| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.05.2014, 14:41
| #1 |
 |  Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Hallo zusammen. Mittlerweile bin ich seit über 15 Jahren im I-net unterwegs, aber was ich mir aktuell eingefangen habe, übertrifft leider alles :-( Normalerweise löse ich alle meine Probleme selbst, aber im aktuellen Fall weiß ich leider nicht mehr weiter und bitte um eure Hilfe. Am Wochenende wollte ich ein altes Dos-Spiel kostenlos herunterladen, anstelle dessen, hatte ich auf einmal etliche Zusatzprogramme auf dem Rechner. Leider war ich da viel zu naiv und hab die Anleitung nicht genügend gelesen... Neben dem "Allin1 Converter" habe ich seitdem auch anstelle der Google Startseite eine "V9" Suchmaschine im Explorer. Als darauf im Inet nach Hilfe suchte, wollte ich ein "Allin1Converter Removal-Tool" testen, was aber genau das Gegenteil bewirkte. Seitdem kann ich in keinem Programm mehr Updates durchführen, obwohl eine Internet-Verbindung da ist. Anschließend hatte ich noch den Spyhunter ausprobieren wollen, während dem Scan hab ich jedoch im Netz gelesen, dass dieses angebliche "Anti-Tool" noch mehr Schaden anrichten kann. Natürlich hab ich es gleich wieder deinstalliert. Mein NIS2014 konnte ich kurze Zeit später gar nicht mehr starten und seitdem hab ich auch kein Virenprogramm mehr auf dem Rechner. Ich hoffe ihr könnt mir helfen und bedanke mich schonmal sehr für eure Bemühungen. :-) Anbei die kompletten Files, zuerst FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Thomas (administrator) on THOMAS-PC on 29-05-2014 14:59:56 Running from E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\KBGJEN3F Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe (CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-10] (Realtek Semiconductor) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] () HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [599600 2007-06-04] (CyberLink Corporation.) HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-05-20] (Bitleader) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X] HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.) HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [Power2GoExpress] => [X] HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {92074f2c-cac6-11e2-98cd-00044b194c38} - I:\Setup.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60231198C81CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119662&babsrc=SP_ss&mntrId=98EB00044B194C38 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869 BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [258664] (NVIDIA) Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [304744] (NVIDIA) Tcpip\..\Interfaces\{02BF2190-F168-4AD9-B746-B245C3C0B0E4}: [NameServer]10.80.14.254 Tcpip\..\Interfaces\{83F675D9-69E6-4ECF-B1BF-829ECB07BF67}: [NameServer]192.168.178.100 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - E:\Spiele\Trials\datapack\orbit\npuplaypc.dll No File FF user.js: detected! => C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Allin1Convert - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\8hffxtbr@Allin1Convert_8h.com [2014-05-25] FF Extension: Quick Start - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\quick_start@gmail.com [2014-05-25] FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01] FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com FF Extension: Speed Analysis 2 - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-04-27] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-02] FF HKCU\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com FF Extension: Speed Analysis 2 - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-04-27] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () R2 MBAMScheduler; E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-19] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2014-01-03] (Sony DADC Austria AG.) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-15] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.) R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [369912 2007-06-04] (CyberLink Corporation.) S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [36352 2013-09-15] (CSR, plc) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-02] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\ENG64.SYS [126040 2014-05-10] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\EX64.SYS [2099288 2014-05-10] (Symantec Corporation) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-02] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.) R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [32240 2007-11-05] (Cyberlink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 14:59 - 2014-05-29 14:59 - 00000000 ____D () C:\FRST 2014-05-29 14:58 - 2014-05-29 14:58 - 00000168 _____ () C:\Users\Thomas\defogger_reenable 2014-05-27 23:48 - 2014-05-29 14:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 23:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-27 23:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-27 23:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-27 23:14 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-27 23:14 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini 2014-05-27 07:07 - 2014-05-27 07:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-27 06:56 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-27 06:56 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-27 06:56 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-27 06:56 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-27 06:56 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-27 06:56 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-27 06:54 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-27 06:54 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-27 06:54 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-27 06:54 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-27 06:54 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-27 06:54 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-27 06:54 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-27 06:54 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-27 06:54 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-27 06:54 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-27 06:54 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-27 06:54 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-27 06:54 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-27 06:54 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-27 06:54 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-27 06:54 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-27 06:54 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log 2014-05-26 23:38 - 2014-05-27 23:31 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SearchProtect 2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software 2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat 2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool 2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool 2014-05-25 22:30 - 2014-05-25 22:30 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-05-25 22:29 - 2014-05-26 21:38 - 00000000 ____D () C:\ProgramData\WPM 2014-05-25 22:29 - 2014-05-25 22:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\v9 2014-05-25 22:22 - 2014-05-25 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH 2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox 2014-05-25 01:14 - 2014-05-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software 2014-05-25 01:13 - 2014-05-26 23:26 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-05-25 01:09 - 2014-05-25 01:09 - 00000000 ____D () C:\Program Files (x86)\Allin1Convert_8h 2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups 2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-01 22:48 - 2014-05-02 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 23:07 - 2014-05-27 06:56 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-29 15:00 - 2013-06-08 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 14:59 - 2014-05-29 14:59 - 00000000 ____D () C:\FRST 2014-05-29 14:58 - 2014-05-29 14:58 - 00000168 _____ () C:\Users\Thomas\defogger_reenable 2014-05-29 14:58 - 2013-03-07 19:44 - 01359711 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 14:58 - 2013-03-07 19:44 - 00000000 ____D () C:\Users\Thomas 2014-05-29 14:54 - 2014-05-27 23:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-29 14:54 - 2014-01-03 16:08 - 00034790 _____ () C:\Windows\setupact.log 2014-05-29 14:54 - 2014-01-03 15:59 - 00022826 _____ () C:\Windows\PFRO.log 2014-05-29 14:54 - 2013-06-08 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 14:54 - 2013-05-20 20:26 - 00000367 _____ () C:\Windows\lgfwup.ini 2014-05-29 14:54 - 2013-05-20 20:26 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2014-05-29 14:54 - 2013-05-20 20:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Hi-Def Suite 2014-05-29 14:54 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-29 14:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-28 00:41 - 2013-05-20 22:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc 2014-05-28 00:01 - 2011-04-12 09:43 - 00702916 _____ () C:\Windows\system32\perfh007.dat 2014-05-28 00:01 - 2011-04-12 09:43 - 00150574 _____ () C:\Windows\system32\perfc007.dat 2014-05-28 00:01 - 2009-07-14 07:13 - 01629210 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-28 00:01 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-28 00:01 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-27 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 23:47 - 2014-01-18 00:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-27 23:31 - 2014-05-26 23:38 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-05-27 23:15 - 2013-06-16 20:33 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps 2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini 2014-05-27 07:11 - 