Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2013, 14:32   #1
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Böse

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Hallo Leute,

aus irgendeinem Grund werde ich dauern bei Facebook und anderen Internetseiten mit Werbung zugespamt wo unten dran steh ! ads not from this website ! kann mir da vllt jemand weiterhelfen ? lg Lovas

Alt 30.07.2013, 14:45   #2
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 30.07.2013, 18:07   #3
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/30/2013 6:54:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11.98 Gb Total Physical Memory | 10.08 Gb Available Physical Memory | 84.12% Memory free
23.96 Gb Paging File | 22.00 Gb Available in Paging File | 91.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.54 Gb Total Space | 719.99 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
Drive D: | 12.87 Gb Total Space | 1.58 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
 
Computer Name: MARV-HP | User Name: Marv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CAE4279-75BB-45A0-9E03-3CF0D7957B96}" = rport=445 | protocol=6 | dir=out | app=system | 
"{11019523-E7DA-45E9-8332-AD3876F8E667}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F6C35E5-1789-4661-9F4A-5495334A03C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B0B45B4-51FF-43E1-96FC-7C113930AEB8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{757DCE1E-CD52-4952-AB49-8385DBE44F36}" = lport=445 | protocol=6 | dir=in | app=system | 
"{953FB6EF-ABBD-4388-B3D8-43665040E388}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B1D98B58-2281-4459-94F8-4E670811847A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{CB43B9A6-F9C3-477F-98F2-B165DD23E91B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D0D41F9C-06DD-4102-A623-94A542ED031E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8D06593-01C4-4F82-9D8F-E89E46A4BC75}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E0A7860C-F34C-43A2-AA5A-B70006D89BC0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E8FA9EB2-022F-44A6-A564-7CA7980F66CE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F97841AE-C7D2-4A43-82CC-1A8530F348C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FBDB89E4-40C7-4A31-A8AC-E1E4C512CF7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068B2735-3648-4CB7-B792-C2A8F5BA6523}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{0D2B6875-03F0-4621-B4EE-AC4747C9C06E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{0E62BDDF-E865-498A-9DFA-051016E6D0EF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{11E3B4C2-C1BD-458F-877C-58EEC7F9EC5C}" = protocol=6 | dir=in | app=c:\wow\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{18190964-8B5C-4890-9D33-B1518AA4ABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{1886EC46-F36E-4A83-83FD-51B8B3275E51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{1E2DE15C-B5B9-4259-A765-F5565B6A9DB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"{2118F8A4-B7B4-4AAD-94B7-EA2D3FBFE557}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{22143931-9F95-49D1-928B-214873FF896F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{26EAFF00-CF4F-4471-9225-D994E1336CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{291F1DC8-6763-45A7-9F5B-F6FEC220FCF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2ADB7579-90AD-4516-B62E-C8D06E7DE584}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{2F44B827-EC06-4AA1-9F29-2EC177906FBA}" = protocol=17 | dir=in | app=c:\wow\world of warcraft\launcher.exe | 
"{2F86CE25-F95E-49B8-8D90-EBC45CFBE8EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{2FFC5521-5BA8-4921-BD1D-C55341248FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 
"{320BF026-AE7E-4414-BB65-950F361E1BF0}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{3360EC3E-26BD-4AB9-83E3-307D38184D3C}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{364FDB61-0CD5-4173-AB84-CF62C1A3ECA4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{37EAA671-00C2-459F-B333-2AA785AF2A9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{3BD77D48-ECB3-44A8-A09A-C36AE4263B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | 
"{3DEC0DB3-98EB-4976-AF3D-BA78092103B4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{42F0B067-FACD-43A5-9956-C70484EC1B9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{430A9297-253B-44D7-BAED-C377E965C2AC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4329D1D1-76C1-48E2-91EA-44667B964830}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{4467EB55-62F9-4177-8F69-9A33DFB97CD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{51532817-4813-4401-B1C9-3BAE2AC61C23}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{57EB6DFD-B6F1-4AF3-AB1B-F7F9C006460B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{59A9275E-936D-45CE-90A5-8E11BD80E773}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{5ADF9FE0-7327-4452-984E-1DA10A7C3BE1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{5BF02FEC-F1F2-4133-88B5-DC29B75294C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{5DBB7125-8764-447E-AA23-1819AF845571}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5E64954A-8618-4B57-9DBF-FFEB1ADE8AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{6264DD81-43B0-4E8E-9FF0-AF8FFD49E97C}" = protocol=58 | dir=in | app=system | 
"{6330C1B9-7D04-44D3-B302-32E92C0101E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{64AFB837-4115-4911-BC63-ECD94ABE5827}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{652B320E-BB4B-40B8-9033-21E2643CB6A0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{65E8DF57-E73E-4979-A1D1-DBBB2E3D5969}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6A3315D2-8E8D-4E9D-8612-C049E5F28B32}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{6B481B71-E17D-4B15-BD52-1E0E73176090}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dwarfs - f2p\dwarfs.exe | 
"{6BB79193-E289-4FB8-A24C-8094759C8067}" = protocol=17 | dir=in | app=c:\wow\world of warcraft\launcher.patch.exe | 
"{6BE8619F-AC7A-49E0-A1EA-2FA7E6CCACE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{6E5E98E0-C467-409E-863F-146A5CA7A480}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{710C3E00-4F17-4DFC-A2C2-51A8CFB22FDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{7264ACBC-B5CD-4F48-9CBC-28828CA64E71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"{72D17936-DF7A-46C2-BDAA-C2C3470A172B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{739F0343-6D92-4CBD-9CB3-464983A9A7A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{7772C83F-0698-464B-9592-8DB1F3CECEA8}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{8019A9CD-A065-42F5-A768-7E59771C2F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{83043335-4F4F-4966-A323-4F5F36930E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{852E2E67-7327-48CF-8D7E-09E086E23DCA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{859AF957-3DD7-48CD-87E3-3FB0021848F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe | 
