/07/04 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013/07/04 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\SCE ========== Files - Modified Within 30 Days ========== [2013/07/31 22:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/31 22:45:54 | 1058,258,942 | -HS- | M] () -- C:\hiberfil.sys [2013/07/31 22:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/31 21:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job [2013/07/31 21:18:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARV-HP$.job [2013/07/31 21:01:29 | 000,002,366 | ---- | M] () -- C:\Users\Marv\Desktop\Google Chrome.lnk [2013/07/31 20:36:30 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/31 20:36:30 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/31 20:26:55 | 000,000,100 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/31 14:21:23 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk [2013/07/31 12:03:08 | 000,000,892 | ---- | M] () -- C:\Users\Marv\Desktop\HD Tune.lnk [2013/07/31 11:59:08 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job [2013/07/31 11:10:40 | 000,291,328 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013/07/31 11:10:40 | 000,291,328 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/07/31 11:09:38 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013/07/31 10:30:19 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/07/31 10:29:41 | 001,819,324 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB [2013/07/30 22:16:35 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/07/30 22:16:34 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/07/30 22:16:34 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/07/30 21:28:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/07/30 21:09:15 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\01910157.sys [2013/07/30 20:51:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarv.job [2013/07/30 15:24:20 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013/07/30 00:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2013/07/30 00:43:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf [2013/07/30 00:39:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2013/07/29 21:53:34 | 000,001,033 | ---- | M] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk [2013/07/29 21:50:24 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk [2013/07/29 12:27:07 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url [2013/07/17 14:33:02 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Alan Wake.url [2013/07/17 14:32:21 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Terraria.url [2013/07/17 14:32:18 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url [2013/07/17 14:32:14 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\PlanetSide 2.url [2013/07/17 14:32:11 | 000,000,220 | ---- | M] () -- C:\Users\Marv\Desktop\Killing Floor.url [2013/07/17 14:32:06 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url [2013/07/17 14:32:03 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url [2013/07/17 14:32:00 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Castle Crashers.url [2013/07/17 14:31:57 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url [2013/07/17 14:31:53 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url [2013/07/17 14:31:49 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Borderlands 2.url [2013/07/17 10:36:07 | 000,510,899 | ---- | M] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe [2013/07/11 19:39:26 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/11 19:39:26 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/07/11 19:39:26 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/11 19:39:26 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/07/11 19:39:26 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/10 17:51:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/07/10 08:18:26 | 000,001,100 | ---- | M] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk [2013/07/09 22:01:16 | 000,000,462 | ---- | M] () -- C:\Users\Marv\Desktop\HouseTime.asx [2013/07/09 22:00:25 | 000,000,470 | ---- | M] () -- C:\Users\Marv\Desktop\TechnoBase.asx [2013/07/08 17:50:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/04 15:24:08 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013/07/02 03:03:16 | 001,590,994 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013/07/31 20:26:33 | 000,000,100 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/31 14:21:23 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk [2013/07/31 12:06:20 | 000,024,576 | ---- | C] () -- C:\Users\Marv\Desktop\memtest.exe [2013/07/31 12:03:07 | 000,000,892 | ---- | C] () -- C:\Users\Marv\Desktop\HD Tune.lnk [2013/07/31 10:29:22 | 001,819,324 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB [2013/07/30 22:17:20 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021 [2013/07/30 22:15:42 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat [2013/07/30 22:15:42 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat [2013/07/30 22:15:42 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat [2013/07/30 22:15:42 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat [2013/07/30 22:15:42 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat [2013/07/30 22:15:42 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat [2013/07/30 22:15:42 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf [2013/07/30 22:15:42 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf [2013/07/30 22:15:42 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf [2013/07/30 22:15:42 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf [2013/07/30 22:15:42 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf [2013/07/30 22:15:42 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf [2013/07/30 22:15:42 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf [2013/07/30 22:15:42 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf [2013/07/30 22:15:36 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat [2013/07/30 22:15:36 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat [2013/07/30 22:15:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini [2013/07/30 21:46:53 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/07/30 21:46:53 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/07/30 21:46:46 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013/07/30 21:23:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/30 21:23:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/30 21:23:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/30 21:23:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/30 21:23:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/30 15:24:19 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk [2013/07/30 00:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2013/07/30 00:43:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf [2013/07/30 00:39:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2013/07/29 21:53:34 | 000,001,033 | ---- | C] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk [2013/07/29 21:50:23 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk [2013/07/29 12:27:07 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url [2013/07/17 14:33:02 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Alan Wake.url [2013/07/17 14:32:21 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Terraria.url [2013/07/17 14:32:18 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url [2013/07/17 14:32:14 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\PlanetSide 2.url [2013/07/17 14:32:11 | 000,000,220 | ---- | C] () -- C:\Users\Marv\Desktop\Killing Floor.url [2013/07/17 14:32:06 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url [2013/07/17 14:32:03 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url [2013/07/17 14:32:00 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Castle Crashers.url [2013/07/17 14:31:57 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url [2013/07/17 14:31:53 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url [2013/07/17 14:31:49 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Borderlands 2.url [2013/07/17 10:36:17 | 000,510,899 | ---- | C] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe [2013/07/15 20:50:09 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013/07/10 08:18:26 | 000,001,100 | ---- | C] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk [2013/07/09 22:01:21 | 000,000,462 | ---- | C] () -- C:\Users\Marv\Desktop\HouseTime.asx [2013/07/09 22:00:31 | 000,000,470 | ---- | C] () -- C:\Users\Marv\Desktop\TechnoBase.asx [2013/07/04 15:24:08 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013/05/24 21:12:26 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2013/05/24 21:12:26 | 000,000,232 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2013/05/24 21:12:14 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2013/05/24 21:12:14 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini [2013/05/24 21:12:14 | 000,000,112 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2013/04/17 22:30:55 | 000,291,328 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013/04/17 22:30:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013/03/30 17:58:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/03/30 16:13:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2013/03/29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013/03/29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012/12/19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/12/19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/12/31 11:01:55 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2011/12/31 10:52:59 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/07/17 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.minecraft [2013/04/23 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.technic [2013/04/04 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Curse Advertising [2013/04/17 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoft [2013/07/16 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Dwarfs [2013/05/13 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ftblauncher [2013/03/30 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Leadertech [2013/04/12 21:25:47 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\LolClient [2013/07/30 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Origin [2013/07/31 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\PCCUStubInstaller [2013/06/22 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\SoftGrid Client [2013/04/26 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Teeworlds [2013/03/30 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TP [2013/07/31 20:01:10 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TS3Client [2013/07/30 00:34:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > Ich hoffe das war richtig |
Themen zu Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) |
ads, andere, anderen, facebook, google, grund, hilfe internet, inter, interne, internet, internetseite, internetseiten, leute, not, seite, seiten, this, web.de, website, weiterhelfen, werbung |