2014-05-27 07:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-27 06:57 - 2014-03-21 20:14 - 00000000 ___RD () C:\Users\Thomas\Eigene Bilder 2014-05-27 06:57 - 2013-04-28 10:12 - 00000754 __RSH () C:\Users\Thomas\ntuser.pol 2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-27 06:56 - 2014-04-30 23:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-27 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-27 06:55 - 2013-07-11 20:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-27 06:55 - 2013-03-08 15:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log 2014-05-26 23:26 - 2014-05-25 01:13 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-26 23:26 - 2013-06-01 16:35 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-05-26 23:26 - 2013-04-27 21:29 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-05-26 23:26 - 2013-04-27 21:12 - 00000000 ____D () C:\ProgramData\Norton 2014-05-26 23:26 - 2013-03-07 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-26 23:26 - 2013-03-07 19:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-26 23:26 - 2013-03-07 19:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-05-26 23:25 - 2013-12-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-26 23:25 - 2013-06-01 16:06 - 00000000 ____D () C:\ProgramData\Real 2014-05-26 23:25 - 2013-03-15 20:45 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation 2014-05-26 23:25 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-26 23:21 - 2014-05-26 23:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\SearchProtect 2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool 2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool 2014-05-26 23:20 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software 2014-05-26 22:53 - 2014-05-25 01:14 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat 2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-05-26 21:38 - 2014-05-25 22:29 - 00000000 ____D () C:\ProgramData\WPM 2014-05-25 22:35 - 2013-05-31 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\UseNeXT 2014-05-25 22:30 - 2014-05-25 22:30 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-05-25 22:29 - 2014-05-25 22:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\v9 2014-05-25 22:24 - 2014-05-25 22:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH 2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software 2014-05-25 01:09 - 2014-05-25 01:09 - 00000000 ____D () C:\Program Files (x86)\Allin1Convert_8h 2014-05-16 23:39 - 2013-03-09 15:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-16 23:39 - 2013-03-09 15:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 19:55 - 2013-03-09 15:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-12 07:26 - 2014-05-27 23:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-27 23:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-27 23:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-10 16:55 - 2013-06-08 19:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 16:55 - 2013-06-08 19:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-27 06:54 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-27 06:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 23:06 - 2013-06-01 16:36 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite 2014-05-06 06:40 - 2014-05-27 06:56 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-27 06:56 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-27 06:56 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-27 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:52 - 2013-06-14 23:42 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups 2014-05-04 15:09 - 2013-09-14 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-05-04 15:09 - 2013-05-20 21:40 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-05-04 15:09 - 2013-05-20 21:38 - 00000000 ____D () C:\ProgramData\DivX 2014-05-03 16:12 - 2013-04-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-02 23:01 - 2013-04-27 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-02 23:01 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-05-02 22:47 - 2013-04-27 21:29 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-05-02 22:47 - 2013-04-27 21:29 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-05-02 22:47 - 2013-04-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-05-02 22:17 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-05-02 21:21 - 2014-05-01 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 20:29 - 2014-01-12 02:12 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-30 20:29 - 2014-01-12 02:12 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-25 14:30 ==================== End Of Log ============================ --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Thomas at 2014-05-29 15:01:33
Running from E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\KBGJEN3F
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Def Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1603 - CyberLink Corporation)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LiveReg (Symantec Corporation) (HKLM-x32\...\LiveReg) (Version: 2.2.0.1621 - Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 1.80.19.0 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Power2Go 5.0 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.3516b.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.)
Unreal Tournament 2003 (HKLM-x32\...\UT2003) (Version: - )
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {010966FF-AC4D-4A45-B287-341F9FD4986D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3EE517E8-97BE-4446-9416-D2E678C5B3A7} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {48C74235-7685-4C17-83E8-7066208E7C75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49245E44-C88A-4354-A9BB-AA3AE81DA7A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4EA68CE3-9D36-4B66-8943-1262343FEFBE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {671B630A-3C84-42AF-8221-4416F83CB4D1} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6E1DDB6A-0A0F-4CB6-8590-60F908D539FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: {7992CF1F-57C7-464D-AD60-F9AD658DB258} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B340EA14-8C35-43BC-B0E1-9BB6A22B611A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {C47B0E36-3EDC-4486-B2BD-FFC34A1311A3} - System32\Tasks\{0B8197AB-6971-492C-A043-E3EED5F1B14D} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D02C561A-CF82-45CF-9BDC-11B3BAA390B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {D03FF41E-459B-41C2-98D7-7A90CC04FB76} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D65D8DB6-2874-4E9C-81DD-2481E352B261} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D85750D4-27AB-467A-AE4C-28F262A5F065} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-07 19:55 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-10-19 17:49 - 2013-10-19 17:49 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-05-16 22:31 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2013-05-16 22:31 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-05-20 20:24 - 2007-04-10 16:27 - 08365616 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
Name: NVIDIA Enthusiasts Platform KDM
Description: NVIDIA Enthusiasts Platform KDM
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA Corporation
Service: nvoclk64
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2014 02:54:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:54:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:28:35 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 11:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GFExperience.exe, Version: 12.4.67.0, Zeitstempel: 0x535faf22
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x18c
Startzeit der fehlerhaften Anwendung: 0xGFExperience.exe0
Pfad der fehlerhaften Anwendung: GFExperience.exe1
Pfad des fehlerhaften Moduls: GFExperience.exe2
Berichtskennung: GFExperience.exe3
Error: (05/27/2014 11:15:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
bei System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
bei System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass9`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__6()
bei System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+PeriodicTimer.Tick(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (05/27/2014 10:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 07:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:59:51 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 06:57:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/29/2014 02:54:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/29/2014 02:54:27 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/29/2014 02:54:27 PM) (Source: volsnap) (EventID: 29) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error: (05/27/2014 11:54:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/27/2014 11:54:07 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/27/2014 11:28:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/27/2014 10:53:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/27/2014 10:53:12 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (05/27/2014 07:12:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/27/2014 07:11:53 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Microsoft Office Sessions:
=========================
Error: (05/29/2014 02:54:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:54:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 11:28:35 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 11:15:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GFExperience.exe12.4.67.0535faf22KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d18c01cf79f0a87059e8C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\Windows\syswow64\KERNELBASE.dllf667b358-e5e3-11e3-8227-00044b194c38
Error: (05/27/2014 11:15:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
bei System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