"{8B3804AD-C1D7-40FF-8956-7FF965A3AB21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8C22B513-1779-4F4A-A11F-F3921D2DFC4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{8D1E4338-C2C7-4D6C-8381-5E26A4DB43F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{901BC7D7-73C5-408D-806D-17CD5F9BBA3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{919F6CF4-CCD1-45CD-9563-CE30102A1B50}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{97429FDB-479B-4982-901B-BD2D83A0AA0D}" = protocol=17 | dir=in | app=c:\wow\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{980A80CA-0C66-4815-AF35-940CDC32FD7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{98A0AE80-3DE0-4DBF-8D88-E79D09935419}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{98FD8012-4342-40BA-85EE-CD397E43288A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{9A46B132-22C6-4252-8DAD-31083D4F4F06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{9A9C8E57-0511-4C6C-AEF7-B78E64939838}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9C988C9D-8DCA-4A1B-9897-45FB10D27A60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{9E266393-8CDF-4C91-A8A5-E52D003AAEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{A39D9A38-62B2-461F-B412-626BEF0B2858}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A9180AF7-934F-487A-A9D3-F69D4F6A5FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{AADE1DFD-F71E-42C8-8746-EA707CF7B82D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | 
"{AD1AAD93-F40A-4851-8E36-DF0F762A1D7B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BEDEEDC1-4DEA-4031-A21E-5B5B4F613205}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{BF6815CD-9690-46E7-9A30-724465EEA21C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{C03C25AF-22C3-4179-8D19-EF53CAD8008C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0583D36-55F2-4218-9A0D-C95187B7E905}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 
"{C7219BA3-A38C-4E5A-B4A0-F66F821701F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{C7802FA5-461E-4154-9CB8-4EBFD17E0061}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{CBAF4B47-DD74-44F1-B571-5880CD92D526}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{CC82384E-4C88-47E6-A021-68DB024BAE6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{D1345674-D8C0-4B9D-8E44-0A4B965B38C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{D2A636D1-5C4E-4091-BA6B-9D73FBEB3AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D4F820FA-96AB-448E-9B9E-BF8B1A8ADB31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{D6349DDB-51C0-48D8-9133-76845C329D28}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{DB0FD686-E85D-4587-93D2-377320593947}" = protocol=6 | dir=in | app=c:\wow\world of warcraft\launcher.patch.exe | 
"{DD701F4F-61FD-4333-8B08-81B559005407}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{DEC9A0D2-55BD-4251-87EF-BE1FDEADDCA8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{E2ECCFAC-547A-4C24-BF94-188192F9D99A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | 
"{E502A41C-F824-4FC0-90E3-0FE219659F36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{E785CD61-349A-4331-AB2B-62F361611DEC}" = dir=in | app=c:\users\marv\documents\the war z\warz.exe | 
"{E79A49EA-F165-475D-82B6-3B83FB5D5BE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{E978C1B8-31DD-493D-8891-3C9395C45A53}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F2921749-87D6-4EFE-93DD-8C908833B1E4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F34EEF90-10E0-4953-A0DF-6D7832D00DE2}" = protocol=6 | dir=in | app=c:\wow\world of warcraft\launcher.exe | 
"{F3C7D3BC-653A-4B50-8832-244560A30B59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F96A5D42-D147-4B13-8E95-B0CC37C1F597}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{FB545546-6265-42D8-8676-4F83F0F42E8E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"TCP Query User{319F7A39-6B15-4DCF-9A92-CA4C61E97AF3}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{3DCFEE93-876B-4A76-9B68-DD8A631291F6}C:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"TCP Query User{5EA6786A-9FF7-4922-84C0-001F47A493E1}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{7C861EBA-AEC4-47C5-872A-D9FCE66F9E8B}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"TCP Query User{9043395D-D953-464D-ACD4-1B0554BDA4CA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{16D983D1-6BDB-4024-BE75-E1B9B09C32C8}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe | 
"UDP Query User{6FE88EAA-671A-44CC-A393-40216524C4F0}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{AC705F28-CED4-488D-BE64-5B137CB51AF8}C:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"UDP Query User{B8B30E5F-C18A-468C-9529-F28AB8E2A162}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{EAC16B51-E598-42D1-9A31-CAB94A6EE812}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D8A22D8A-0883-484B-92FA-765C5237EC6A}" = Free Driver Scout
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.64.0
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.7
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36e136d1-209a-4733-9b4e-bcfa2797265a}" = Free Driver Scout
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}" = Alcor Micro USB Card Reader Driver 
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2013 Home Edition
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Desura" = Desura
"Desura_87986700025888" = Desura: Paranautical Activity
"Diablo III" = Diablo III
"FoxyDeal" = FoxyDeal
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{838DA1F1-23F8-4C70-B190-AC51CB5A5ECD}" = Alcor Micro USB Card Reader Driver 
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Lyrics@LyricsContainer.co" = LyricsContainer
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"Plus-HD-2.4" = Plus-HD-2.4
"PunkBusterSvc" = PunkBuster Services
"Steam App 105600" = Terraria
"Steam App 108710" = Alan Wake
"Steam App 113200" = The Binding of Isaac
"Steam App 1250" = Killing Floor
"Steam App 201790" = Orcs Must Die! 2
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 204360" = Castle Crashers
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 213650" = Dwarfs F2P
"Steam App 218230" = PlanetSide 2
"Steam App 240" = Counter-Strike: Source
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 730" = Counter-Strike: Global Offensive
"VIP Access SDK" = VIP Access SDK (1.0.1.4) 
"Windows Utils" = Windows Utils
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/15/2013 2:16:58 AM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 7/15/2013 2:17:28 AM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 7/15/2013 3:46:21 AM | Computer Name = Marv-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x51e051dd  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x150c  Startzeit der fehlerhaften Anwendung: 0x01ce81289590b025  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steamapps\common\PlanetSide
 2\PlanetSide2.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung:
 a3dda731-ed22-11e2-8438-3860778fe279
 
Error - 7/15/2013 1:31:10 PM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 7/15/2013 1:31:40 PM | Computer Name = Marv-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 7/15/2013 2:01:30 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a485  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x890  Startzeit der fehlerhaften Anwendung: 0x01ce8182604dbbcd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 931715c4-ed78-11e2-ab8a-3860778fe279
 