bei System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass9`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__6()
bei System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+PeriodicTimer.Tick(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (05/27/2014 10:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 07:12:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:59:51 AM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Failed to uninstall service
Error: (05/27/2014 06:57:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2014 06:48:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-06-08 20:13:22.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:13:22.776
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.550
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.519
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.614
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.567
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8190.54 MB
Available physical RAM: 5996.3 MB
Total Pagefile: 16379.26 MB
Available Pagefile: 14009.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (System Win7) (Fixed) (Total:232.79 GB) (Free:181.03 GB) NTFS
Drive d: (GermanAbdoerPAL) (CDROM) (Total:3.31 GB) (Free:0 GB) UDF
Drive e: (Daten Win7) (Fixed) (Total:931.39 GB) (Free:496.74 GB) NTFS
Drive f: (Daten XP) (Fixed) (Total:205.54 GB) (Free:141.19 GB) NTFS
Drive g: (System XP) (Fixed) (Total:390.63 GB) (Free:298.71 GB) NTFS
Drive h: (Backup) (Fixed) (Total:465.76 GB) (Free:185.35 GB) NTFS
Drive i: (Borderlands 2) (CDROM) (Total:7.14 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DF55BA9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1D2B1D2B)
Partition 1: (Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=206 GB) - (Type=05)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: ECADB5B8)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 0CD20CD2)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-29 15:17:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 Samsung_ rev.DXT0 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwriipod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000193f00 7 bytes [00, 98, F3, FF, 01, A6, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000193f08 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[2184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2352] entry point in ".rdata" section 00000000732f71e6
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006ed81a22 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006ed81ad0 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006ed81b08 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006ed81bba 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006ed81bda 2 bytes [D8, 6E]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000076213e78 5 bytes JMP 0000000102a60048
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\ole32.dll!CoCreateInstance + 62 0000000076839d49 7 bytes JMP 0000000102a6020c
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765e1465 2 bytes [5E, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765e14bb 2 bytes [5E, 76]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27.05.2014 Scan Time: 23:48:42 Logfile: MalwareScanLog1.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.03.04.09 Rootkit Database: v2014.02.20.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Thomas Scan Type: Threat Scan Result: Completed Objects Scanned: 232472 Time Elapsed: 4 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.Conduit.A, C:\Users\Thomas\AppData\Local\Temp\CT3325809, Quarantined, [4108f708e496d75fac580285ac5601ff], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [9cad758aec8ebc7aa1c3bfca8181fe02], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [9cad758aec8ebc7aa1c3bfca8181fe02], Files: 3 PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Quarantined, [07423ec178023cfa0ea35e10629e56aa], PUP.Optional.V9.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [91b8c6390575cd696e36078947bb9d63], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [9cad758aec8ebc7aa1c3bfca8181fe02], Physical Sectors: 0 (No malicious items detected) (end) |
|
29.05.2014, 15:22
| #2 |
 | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Hallo und willkommen an Board, TomTom007  Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen. Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:
Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Bitte starte  FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.
__________________ |
|
29.05.2014, 16:02
| #3 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiertCode:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 29/05/2014 um 16:44:20
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Thomas - THOMAS-PC
# Gestartet von : E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\89EN1RTQ\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Allin1Convert_8h
Ordner Gelöscht : C:\Program Files (x86)\MSR
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Allin1Convert_8h
Ordner Gelöscht : C:\Users\Thomas\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\v9
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Allin1Convert_8h
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\8hffxtbr@Allin1Convert_8h.com
Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\user.js
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : E:\Desktop\Internet Explorer 11.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5010 octets] - [29/05/2014 16:43:28]
AdwCleaner[S0].txt - [4303 octets] - [29/05/2014 16:44:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4363 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.05.2014 Suchlauf-Zeit: 16:46:59 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.02.20.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Thomas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 232694 Verstrichene Zeit: 3 Min, 57 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Thomas on 29.05.2014 at 16:52:31,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2443172153-1165150917-4237551373-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.05.2014 at 16:57:53,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Thomas (administrator) on THOMAS-PC on 29-05-2014 17:00:29
Running from E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\63G9V47U
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-10] (Realtek Semiconductor)
HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] ()
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [599600 2007-06-04] (CyberLink Corporation.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-05-20] (Bitleader)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X]
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.)
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {92074f2c-cac6-11e2-98cd-00044b194c38} - I:\autoset.exe
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {dee24a87-e732-11e3-8b3c-00044b194c37} - K:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60231198C81CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\..\Interfaces\{02BF2190-F168-4AD9-B746-B245C3C0B0E4}: [NameServer]10.80.14.254
Tcpip\..\Interfaces\{83F675D9-69E6-4ECF-B1BF-829ECB07BF67}: [NameServer]192.168.178.100
FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - E:\Spiele\Trials\datapack\orbit\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-02]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2013-08-14]
==================== Services (Whitelisted) =================
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
S2 MBAMScheduler; E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-19] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2014-01-03] (Sony DADC Austria AG.)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-15] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [369912 2007-06-04] (CyberLink Corporation.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [36352 2013-09-15] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-02] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\ENG64.SYS [126040 2014-05-10] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\EX64.SYS [2099288 2014-05-10] (Symantec Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-02] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [32240 2007-11-05] (Cyberlink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 16:42 - 2014-05-29 16:44 - 00000000 ____D () C:\AdwCleaner
2014-05-29 15:12 - 2014-05-29 15:12 - 00290552 _____ () C:\Windows\Minidump\052914-14710-01.dmp
2014-05-29 15:09 - 2014-05-29 15:09 - 00290512 _____ () C:\Windows\Minidump\052914-14492-01.dmp
2014-05-29 15:06 - 2014-05-29 15:12 - 436930731 _____ () C:\Windows\MEMORY.DMP
2014-05-29 15:06 - 2014-05-29 15:12 - 00000000 ____D () C:\Windows\Minidump
2014-05-29 15:06 - 2014-05-29 15:06 - 00290840 _____ () C:\Windows\Minidump\052914-14508-01.dmp
2014-05-29 14:59 - 2014-05-29 17:00 - 00000000 ____D () C:\FRST
2014-05-27 23:48 - 2014-05-29 16:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 23:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 23:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-27 23:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-27 23:14 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-27 23:14 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini
2014-05-27 07:07 - 2014-05-27 07:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-27 06:56 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-27 06:56 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-27 06:56 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-27 06:56 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-27 06:56 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-27 06:56 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-27 06:54 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-27 06:54 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-27 06:54 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-27 06:54 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-27 06:54 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-27 06:54 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-27 06:54 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-27 06:54 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-27 06:54 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-27 06:54 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-27 06:54 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-27 06:54 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-27 06:54 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-27 06:54 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-27 06:54 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-27 06:54 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-27 06:54 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-27 06:54 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-27 06:54 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-27 06:54 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-27 06:54 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-27 06:54 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-27 06:54 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-27 06:54 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-27 06:54 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-27 06:54 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-27 06:54 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-27 06:54 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log
2014-05-26 23:38 - 2014-05-27 23:31 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software
2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat
2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool
2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool
2014-05-25 22:22 - 2014-05-25 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH
2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox
2014-05-25 01:14 - 2014-05-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software
2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software
2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups
2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-01 22:48 - 2014-05-02 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 23:07 - 2014-05-27 06:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-29 17:00 - 2014-05-29 14:59 - 00000000 ____D () C:\FRST
2014-05-29 17:00 - 2013-06-08 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 17:00 - 2013-06-08 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 16:59 - 2013-06-16 20:33 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 16:52 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 16:52 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 16:51 - 2011-04-12 09:43 - 00702916 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 16:51 - 2011-04-12 09:43 - 00150574 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 16:51 - 2009-07-14 07:13 - 01629210 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 16:48 - 2013-03-07 19:44 - 01374777 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 16:46 - 2014-05-27 23:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 16:45 - 2014-01-03 16:08 - 00037222 _____ () C:\Windows\setupact.log
2014-05-29 16:45 - 2014-01-03 15:59 - 00023718 _____ () C:\Windows\PFRO.log
2014-05-29 16:45 - 2013-05-20 20:26 - 00000367 _____ () C:\Windows\lgfwup.ini
2014-05-29 16:45 - 2013-05-20 20:26 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-05-29 16:45 - 2013-05-20 20:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Hi-Def Suite
2014-05-29 16:45 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 16:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 16:44 - 2014-05-29 16:42 - 00000000 ____D () C:\AdwCleaner
2014-05-29 16:29 - 2013-03-07 19:44 - 00000000 ____D () C:\Users\Thomas
2014-05-29 15:12 - 2014-05-29 15:12 - 00290552 _____ () C:\Windows\Minidump\052914-14710-01.dmp
2014-05-29 15:12 - 2014-05-29 15:06 - 436930731 _____ () C:\Windows\MEMORY.DMP
2014-05-29 15:12 - 2014-05-29 15:06 - 00000000 ____D () C:\Windows\Minidump
2014-05-29 15:12 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-29 15:09 - 2014-05-29 15:09 - 00290512 _____ () C:\Windows\Minidump\052914-14492-01.dmp
2014-05-29 15:06 - 2014-05-29 15:06 - 00290840 _____ () C:\Windows\Minidump\052914-14508-01.dmp
2014-05-28 00:41 - 2013-05-20 22:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-05-27 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-27 23:47 - 2014-01-18 00:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 23:31 - 2014-05-26 23:38 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini
2014-05-27 07:11 - 2014-05-27 07:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-27 06:57 - 2014-03-21 20:14 - 00000000 ___RD () C:\Users\Thomas\Eigene Bilder
2014-05-27 06:57 - 2013-04-28 10:12 - 00000754 __RSH () C:\Users\Thomas\ntuser.pol
2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 06:56 - 2014-04-30 23:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-27 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-27 06:55 - 2013-07-11 20:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-27 06:55 - 2013-03-08 15:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log
2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-26 23:26 - 2013-06-01 16:35 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-05-26 23:26 - 2013-04-27 21:29 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-26 23:26 - 2013-04-27 21:12 - 00000000 ____D () C:\ProgramData\Norton
2014-05-26 23:26 - 2013-03-07 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 23:26 - 2013-03-07 19:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-26 23:26 - 2013-03-07 19:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-26 23:25 - 2013-12-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-26 23:25 - 2013-06-01 16:06 - 00000000 ____D () C:\ProgramData\Real
2014-05-26 23:25 - 2013-03-15 20:45 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation
2014-05-26 23:25 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool
2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool
2014-05-26 23:20 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software
2014-05-26 22:53 - 2014-05-25 01:14 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat
2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-25 22:35 - 2013-05-31 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\UseNeXT
2014-05-25 22:24 - 2014-05-25 22:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH
2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox
2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software
2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software
2014-05-16 23:39 - 2013-03-09 15:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 23:39 - 2013-03-09 15:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 19:55 - 2013-03-09 15:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-27 23:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-27 23:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-27 23:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 16:55 - 2013-06-08 19:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 16:55 - 2013-06-08 19:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-27 06:54 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-27 06:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 23:06 - 2013-06-01 16:36 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
2014-05-06 06:40 - 2014-05-27 06:56 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-27 06:56 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-27 06:56 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-27 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 21:52 - 2013-06-14 23:42 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups
2014-05-04 15:09 - 2013-09-14 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-04 15:09 - 2013-05-20 21:40 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-04 15:09 - 2013-05-20 21:38 - 00000000 ____D () C:\ProgramData\DivX
2014-05-03 16:12 - 2013-04-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-02 23:01 - 2013-04-27 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-02 23:01 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-05-02 22:47 - 2013-04-27 21:29 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-05-02 22:47 - 2013-04-27 21:29 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-05-02 22:47 - 2013-04-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-02 22:17 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-05-02 21:21 - 2014-05-01 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-30 20:29 - 2014-01-12 02:12 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-30 20:29 - 2014-01-12 02:12 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-25 14:30
==================== End Of Log ============================
|
|
29.05.2014, 16:09
| #4 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Das Addition Logfile fehlt.
__________________ Proud member of Unite |
|
29.05.2014, 16:10
| #5 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiertCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Thomas at 2014-05-29 17:00:44
Running from E:\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\63G9V47U
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Def Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1603 - CyberLink Corporation)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LiveReg (Symantec Corporation) (HKLM-x32\...\LiveReg) (Version: 2.2.0.1621 - Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 1.80.19.0 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Power2Go 5.0 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.3516b.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.)