Error - 7/15/2013 2:01:35 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a485  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x11fc  Startzeit der fehlerhaften Anwendung: 0x01ce81855798ae07  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 95ee5c4a-ed78-11e2-ab8a-3860778fe279
 
Error - 7/15/2013 2:02:04 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a485  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1ac0  Startzeit der fehlerhaften Anwendung: 0x01ce8185693db13b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a73893fa-ed78-11e2-ab8a-3860778fe279
 
Error - 7/15/2013 2:04:48 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a485  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x750  Startzeit der fehlerhaften Anwendung: 0x01ce8185ca00daa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 091a02d0-ed79-11e2-ab8a-3860778fe279
 
Error - 7/15/2013 2:14:14 PM | Computer Name = Marv-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
 Zeitstempel: 0x4ce7a485  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x18d0  Startzeit der fehlerhaften Anwendung: 0x01ce818718e96ab3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 5a59ab09-ed7a-11e2-ab8a-3860778fe279
 
[ Hewlett-Packard Events ]
Error - 4/2/2013 1:49:31 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 4/2/2013 1:51:44 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 4/2/2013 1:52:28 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 4/2/2013 1:53:18 PM | Computer Name = Marv-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ System Events ]
Error - 7/5/2013 10:53:25 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 7/5/2013 10:53:29 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 7/5/2013 10:53:29 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 7/8/2013 12:06:52 PM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 7/10/2013 2:29:33 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 7/10/2013 2:29:33 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 7/10/2013 6:49:32 AM | Computer Name = Marv-HP | Source = BROWSER | ID = 8032
Description = 
 
Error - 7/10/2013 11:52:42 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 7/10/2013 11:52:42 AM | Computer Name = Marv-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 7/11/2013 1:21:20 PM | Computer Name = Marv-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
 
 
< End of report >
         
--- --- ---
__________________

Alt 30.07.2013, 18:09   #4
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/30/2013 6:54:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11.98 Gb Total Physical Memory | 10.08 Gb Available Physical Memory | 84.12% Memory free
23.96 Gb Paging File | 22.00 Gb Available in Paging File | 91.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.54 Gb Total Space | 719.99 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
Drive D: | 12.87 Gb Total Space | 1.58 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
 
Computer Name: MARV-HP | User Name: Marv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/30 18:53:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Downloads\OTL.exe
PRC - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/07/27 15:16:24 | 000,709,120 | ---- | M] (Windows Net) -- C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe
PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/06/09 15:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 15:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/04/24 20:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 12:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/07/27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/12 18:26:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/04 15:05:06 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/09 09:26:12 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/05/23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/17 17:27:56 | 000,040,696 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013/05/16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/09 04:23:38 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/05/07 16:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/04/25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/24 12:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/10 11:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/03/29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/04/24 20:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/31 11:01:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/31 10:39:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/31 10:39:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/21 01:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 01:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/04/27 19:43:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2009/11/24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/20 11:03:16 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/07/29 11:59:12 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\ex64.sys -- (NAVEX15)
DRV - [2013/07/29 11:59:12 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\eng64.sys -- (NAVENG)
DRV - [2013/07/08 11:16:31 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/07/08 11:16:31 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/06 04:18:50 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130727.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/07/02 03:01:42 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F410269C-CFC8-4744-971B-DF17D3FD835C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/07/30 18:50:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/07/08 17:52:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\125.xpi
 