Unreal Tournament 2003 (HKLM-x32\...\UT2003) (Version: - )
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {010966FF-AC4D-4A45-B287-341F9FD4986D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3EE517E8-97BE-4446-9416-D2E678C5B3A7} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {48C74235-7685-4C17-83E8-7066208E7C75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49245E44-C88A-4354-A9BB-AA3AE81DA7A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4EA68CE3-9D36-4B66-8943-1262343FEFBE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {671B630A-3C84-42AF-8221-4416F83CB4D1} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {6E1DDB6A-0A0F-4CB6-8590-60F908D539FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: {7992CF1F-57C7-464D-AD60-F9AD658DB258} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B340EA14-8C35-43BC-B0E1-9BB6A22B611A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {C47B0E36-3EDC-4486-B2BD-FFC34A1311A3} - System32\Tasks\{0B8197AB-6971-492C-A043-E3EED5F1B14D} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D02C561A-CF82-45CF-9BDC-11B3BAA390B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {D03FF41E-459B-41C2-98D7-7A90CC04FB76} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D65D8DB6-2874-4E9C-81DD-2481E352B261} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D85750D4-27AB-467A-AE4C-28F262A5F065} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-07 19:55 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-10-19 17:49 - 2013-10-19 17:49 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-05-16 22:31 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2013-05-16 22:31 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-05-20 20:24 - 2007-04-10 16:27 - 08365616 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
Name: NVIDIA Enthusiasts Platform KDM
Description: NVIDIA Enthusiasts Platform KDM
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA Corporation
Service: nvoclk64
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2014 04:59:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003a81b
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (05/29/2014 04:59:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ole32.dll6.1.7601.175144ce7b96fc00000050003a81b88c01cf7b4e6caed380C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\ole32.dllda26c800-e741-11e3-8d33-00044b194c38
CodeIntegrity Errors:
===================================
Date: 2013-06-08 20:13:22.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:13:22.776
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.550
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.519
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.614
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.567
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 8190.54 MB
Available physical RAM: 6615.6 MB
Total Pagefile: 16379.26 MB
Available Pagefile: 14657.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System Win7) (Fixed) (Total:232.79 GB) (Free:180.59 GB) NTFS
Drive d: (GermanAbdoerPAL) (CDROM) (Total:3.31 GB) (Free:0 GB) UDF
Drive e: (Daten Win7) (Fixed) (Total:931.39 GB) (Free:496.14 GB) NTFS
Drive f: (Daten XP) (Fixed) (Total:205.54 GB) (Free:141.19 GB) NTFS
Drive g: (System XP) (Fixed) (Total:390.63 GB) (Free:298.71 GB) NTFS
Drive h: (Backup) (Fixed) (Total:465.76 GB) (Free:185.35 GB) NTFS
Drive i: (THEME HOSPITAL BETA FIVE 13-5-9) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DF55BA9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1D2B1D2B)
Partition 1: (Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=206 GB) - (Type=05)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: ECADB5B8)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 0CD20CD2)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
29.05.2014, 16:42
| #6 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Schritt 1: FRST Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {92074f2c-cac6-11e2-98cd-00044b194c38} - I:\autoset.exe
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {dee24a87-e732-11e3-8b3c-00044b194c37} - K:\LaunchU3.exe -a
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin HKCU: ubisoft.com/uplaypc - E:\Spiele\Trials\datapack\orbit\npuplaypc.dll No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
Task: {671B630A-3C84-42AF-8221-4416F83CB4D1} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {3EE517E8-97BE-4446-9416-D2E678C5B3A7} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\Thomas\AppData\Local\Temp\launchie.vbs
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: FRST Scan  Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Schritt 3: ESET ESET Online Scanner
Schritt 4: Frage Wie läuft Dein PC?
__________________ --> Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert |
|
29.05.2014, 17:07
| #7 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiertCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Thomas at 2014-05-29 18:01:52 Run:1
Running from E:\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {92074f2c-cac6-11e2-98cd-00044b194c38} - I:\autoset.exe
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\MountPoints2: {dee24a87-e732-11e3-8b3c-00044b194c37} - K:\LaunchU3.exe -a
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin HKCU: ubisoft.com/uplaypc - E:\Spiele\Trials\datapack\orbit\npuplaypc.dll No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
Task: {671B630A-3C84-42AF-8221-4416F83CB4D1} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {3EE517E8-97BE-4446-9416-D2E678C5B3A7} - System32\Tasks\4801 => Wscript.exe C:\Users\Thomas\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\Thomas\AppData\Local\Temp\launchie.vbs
*****************
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value deleted successfully.
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92074f2c-cac6-11e2-98cd-00044b194c38} => Key deleted successfully.
HKCR\CLSID\{92074f2c-cac6-11e2-98cd-00044b194c38} => Key not found.
HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dee24a87-e732-11e3-8b3c-00044b194c37} => Key deleted successfully.
HKCR\CLSID\{dee24a87-e732-11e3-8b3c-00044b194c37} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc => Key deleted successfully.
E:\Spiele\Trials\datapack\orbit\npuplaypc.dll not found.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{671B630A-3C84-42AF-8221-4416F83CB4D1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{671B630A-3C84-42AF-8221-4416F83CB4D1} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EE517E8-97BE-4446-9416-D2E678C5B3A7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EE517E8-97BE-4446-9416-D2E678C5B3A7} => Key deleted successfully.
C:\Windows\System32\Tasks\4801 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4801 => Key deleted successfully.