[2013/04/16 19:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions
[2013/07/29 21:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions
[2013/07/29 21:51:25 | 000,000,000 | ---D | M] ("Plus-HD-2.4") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
[2013/07/29 21:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\staged
[2013/07/29 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com\chrome\content\extensionCode
[2013/06/22 10:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/17 14:14:37 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marv\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Google-Suche = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Plus-HD-2.4) - {11111111-1111-1111-1111-110311341134} - C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-bho.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001B9B5E-958A-4C68-A5E8-F264E017B527}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACF081F-C756-495C-B1C9-4F590E714AB7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/30 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor™ Warfighter
[2013/07/30 15:24:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/07/30 00:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/07/30 00:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/07/30 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/07/30 00:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/07/30 00:40:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/30 00:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/30 00:38:04 | 000,033,008 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2013/07/30 00:34:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\WinBatch
[2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmUStor
[2013/07/30 00:31:14 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/07/30 00:31:06 | 000,000,000 | ---D | C] -- C:\Intel
[2013/07/30 00:31:01 | 000,000,000 | ---D | C] -- C:\temp
[2013/07/29 21:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2013/07/29 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW 2013 Home Edition
[2013/07/29 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Programs
[2013/07/29 21:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013/07/29 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Windows Net Data
[2013/07/29 21:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal
[2013/07/29 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Freemium Driver Utilities
[2013/07/29 21:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDriverScout
[2013/07/29 21:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
[2013/07/29 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013/07/29 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Covus Freemium
[2013/07/29 21:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/07/29 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\DownloadGuide
[2013/07/29 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Shiner
[2013/07/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Robot Entertainment
[2013/07/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Robot Entertainment
[2013/07/28 15:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits Magic Desktop for HP
[2013/07/17 23:06:47 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Remedy
[2013/07/16 20:14:22 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Dwarfs
[2013/07/16 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\vlc
[2013/07/16 19:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/15 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2013/07/15 20:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/07/15 20:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/07/09 09:24:40 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys
[2013/07/09 09:24:39 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys
[2013/07/09 09:24:39 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys
[2013/07/09 09:24:39 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys
[2013/07/09 09:24:39 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys
[2013/07/09 09:24:39 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys
[2013/07/09 09:24:39 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys
[2013/07/09 09:24:39 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys
[2013/07/09 09:24:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1404000.028
[2013/07/08 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/08 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Conduit
[2013/07/08 17:52:12 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/08 17:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/07/08 17:51:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/07/08 17:51:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/07/08 17:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/07/08 17:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Origin
[2013/07/04 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Origin
[2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/07/04 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/07/04 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\SCE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/30 18:54:57 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:54:57 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:47:49 | 000,001,830 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-firefoxinstaller.job
[2013/07/30 18:47:49 | 000,001,286 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-updater.job
[2013/07/30 18:47:46 | 000,001,198 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-codedownloader.job
[2013/07/30 18:47:46 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-enabler.job
[2013/07/30 18:47:43 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/30 18:47:40 | 000,001,906 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.4-chromeinstaller.job
[2013/07/30 18:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/30 18:47:26 | 1058,258,942 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/30 15:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/30 15:24:20 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk
[2013/07/30 15:24:00 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/30 15:23:52 | 000,281,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/07/30 14:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job
[2013/07/30 11:59:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job
[2013/07/30 11:16:46 | 001,819,324 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/30 00:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013/07/30 00:43:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2013/07/30 00:39:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/29 21:53:34 | 000,001,033 | ---- | M] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk
[2013/07/29 21:51:56 | 000,001,942 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
[2013/07/29 21:50:24 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk
[2013/07/29 21:19:32 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarv.job
[2013/07/29 12:27:07 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url
[2013/07/17 14:33:02 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Alan Wake.url
[2013/07/17 14:32:21 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Terraria.url
[2013/07/17 14:32:18 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url
[2013/07/17 14:32:14 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\PlanetSide 2.url
[2013/07/17 14:32:11 | 000,000,220 | ---- | M] () -- C:\Users\Marv\Desktop\Killing Floor.url
[2013/07/17 14:32:06 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url
[2013/07/17 14:32:03 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url
[2013/07/17 14:32:00 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Castle Crashers.url
[2013/07/17 14:31:57 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url
[2013/07/17 14:31:53 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2013/07/17 14:31:49 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Borderlands 2.url
[2013/07/17 10:36:07 | 000,510,899 | ---- | M] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe
[2013/07/13 12:02:07 | 000,002,366 | ---- | M] () -- C:\Users\Marv\Desktop\Google Chrome.lnk
[2013/07/11 19:39:26 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 19:39:26 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/11 19:39:26 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 19:39:26 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/11 19:39:26 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/10 17:51:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 08:18:26 | 000,001,100 | ---- | M] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk
[2013/07/09 22:01:16 | 000,000,462 | ---- | M] () -- C:\Users\Marv\Desktop\HouseTime.asx
[2013/07/09 22:00:25 | 000,000,470 | ---- | M] () -- C:\Users\Marv\Desktop\TechnoBase.asx
[2013/07/09 19:25:19 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/07/09 09:26:12 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/09 09:26:12 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/09 09:26:12 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/08 17:54:59 | 000,000,009 | ---- | M] () -- C:\END
[2013/07/08 17:50:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/04 15:24:08 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/07/02 03:03:16 | 001,590,994 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/01 21:18:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARV-HP$.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/30 15:24:19 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk
[2013/07/30 00:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013/07/30 00:43:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2013/07/30 00:39:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/29 21:53:34 | 000,001,033 | ---- | C] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk
[2013/07/29 21:51:56 | 000,001,942 | ---- | C] () -- C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
[2013/07/29 21:51:45 | 000,001,286 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-updater.job
[2013/07/29 21:51:41 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-enabler.job
[2013/07/29 21:51:38 | 000,001,198 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-codedownloader.job
[2013/07/29 21:51:22 | 000,001,830 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-firefoxinstaller.job
[2013/07/29 21:51:19 | 000,001,906 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.4-chromeinstaller.job
[2013/07/29 21:50:23 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk
[2013/07/29 12:27:07 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url
[2013/07/17 14:33:02 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Alan Wake.url
[2013/07/17 14:32:21 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Terraria.url
[2013/07/17 14:32:18 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url
[2013/07/17 14:32:14 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\PlanetSide 2.url
[2013/07/17 14:32:11 | 000,000,220 | ---- | C] () -- C:\Users\Marv\Desktop\Killing Floor.url
[2013/07/17 14:32:06 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url
[2013/07/17 14:32:03 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url
[2013/07/17 14:32:00 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Castle Crashers.url
[2013/07/17 14:31:57 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url
[2013/07/17 14:31:53 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2013/07/17 14:31:49 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Borderlands 2.url
[2013/07/17 10:36:17 | 000,510,899 | ---- | C] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe
[2013/07/15 20:50:09 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/07/15 20:03:47 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/10 08:18:26 | 000,001,100 | ---- | C] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk
[2013/07/09 22:01:21 | 000,000,462 | ---- | C] () -- C:\Users\Marv\Desktop\HouseTime.asx
[2013/07/09 22:00:31 | 000,000,470 | ---- | C] () -- C:\Users\Marv\Desktop\TechnoBase.asx
[2013/07/09 19:24:28 | 001,819,324 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/09 09:26:59 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013/07/09 09:24:40 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat
[2013/07/09 09:24:40 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat
[2013/07/09 09:24:40 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf
[2013/07/09 09:24:39 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat
[2013/07/09 09:24:39 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat
[2013/07/09 09:24:39 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat
[2013/07/09 09:24:39 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat
[2013/07/09 09:24:39 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf
[2013/07/09 09:24:39 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf
[2013/07/09 09:24:39 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf
[2013/07/09 09:24:39 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf
[2013/07/09 09:24:39 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf
[2013/07/09 09:24:39 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf
[2013/07/09 09:24:39 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf
[2013/07/09 09:24:20 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat
[2013/07/09 09:24:20 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat
[2013/07/09 09:24:20 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013/07/08 17:54:36 | 000,000,009 | ---- | C] () -- C:\END
[2013/07/08 17:52:12 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/08 17:52:12 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/08 17:52:10 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/07/04 15:24:08 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/05/24 21:12:26 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013/05/24 21:12:26 | 000,000,232 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013/05/24 21:12:14 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013/05/24 21:12:14 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2013/05/24 21:12:14 | 000,000,112 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2013/04/17 22:30:55 | 000,281,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/17 22:30:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/30 17:58:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/30 16:13:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/03/29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/12/19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/31 11:01:55 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/12/31 10:52:59 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/17 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.minecraft
[2013/04/23 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.technic
[2013/04/04 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Curse Advertising
[2013/04/17 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoft
[2013/07/16 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Dwarfs
[2013/05/13 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ftblauncher
[2013/03/30 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Leadertech
[2013/04/12 21:25:47 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\LolClient
[2013/07/30 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Origin
[2013/06/22 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\SoftGrid Client
[2013/04/26 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Teeworlds
[2013/03/30 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TP
[2013/07/16 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TS3Client
[2013/07/30 00:34:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\WinBatch
[2013/07/29 21:51:56 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Windows Net Data
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/03/30 16:19:08 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013/03/30 17:56:08 | 000,000,000 | ---D | M] -- C:\AMD
[2011/02/11 19:00:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2013/07/30 11:16:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013/06/22 10:19:13 | 000,000,000 | ---D | M] -- C:\Fraps
[2011/12/31 11:02:35 | 000,000,000 | RHSD | M] -- C:\hp
[2013/07/30 00:31:06 | 000,000,000 | ---D | M] -- C:\Intel
[2013/04/02 12:59:48 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/07/30 00:44:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/07/30 15:23:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013/07/30 00:42:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/02/11 21:24:35 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/04/16 13:19:20 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2013/07/30 18:56:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/03/30 16:18:58 | 000,000,000 | RH-D | M] -- C:\SYSTEM.SAV
[2013/07/30 00:46:32 | 000,000,000 | ---D | M] -- C:\temp
[2013/03/30 16:12:58 | 000,000,000 | R--D | M] -- C:\Users
[2013/07/30 11:18:02 | 000,000,000 | ---D | M] -- C:\Windows
[2013/06/22 10:25:07 | 000,000,000 | ---D | M] -- C:\WoW
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,628 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/03/30 16:18:40 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMARV-HP$.job
[2013/03/30 16:34:13 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job
[2013/03/30 16:34:13 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job
[2013/04/16 13:28:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/06/12 19:29:09 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForMarv.job
[2013/07/15 20:03:47 | 000,000,406 | ---- | C] () -- C:\Windows\Tasks\LyricsContainer Update.job
[2013/07/29 21:51:19 | 000,001,906 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-chromeinstaller.job
[2013/07/29 21:51:22 | 000,001,830 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-firefoxinstaller.job
[2013/07/29 21:51:38 | 000,001,198 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job
[2013/07/29 21:51:41 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-enabler.job
[2013/07/29 21:51:45 | 000,001,286 | ---- | C] () -- C:\Windows\Tasks\Plus-HD-2.4-updater.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2013/03/11 00:03:26 | 000,243,960 | ---- | M] (Advanced Micro Devices, Inc) MD5=0A365981E36E06A3684C59FE74F7192E -- C:\temp\e651fbbdf7ca158bfb48bd8f3b7d530b\Packages\Drivers\SBDrv\hseries\RAID\W8\ahcix86s.sys
[2012/12/10 04:02:36 | 000,238,936 | ---- | M] (Advanced Micro Devices, Inc) MD5=64D26A4E5BD72B9E87E1CEF439FA4BBD -- C:\temp\e651fbbdf7ca158bfb48bd8f3b7d530b\Packages\Drivers\SBDrv\hseries\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/12/31 10:36:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/12/31 10:36:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/12/31 10:36:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/12/31 10:36:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/12/31 10:36:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/12/31 10:36:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\SWSETUP\DRV\Storage\Intel\RST\10.5\x64\iaStor.sys
[2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_63a9e23bdf18fe5e\iaStor.sys
[2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_8e151c6491cbb9c5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/12/31 10:39:05 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/12/31 10:39:05 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013/07/30 18:59:50 | 004,980,736 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT
[2013/07/30 18:59:50 | 000,262,144 | -HS- | M] () -- C:\Users\Marv\ntuser.dat.LOG1
[2013/03/30 16:12:58 | 000,000,000 | -HS- | M] () -- C:\Users\Marv\ntuser.dat.LOG2
[2013/04/02 20:20:42 | 001,048,576 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
[2013/04/02 20:20:42 | 001,048,576 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
[2013/04/02 20:20:42 | 001,048,576 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
[2013/04/02 20:20:42 | 000,065,536 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
[2013/03/30 16:20:25 | 000,065,536 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013/03/30 16:20:25 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013/03/30 16:20:25 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/04/21 10:00:16 | 000,065,536 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{77e761f0-aa59-11e2-852e-806e6f6e6963}.TM.blf
[2013/04/21 10:00:16 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{77e761f0-aa59-11e2-852e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2013/04/21 10:00:16 | 000,524,288 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT{77e761f0-aa59-11e2-852e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2013/03/30 16:12:58 | 000,000,020 | -HS- | M] () -- C:\Users\Marv\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