"C:\Users\Thomas\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02 Ran by Thomas (administrator) on THOMAS-PC on 29-05-2014 18:02:49 Running from E:\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe (CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-10] (Realtek Semiconductor) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2007-10-11] () HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [599600 2007-06-04] (CyberLink Corporation.) HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-05-20] (Bitleader) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Runonce: [B Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X] HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2050416 2012-07-13] (Palit Microsystems Ltd.) HKU\S-1-5-21-2443172153-1165150917-4237551373-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60231198C81CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Adblock IE - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\..\Interfaces\{02BF2190-F168-4AD9-B746-B245C3C0B0E4}: [NameServer]10.80.14.254 Tcpip\..\Interfaces\{83F675D9-69E6-4ECF-B1BF-829ECB07BF67}: [NameServer]192.168.178.100 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\gm6o2v16.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-01] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-02] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] () R2 MBAMScheduler; E:\sy\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; E:\sy\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] () R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-19] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2014-01-03] (Sony DADC Austria AG.) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-15] (Advanced Micro Devices, Inc.) R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R0 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24824 2007-06-04] (Cyberlink Co.,Ltd.) R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [369912 2007-06-04] (CyberLink Corporation.) S3 CSRBC; C:\Windows\System32\Drivers\csrbcxp.sys [36352 2013-09-15] (CSR, plc) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-02] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\ENG64.SYS [126040 2014-05-10] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140515.021\EX64.SYS [2099288 2014-05-10] (Symantec Corporation) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-02] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [137728 2011-02-25] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [195584 2011-02-25] (VIA Technologies, Inc.) R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [32240 2007-11-05] (Cyberlink Corp.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\ERUNT 2014-05-29 16:42 - 2014-05-29 16:44 - 00000000 ____D () C:\AdwCleaner 2014-05-29 15:12 - 2014-05-29 15:12 - 00290552 _____ () C:\Windows\Minidump\052914-14710-01.dmp 2014-05-29 15:09 - 2014-05-29 15:09 - 00290512 _____ () C:\Windows\Minidump\052914-14492-01.dmp 2014-05-29 15:06 - 2014-05-29 15:12 - 436930731 _____ () C:\Windows\MEMORY.DMP 2014-05-29 15:06 - 2014-05-29 15:12 - 00000000 ____D () C:\Windows\Minidump 2014-05-29 15:06 - 2014-05-29 15:06 - 00290840 _____ () C:\Windows\Minidump\052914-14508-01.dmp 2014-05-29 14:59 - 2014-05-29 18:02 - 00000000 ____D () C:\FRST 2014-05-27 23:48 - 2014-05-29 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 23:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-27 23:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-27 23:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-27 23:14 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-05-27 23:14 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini 2014-05-27 07:07 - 2014-05-27 07:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-27 06:56 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-27 06:56 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-27 06:56 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-27 06:56 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-27 06:56 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-27 06:56 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-27 06:54 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-27 06:54 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-27 06:54 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-27 06:54 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-27 06:54 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-27 06:54 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-27 06:54 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-27 06:54 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-27 06:54 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-27 06:54 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-27 06:54 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-27 06:54 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-27 06:54 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-27 06:54 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-27 06:54 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-27 06:54 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-27 06:54 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-27 06:54 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-27 06:54 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-27 06:54 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-27 06:54 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log 2014-05-26 23:38 - 2014-05-27 23:31 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-26 23:02 - 2014-05-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software 2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat 2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool 2014-05-26 22:46 - 2014-05-26 23:20 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool 2014-05-25 22:22 - 2014-05-25 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH 2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox 2014-05-25 01:14 - 2014-05-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software 2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups 2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-02 23:01 - 2014-05-26 23:26 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-01 22:48 - 2014-05-02 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 23:07 - 2014-05-27 06:56 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-29 18:02 - 2014-05-29 14:59 - 00000000 ____D () C:\FRST 2014-05-29 18:00 - 2013-06-08 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-29 17:18 - 2014-05-27 23:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-29 17:11 - 2011-04-12 09:43 - 00702916 _____ () C:\Windows\system32\perfh007.dat 2014-05-29 17:11 - 2011-04-12 09:43 - 00150574 _____ () C:\Windows\system32\perfc007.dat 2014-05-29 17:11 - 2009-07-14 07:13 - 01629210 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-29 17:11 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-29 17:11 - 2009-07-14 06:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-29 17:07 - 2013-03-07 19:44 - 01378328 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 17:05 - 2013-06-16 20:33 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps 2014-05-29 17:04 - 2014-01-03 16:08 - 00037390 _____ () C:\Windows\setupact.log 2014-05-29 17:04 - 2013-06-08 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-29 17:04 - 2013-05-20 20:26 - 00000367 _____ () C:\Windows\lgfwup.ini 2014-05-29 17:04 - 2013-05-20 20:26 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2014-05-29 17:04 - 2013-05-20 20:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Hi-Def Suite 2014-05-29 17:04 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-05-29 17:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-29 16:52 - 2014-05-29 16:52 - 00000000 ____D () C:\Windows\ERUNT 2014-05-29 16:45 - 2014-01-03 15:59 - 00023718 _____ () C:\Windows\PFRO.log 2014-05-29 16:44 - 2014-05-29 16:42 - 00000000 ____D () C:\AdwCleaner 2014-05-29 16:29 - 2013-03-07 19:44 - 00000000 ____D () C:\Users\Thomas 2014-05-29 15:12 - 2014-05-29 15:12 - 00290552 _____ () C:\Windows\Minidump\052914-14710-01.dmp 2014-05-29 15:12 - 2014-05-29 15:06 - 436930731 _____ () C:\Windows\MEMORY.DMP 2014-05-29 15:12 - 2014-05-29 15:06 - 00000000 ____D () C:\Windows\Minidump 2014-05-29 15:12 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-05-29 15:09 - 2014-05-29 15:09 - 00290512 _____ () C:\Windows\Minidump\052914-14492-01.dmp 2014-05-29 15:06 - 2014-05-29 15:06 - 00290840 _____ () C:\Windows\Minidump\052914-14508-01.dmp 2014-05-28 00:41 - 2013-05-20 22:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc 2014-05-27 23:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-27 23:48 - 2014-05-26 23:02 