Hier ich hoffe du kannst mir weiterhelfen !

Alt 30.07.2013, 18:16   #5
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
[2013/07/29 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Windows Net Data
PRC - [2013/07/27 15:16:24 | 000,709,120 | ---- | M] (Windows Net) -- C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe
O4 - Startup: C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Marv\AppData\Roaming\Windows Net Data\net.exe
(Windows Net)
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.07.2013, 20:00   #6
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Hi, nächstes mal, bitte kurze Rückmeldung, wenn was hochgeladen wurde, in den Uploadchannel, sonst musst du leider was länger warten.
Es sind 2 Logs zu posten, bitte gleichzeitig.
1.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


2.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )

Alt 30.07.2013, 20:30   #7
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



21:09:14.0601 4400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:15.0083 4400 ============================================================
21:09:15.0083 4400 Current date / time: 2013/07/30 21:09:15.0083
21:09:15.0083 4400 SystemInfo:
21:09:15.0083 4400
21:09:15.0083 4400 OS Version: 6.1.7601 ServicePack: 1.0
21:09:15.0083 4400 Product type: Workstation
21:09:15.0083 4400 ComputerName: MARV-HP
21:09:15.0083 4400 UserName: Marv
21:09:15.0083 4400 Windows directory: C:\Windows
21:09:15.0083 4400 System windows directory: C:\Windows
21:09:15.0083 4400 Running under WOW64
21:09:15.0083 4400 Processor architecture: Intel x64
21:09:15.0083 4400 Number of processors: 8
21:09:15.0083 4400 Page size: 0x1000
21:09:15.0083 4400 Boot type: Normal boot
21:09:15.0083 4400 ============================================================
21:09:16.0303 4400 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:16.0317 4400 ============================================================
21:09:16.0317 4400 \Device\Harddisk0\DR0:
21:09:16.0317 4400 MBR partitions:
21:09:16.0317 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:09:16.0317 4400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72D14800
21:09:16.0317 4400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72D47000, BlocksNum 0x19BF000
21:09:16.0317 4400 ============================================================
21:09:16.0339 4400 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:16.0383 4400 D: <-> \Device\Harddisk0\DR0\Partition3
21:09:16.0383 4400 ============================================================
21:09:16.0383 4400 Initialize success
21:09:16.0383 4400 ============================================================
21:09:41.0626 4400 ============================================================
21:09:41.0626 4400 Scan started
21:09:41.0626 4400 Mode: Manual; SigCheck; TDLFS;
21:09:41.0626 4400 ============================================================
21:09:42.0245 4400 ================ Scan system memory ========================
21:09:42.0245 4400 System memory - ok
21:09:42.0245 4400 ================ Scan services =============================
21:09:42.0354 4400 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:09:42.0403 4400 1394ohci - ok
21:09:42.0415 4400 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:09:42.0426 4400 ACPI - ok
21:09:42.0438 4400 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:09:42.0470 4400 AcpiPmi - ok
21:09:42.0551 4400 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:42.0564 4400 AdobeARMservice - ok
21:09:42.0642 4400 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:42.0654 4400 AdobeFlashPlayerUpdateSvc - ok
21:09:42.0681 4400 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:09:42.0698 4400 adp94xx - ok
21:09:42.0720 4400 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:09:42.0734 4400 adpahci - ok
21:09:42.0738 4400 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:09:42.0750 4400 adpu320 - ok
21:09:42.0773 4400 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:09:42.0816 4400 AeLookupSvc - ok
21:09:42.0875 4400 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
21:09:42.0903 4400 AESTFilters - ok
21:09:42.0933 4400 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:09:42.0962 4400 AFD - ok
21:09:42.0986 4400 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:09:42.0997 4400 agp440 - ok
21:09:43.0017 4400 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:09:43.0031 4400 ALG - ok
21:09:43.0058 4400 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:09:43.0068 4400 aliide - ok
21:09:43.0101 4400 [ 310F86335B0505DDC6D2DD48E66EF06B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:09:43.0136 4400 AMD External Events Utility - ok
21:09:43.0147 4400 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:09:43.0157 4400 amdide - ok
21:09:43.0168 4400 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:09:43.0186 4400 AmdK8 - ok
21:09:43.0323 4400 [ 79CC9BE187E3144E1B58A54B842475E7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:09:43.0500 4400 amdkmdag - ok
21:09:43.0532 4400 [ 07561D3B7FD99F6E186C49C2D0628E38 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:09:43.0548 4400 amdkmdap - ok
21:09:43.0565 4400 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:09:43.0593 4400 AmdPPM - ok
21:09:43.0616 4400 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:09:43.0624 4400 amdsata - ok
21:09:43.0652 4400 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:09:43.0661 4400 amdsbs - ok
21:09:43.0673 4400 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:09:43.0680 4400 amdxata - ok
21:09:43.0693 4400 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:09:43.0728 4400 AppID - ok
21:09:43.0749 4400 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:09:43.0786 4400 AppIDSvc - ok
21:09:43.0819 4400 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:09:43.0842 4400 Appinfo - ok
21:09:43.0881 4400 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:43.0891 4400 Apple Mobile Device - ok
21:09:43.0928 4400 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:09:43.0981 4400 arc - ok
21:09:44.0055 4400 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:09:44.0089 4400 arcsas - ok
21:09:44.0186 4400 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:09:44.0194 4400 aspnet_state - ok
21:09:44.0227 4400 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:44.0276 4400 AsyncMac - ok
21:09:44.0278 4400 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:09:44.0284 4400 atapi - ok
21:09:44.0343 4400 [ 4E5C72F003BFCB75701480DDCA5F0F09 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:09:44.0363 4400 AtiHDAudioService - ok
21:09:44.0399 4400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:09:44.0453 4400 AudioEndpointBuilder - ok
21:09:44.0458 4400 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:09:44.0486 4400 AudioSrv - ok
21:09:44.0514 4400 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:09:44.0546 4400 AxInstSV - ok
21:09:44.0572 4400 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:09:44.0593 4400 b06bdrv - ok
21:09:44.0610 4400 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:09:44.0632 4400 b57nd60a - ok
21:09:44.0667 4400 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:09:44.0692 4400 BDESVC - ok
21:09:44.0699 4400 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:09:44.0728 4400 Beep - ok
21:09:44.0755 4400 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:09:44.0787 4400 BFE - ok
21:09:44.0959 4400 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys
21:09:44.0979 4400 BHDrvx64 - ok
21:09:45.0008 4400 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:09:45.0053 4400 BITS - ok