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-05-27 23:47 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-27 23:47 - 2014-01-18 00:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-27 23:31 - 2014-05-26 23:38 - 00003604 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-05-27 07:11 - 2014-05-27 07:11 - 00000068 _____ () C:\Windows\wininit.ini 2014-05-27 07:11 - 2014-05-27 07:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-27 07:07 - 2014-05-27 07:07 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-27 06:57 - 2014-03-21 20:14 - 00000000 ___RD () C:\Users\Thomas\Eigene Bilder 2014-05-27 06:57 - 2013-04-28 10:12 - 00000754 __RSH () C:\Users\Thomas\ntuser.pol 2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-27 06:57 - 2013-03-07 19:44 - 00000000 ___RD () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-27 06:56 - 2014-04-30 23:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-27 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-27 06:55 - 2013-07-11 20:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-27 06:55 - 2013-03-08 15:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-27 06:48 - 2014-05-27 06:48 - 00000461 _____ () C:\aaw7boot.log 2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-05-26 23:26 - 2014-05-02 23:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security 2014-05-26 23:26 - 2013-06-01 16:35 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2014-05-26 23:26 - 2013-04-27 21:29 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64 2014-05-26 23:26 - 2013-04-27 21:12 - 00000000 ____D () C:\ProgramData\Norton 2014-05-26 23:26 - 2013-03-07 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-05-26 23:26 - 2013-03-07 19:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-05-26 23:26 - 2013-03-07 19:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-05-26 23:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-05-26 23:25 - 2013-12-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-26 23:25 - 2013-06-01 16:06 - 00000000 ____D () C:\ProgramData\Real 2014-05-26 23:25 - 2013-03-15 20:45 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA Corporation 2014-05-26 23:25 - 2013-03-07 19:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alin 1 Convert Removal Tool 2014-05-26 23:20 - 2014-05-26 22:46 - 00000000 ____D () C:\Program Files (x86)\Alin 1 Convert Removal Tool 2014-05-26 23:20 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-05-26 23:02 - 2014-05-26 23:02 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Sunbelt Software 2014-05-26 22:53 - 2014-05-25 01:14 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-26 22:50 - 2014-05-26 22:50 - 00000000 _____ () C:\autoexec.bat 2014-05-25 22:35 - 2013-05-31 22:24 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\UseNeXT 2014-05-25 22:24 - 2014-05-25 22:22 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\CorsixTH 2014-05-25 01:27 - 2014-05-25 01:27 - 00000000 ____D () C:\Users\Thomas\AppData\Local\DOSBox 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Opera Software 2014-05-25 01:14 - 2014-05-25 01:14 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Opera Software 2014-05-16 23:39 - 2013-03-09 15:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-16 23:39 - 2013-03-09 15:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-15 19:55 - 2013-03-09 15:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-12 07:26 - 2014-05-27 23:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-27 23:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-27 23:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-10 16:55 - 2013-06-08 19:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 16:55 - 2013-06-08 19:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-09 08:14 - 2014-05-27 06:54 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-27 06:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 23:06 - 2013-06-01 16:36 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite 2014-05-06 06:40 - 2014-05-27 06:56 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-27 06:56 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-27 06:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-27 06:56 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-27 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-05 21:52 - 2013-06-14 23:42 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-05-04 15:15 - 2014-05-04 15:15 - 00000000 ____D () C:\Users\Thomas\Documents\Norton Identity Safe-Backups 2014-05-04 15:09 - 2013-09-14 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-05-04 15:09 - 2013-05-20 21:40 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-05-04 15:09 - 2013-05-20 21:38 - 00000000 ____D () C:\ProgramData\DivX 2014-05-03 16:12 - 2013-04-28 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-02 23:01 - 2013-04-27 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-05-02 23:01 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2014-05-02 22:47 - 2013-04-27 21:29 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2014-05-02 22:47 - 2013-04-27 21:29 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2014-05-02 22:47 - 2013-04-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security 2014-05-02 22:17 - 2013-04-27 21:12 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-05-02 21:21 - 2014-05-01 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-30 20:29 - 2014-01-12 02:12 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-04-30 20:29 - 2014-01-12 02:12 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-25 14:30 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Thomas at 2014-05-29 18:03:06
Running from E:\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Command & Conquer Die ersten 10 Jahre (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}) (Version: 1.00.0000 - Electronic Arts)
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
dBpowerAMP Music Converter (HKLM-x32\...\dBpowerAMP Music Converter) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hi-Def Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1603 - CyberLink Corporation)
ID3-TagIT 3 (HKLM-x32\...\ID3-TagIT 3_is1) (Version: 3 - Michael Pluemper)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LiveReg (Symantec Corporation) (HKLM-x32\...\LiveReg) (Version: 2.2.0.1621 - Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 1.80.19.0 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Power2Go 5.0 (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.3516b.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Thunder Master v1.4 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 1.4.0.0 - Palit Microsystems Ltd.)
Unreal Tournament 2003 (HKLM-x32\...\UT2003) (Version: - )
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {010966FF-AC4D-4A45-B287-341F9FD4986D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {48C74235-7685-4C17-83E8-7066208E7C75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49245E44-C88A-4354-A9BB-AA3AE81DA7A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4EA68CE3-9D36-4B66-8943-1262343FEFBE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6E1DDB6A-0A0F-4CB6-8590-60F908D539FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: {7992CF1F-57C7-464D-AD60-F9AD658DB258} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2443172153-1165150917-4237551373-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B340EA14-8C35-43BC-B0E1-9BB6A22B611A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {C47B0E36-3EDC-4486-B2BD-FFC34A1311A3} - System32\Tasks\{0B8197AB-6971-492C-A043-E3EED5F1B14D} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {D02C561A-CF82-45CF-9BDC-11B3BAA390B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {D03FF41E-459B-41C2-98D7-7A90CC04FB76} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D65D8DB6-2874-4E9C-81DD-2481E352B261} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D85750D4-27AB-467A-AE4C-28F262A5F065} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-03-07 19:55 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-10-19 17:49 - 2013-10-19 17:49 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-05-16 22:31 - 2010-01-21 01:53 - 00496232 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2013-05-16 22:31 - 2010-01-21 01:52 - 00076392 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00731752 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2013-05-16 22:31 - 2010-01-21 01:53 - 00209000 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-05-20 20:24 - 2007-04-10 16:27 - 08365616 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
Name: NVIDIA Enthusiasts Platform KDM
Description: NVIDIA Enthusiasts Platform KDM
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA Corporation