21:09:45.0104 4400 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:09:45.0127 4400 blbdrive - ok
21:09:45.0159 4400 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:09:45.0187 4400 bowser - ok
21:09:45.0210 4400 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:09:45.0237 4400 BrFiltLo - ok
21:09:45.0240 4400 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:09:45.0257 4400 BrFiltUp - ok
21:09:45.0284 4400 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:09:45.0307 4400 Browser - ok
21:09:45.0323 4400 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:09:45.0351 4400 Brserid - ok
21:09:45.0353 4400 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:45.0373 4400 BrSerWdm - ok
21:09:45.0375 4400 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:45.0386 4400 BrUsbMdm - ok
21:09:45.0388 4400 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:45.0397 4400 BrUsbSer - ok
21:09:45.0407 4400 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:09:45.0428 4400 BTHMODEM - ok
21:09:45.0465 4400 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:09:45.0489 4400 bthserv - ok
21:09:45.0547 4400 [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys
21:09:45.0553 4400 ccSet_N360 - ok
21:09:45.0574 4400 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:09:45.0606 4400 cdfs - ok
21:09:45.0640 4400 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:09:45.0662 4400 cdrom - ok
21:09:45.0690 4400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:09:45.0723 4400 CertPropSvc - ok
21:09:45.0735 4400 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:09:45.0747 4400 circlass - ok
21:09:45.0757 4400 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:09:45.0774 4400 CLFS - ok
21:09:45.0831 4400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:45.0837 4400 clr_optimization_v2.0.50727_32 - ok
21:09:45.0870 4400 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:45.0877 4400 clr_optimization_v2.0.50727_64 - ok
21:09:45.0938 4400 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:45.0958 4400 clr_optimization_v4.0.30319_32 - ok
21:09:45.0972 4400 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:45.0985 4400 clr_optimization_v4.0.30319_64 - ok
21:09:46.0008 4400 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:09:46.0032 4400 CmBatt - ok
21:09:46.0035 4400 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:09:46.0044 4400 cmdide - ok
21:09:46.0078 4400 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:09:46.0094 4400 CNG - ok
21:09:46.0109 4400 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:09:46.0116 4400 Compbatt - ok
21:09:46.0132 4400 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:09:46.0151 4400 CompositeBus - ok
21:09:46.0158 4400 COMSysApp - ok
21:09:46.0194 4400 [ 2285B31039611D509F6120D691CA661F ] CpqDfw C:\Windows\system32\drivers\CpqDfw.sys
21:09:46.0201 4400 CpqDfw - ok
21:09:46.0248 4400 [ 10FB0FF62AF6262BF88E3607E2AE2A69 ] cqcpu C:\Windows\system32\drivers\cqcpu.sys
21:09:46.0254 4400 cqcpu - ok
21:09:46.0270 4400 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:09:46.0277 4400 crcdisk - ok
21:09:46.0299 4400 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:09:46.0321 4400 CryptSvc - ok
21:09:46.0376 4400 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:09:46.0392 4400 cvhsvc - ok
21:09:46.0420 4400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:09:46.0458 4400 DcomLaunch - ok
21:09:46.0477 4400 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:09:46.0514 4400 defragsvc - ok
21:09:46.0552 4400 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
21:09:46.0559 4400 Desura Install Service - ok
21:09:46.0574 4400 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:09:46.0603 4400 DfsC - ok
21:09:46.0628 4400 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:09:46.0660 4400 Dhcp - ok
21:09:46.0678 4400 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:09:46.0713 4400 discache - ok
21:09:46.0741 4400 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:09:46.0748 4400 Disk - ok
21:09:46.0768 4400 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:09:46.0785 4400 Dnscache - ok
21:09:46.0810 4400 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:09:46.0843 4400 dot3svc - ok
21:09:46.0854 4400 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:09:46.0887 4400 DPS - ok
21:09:46.0910 4400 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:09:46.0924 4400 drmkaud - ok
21:09:46.0954 4400 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:09:46.0970 4400 DXGKrnl - ok
21:09:46.0991 4400 EagleX64 - ok
21:09:47.0005 4400 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:09:47.0034 4400 EapHost - ok
21:09:47.0075 4400 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:09:47.0111 4400 ebdrv - ok
21:09:47.0162 4400 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:09:47.0171 4400 eeCtrl - ok
21:09:47.0187 4400 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:09:47.0208 4400 EFS - ok
21:09:47.0241 4400 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:09:47.0253 4400 elxstor - ok
21:09:47.0287 4400 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:09:47.0294 4400 EraserUtilRebootDrv - ok
21:09:47.0302 4400 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:09:47.0320 4400 ErrDev - ok
21:09:47.0383 4400 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:09:47.0421 4400 EventSystem - ok
21:09:47.0453 4400 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:09:47.0476 4400 exfat - ok
21:09:47.0490 4400 ezSharedSvc - ok
21:09:47.0501 4400 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:09:47.0536 4400 fastfat - ok
21:09:47.0566 4400 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:09:47.0590 4400 Fax - ok
21:09:47.0619 4400 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:09:47.0634 4400 fdc - ok
21:09:47.0647 4400 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:09:47.0669 4400 fdPHost - ok
21:09:47.0676 4400 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:09:47.0712 4400 FDResPub - ok
21:09:47.0738 4400 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:09:47.0745 4400 FileInfo - ok
21:09:47.0759 4400 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:09:47.0781 4400 Filetrace - ok
21:09:47.0783 4400 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:09:47.0791 4400 flpydisk - ok
21:09:47.0801 4400 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:09:47.0811 4400 FltMgr - ok
21:09:47.0858 4400 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:09:47.0876 4400 FontCache - ok
21:09:47.0905 4400 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:47.0911 4400 FontCache3.0.0.0 - ok
21:09:47.0968 4400 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
21:09:47.0976 4400 FPLService - ok
21:09:47.0995 4400 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:09:48.0003 4400 FsDepends - ok
21:09:48.0024 4400 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:09:48.0031 4400 Fs_Rec - ok
21:09:48.0052 4400 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:09:48.0063 4400 fvevol - ok
21:09:48.0082 4400 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:09:48.0090 4400 gagp30kx - ok
21:09:48.0124 4400 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:48.0130 4400 GEARAspiWDM - ok
21:09:48.0155 4400 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:09:48.0184 4400 gpsvc - ok
21:09:48.0222 4400 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:09:48.0229 4400 hamachi - ok
21:09:48.0241 4400 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:09:48.0256 4400 hcw85cir - ok
21:09:48.0276 4400 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:48.0293 4400 HdAudAddService - ok