Service: nvoclk64
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2014 05:05:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GFExperience.exe, Version: 12.4.67.0, Zeitstempel: 0x535faf22
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xGFExperience.exe0
Pfad der fehlerhaften Anwendung: GFExperience.exe1
Pfad des fehlerhaften Moduls: GFExperience.exe2
Berichtskennung: GFExperience.exe3
Error: (05/29/2014 05:05:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
bei System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
bei System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass9`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__6()
bei System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+PeriodicTimer.Tick(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (05/29/2014 05:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2014 04:59:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003a81b
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
System errors:
=============
Error: (05/29/2014 05:04:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP
Error: (05/29/2014 05:04:07 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Microsoft Office Sessions:
=========================
Error: (05/29/2014 05:05:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GFExperience.exe12.4.67.0535faf22KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42da6801cf7b4f5aabad38C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exeC:\Windows\syswow64\KERNELBASE.dll9e7c7c18-e742-11e3-8739-00044b194c38
Error: (05/29/2014 05:05:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: GFExperience.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentOutOfRangeException
Stapel:
bei System.Reactive.Concurrency.AsyncLock.Wait(System.Action)
bei System.Reactive.Concurrency.DefaultScheduler+<>c__DisplayClass9`1[[System.Int64, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<SchedulePeriodic>b__6()
bei System.Reactive.Concurrency.ConcurrencyAbstractionLayerImpl+PeriodicTimer.Tick(System.Object)
bei System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
bei System.Threading.TimerQueue.AppDomainTimerCallback()
Error: (05/29/2014 05:04:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2014 04:59:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4ole32.dll6.1.7601.175144ce7b96fc00000050003a81b88c01cf7b4e6caed380C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\ole32.dllda26c800-e741-11e3-8d33-00044b194c38
CodeIntegrity Errors:
===================================
Date: 2013-06-08 20:13:22.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:13:22.776
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.550
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:12:57.519
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.614
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-08 20:10:41.567
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Symantec\Norton Ghost 2003\GhPciScan.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 8190.54 MB
Available physical RAM: 6401.56 MB
Total Pagefile: 16379.26 MB
Available Pagefile: 14451.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (System Win7) (Fixed) (Total:232.79 GB) (Free:180.69 GB) NTFS
Drive d: (GermanAbdoerPAL) (CDROM) (Total:3.31 GB) (Free:0 GB) UDF
Drive e: (Daten Win7) (Fixed) (Total:931.39 GB) (Free:496.13 GB) NTFS
Drive f: (Daten XP) (Fixed) (Total:205.54 GB) (Free:141.19 GB) NTFS
Drive g: (System XP) (Fixed) (Total:390.63 GB) (Free:298.71 GB) NTFS
Drive h: (Backup) (Fixed) (Total:465.76 GB) (Free:185.35 GB) NTFS
Drive i: (THEME HOSPITAL BETA FIVE 13-5-9) (CDROM) (Total:0.2 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: DF55BA9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 1D2B1D2B)
Partition 1: (Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=206 GB) - (Type=05)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: ECADB5B8)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 0CD20CD2)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Die Suchmaschine "V9" ist zumindest verschwunden. Mein NIS kann ich nach wie vor nicht öffnen, dann kommt folgende Fehlermeldung: C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\uistub.exe Unbekannter Fehler Geändert von TomTom007 (29.05.2014 um 17:14 Uhr) Grund: PC-Zustand NIS |
|
29.05.2014, 17:30
| #8 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Die Ports sehe ich im OTL Log dann, das Norton Problem fixen wir später. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Code:
ATTFilter netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
__________________ Proud member of Unite |
|
29.05.2014, 19:58
| #9 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Zwischenzeitlich habe ich einen Norton-Fix getestet und das Programm neu installiert. Das Problem ist mittlerweile behoben, auch die Updates funktionieren wieder einwandfrei. Den ESET Online-Scanner konnte ich jetzt auch verwenden. Soll ich trotzdem noch den OTL installieren?? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=6f4ec5cb449cfa43baba287a558cf516
# engine=18465
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-29 06:51:09
# local_time=2014-05-29 08:51:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 7632 163986054 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2497445 153019319 0 0
# scanned=276147
# found=10
# cleaned=0
# scan_time=3701
sh=C2FE3FC1177FC01BC08633BAEC0D8E919EF46E5C ft=1 fh=b75e8d5d7f315ca3 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\Codec SoftonicDownloader39076.exe"
sh=B22621B2E760AEB8EE8DC609D4BEB5476D4BDAA2 ft=1 fh=92f0fff0bbfcb40b vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\FormatFactory 2.60.exe"
sh=9400A4130F2D47B51F9B1F2D18A4A56BC7A624F5 ft=1 fh=170569123b5960e6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\FreeStudio.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\FreeYouTubeToMP3Converter.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\PDFCreator-1_6_2_setup.exe"
sh=C00FC322B2FF77C60E331A650EF9B2659F6F2650 ft=1 fh=36ca6a25888216c8 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\YouTubeDownload.exe"
sh=600771D2910928E3CEFE3B24E8F97C8DB4CF326C ft=1 fh=8a8ff7b6c3c6013d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Setups + Updates\YouTubeToMp3Converter33.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=4FF97B281BC64D991DD01DAD2A67C5F0831535DB ft=1 fh=048fe3b80b0ef2b0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB\DVDVideoSoft.exe"
sh=359D977D432E4F90FE627B2717144AE873990AC4 ft=1 fh=63c7b0ee3e7f229d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Gemeinsame Dateien\DVDVideoSoft\TB\DVDVideoSoftTB.exe"
|
|
29.05.2014, 20:37
| #10 | |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Hallo, Zitat:
nach meiner Erkenntnis, ist Dein PC soweit sauber.  Die Reihenfolge ist hier entscheidend.
Falls Du mir Feedback geben willst, kannst Du es hier gerne tun: Lob, Kritik und Wünsche - Trojaner-Board Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Sicheres Browsen
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ Proud member of Unite |
|
29.05.2014, 21:18
| #11 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Hast natürlich recht, selbst wenn die Dateien oder das System nicht mehr in Verwendung ist... Hab die Dateien gelöscht  Ansonsten scheint mein PC wieder einwandfrei zu funktionieren. Herzlichen Dank für die Unterstützung und das alles innerhalb eines Tages, WAHNSINN!!  Hätte ich ehrlich gesagt nicht erwartet ;-) Eine Spende ist ebenfalls unterwegs! Dann will ich mal hoffen, dass ich dieses Forum nie mehr benutzen muss (im positiven Sinne  ) und falls doch, weiß ich, dass ich hier eine freundliche und kompetente Hilfe erwarten kann. |
|
29.05.2014, 21:35
| #12 |
| | Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert Gern geschehen.  Vielen Dank für die Spende, das ist der Hammer.Ich werde diese Thema aus meiner Aufsichtsliste streichen, da ich dieses Thema als gelöst ansehe, d.h. ich bekomme keine Notifikationen mehr, wenn Du antwortest. Falls Du doch weitere Hilfe benötigst, reicht es mir eine PM zu schreiben.
__________________ Proud member of Unite |
|
| Themen zu Windows 7: Allin1 Converter / Suchmaschine V9 statt Google / Updateports blockiert |
| ad-aware, association, blockiert, bluescreen, c:\windows\system32\roboot64.exe, canon, converter, flash player, msiexec.exe, performance, pup.optional.conduit.a, pup.optional.iepluginservice.a, pup.optional.pcperformer.a, pup.optional.v9.a, quick_start, required, scan, services.exe, software, spyhunter, spyhunter entfernen, suchmaschine, svchost.exe, symantec, system, thomas, win32/installmonetizer.aq, win32/softonicdownloader.a, win32/toolbar.conduit, win32/toolbar.conduit.b, wscript.exe |
Linear-Darstellung