21:09:48.0319 4400 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:48.0337 4400 HDAudBus - ok
21:09:48.0339 4400 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:09:48.0349 4400 HidBatt - ok
21:09:48.0361 4400 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:09:48.0372 4400 HidBth - ok
21:09:48.0403 4400 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:09:48.0413 4400 HidIr - ok
21:09:48.0433 4400 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:09:48.0456 4400 hidserv - ok
21:09:48.0467 4400 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:09:48.0475 4400 HidUsb - ok
21:09:48.0484 4400 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:09:48.0514 4400 hkmsvc - ok
21:09:48.0524 4400 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:48.0539 4400 HomeGroupListener - ok
21:09:48.0564 4400 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:48.0582 4400 HomeGroupProvider - ok
21:09:48.0649 4400 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:09:48.0652 4400 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
21:09:48.0652 4400 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
21:09:48.0690 4400 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:09:48.0699 4400 HPClientSvc - ok
21:09:48.0734 4400 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:09:48.0751 4400 hpqwmiex - ok
21:09:48.0783 4400 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:09:48.0791 4400 HpSAMD - ok
21:09:48.0816 4400 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:09:48.0852 4400 HTTP - ok
21:09:48.0860 4400 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:09:48.0867 4400 hwpolicy - ok
21:09:48.0876 4400 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:09:48.0885 4400 i8042prt - ok
21:09:48.0901 4400 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:09:48.0913 4400 iaStor - ok
21:09:48.0953 4400 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:09:48.0964 4400 iaStorV - ok
21:09:48.0992 4400 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
21:09:48.0998 4400 ICCWDT - ok
21:09:49.0035 4400 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:49.0050 4400 idsvc - ok
21:09:49.0150 4400 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130727.001\IDSvia64.sys
21:09:49.0167 4400 IDSVia64 - ok
21:09:49.0262 4400 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:09:49.0332 4400 igfx - ok
21:09:49.0353 4400 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:09:49.0360 4400 iirsp - ok
21:09:49.0380 4400 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:09:49.0416 4400 IKEEXT - ok
21:09:49.0506 4400 [ DDA8E5AD97231AB50B81FED04C28F64C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:09:49.0535 4400 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning
21:09:49.0535 4400 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic (1)
21:09:49.0585 4400 [ 86FE509640D77FB0998FC8B1FF5523C6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:09:49.0600 4400 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:09:49.0628 4400 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:09:49.0635 4400 intelide - ok
21:09:49.0655 4400 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:09:49.0677 4400 intelppm - ok
21:09:49.0696 4400 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:09:49.0731 4400 IPBusEnum - ok
21:09:49.0733 4400 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:49.0755 4400 IpFilterDriver - ok
21:09:49.0790 4400 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:09:49.0810 4400 iphlpsvc - ok
21:09:49.0837 4400 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:09:49.0845 4400 IPMIDRV - ok
21:09:49.0857 4400 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:09:49.0889 4400 IPNAT - ok
21:09:49.0911 4400 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:09:49.0924 4400 iPod Service - ok
21:09:49.0946 4400 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:09:49.0957 4400 IRENUM - ok
21:09:49.0970 4400 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:09:49.0977 4400 isapnp - ok
21:09:49.0996 4400 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:09:50.0006 4400 iScsiPrt - ok
21:09:50.0057 4400 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
21:09:50.0066 4400 jhi_service - ok
21:09:50.0085 4400 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:50.0093 4400 kbdclass - ok
21:09:50.0097 4400 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:50.0117 4400 kbdhid - ok
21:09:50.0129 4400 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:09:50.0136 4400 KeyIso - ok
21:09:50.0158 4400 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:09:50.0166 4400 KSecDD - ok
21:09:50.0208 4400 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:09:50.0216 4400 KSecPkg - ok
21:09:50.0234 4400 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:09:50.0264 4400 ksthunk - ok
21:09:50.0291 4400 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:09:50.0324 4400 KtmRm - ok
21:09:50.0359 4400 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:09:50.0398 4400 LanmanServer - ok
21:09:50.0411 4400 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:50.0447 4400 LanmanWorkstation - ok
21:09:50.0473 4400 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
21:09:50.0479 4400 LGBusEnum - ok
21:09:50.0502 4400 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
21:09:50.0507 4400 LGVirHid - ok
21:09:50.0532 4400 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:09:50.0562 4400 lltdio - ok
21:09:50.0594 4400 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:09:50.0634 4400 lltdsvc - ok
21:09:50.0647 4400 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:09:50.0685 4400 lmhosts - ok
21:09:50.0772 4400 [ 36DCEA3101D8CB56852EF5D7A4079164 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:09:50.0791 4400 LMS - ok
21:09:50.0825 4400 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:09:50.0839 4400 LSI_FC - ok
21:09:50.0862 4400 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:09:50.0875 4400 LSI_SAS - ok
21:09:50.0878 4400 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:09:50.0890 4400 LSI_SAS2 - ok
21:09:50.0894 4400 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:09:50.0905 4400 LSI_SCSI - ok
21:09:50.0914 4400 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:09:50.0946 4400 luafv - ok
21:09:50.0971 4400 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:09:50.0978 4400 megasas - ok
21:09:50.0983 4400 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:09:50.0993 4400 MegaSR - ok
21:09:51.0016 4400 [ CFBDB416E1DC172327C099DB122FE15D ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
21:09:51.0023 4400 MEIx64 - ok
21:09:51.0050 4400 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:09:51.0080 4400 MMCSS - ok
21:09:51.0082 4400 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:09:51.0111 4400 Modem - ok
21:09:51.0136 4400 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:09:51.0152 4400 monitor - ok
21:09:51.0174 4400 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:09:51.0181 4400 mouclass - ok
21:09:51.0198 4400 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:09:51.0220 4400 mouhid - ok
21:09:51.0241 4400 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:09:51.0249 4400 mountmgr - ok
21:09:51.0251 4400 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:09:51.0260 4400 mpio - ok
21:09:51.0269 4400 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:09:51.0292 4400 mpsdrv - ok
21:09:51.0306 4400 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:09:51.0343 4400 MpsSvc - ok
21:09:51.0355 4400 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:09:51.0378 4400 MRxDAV - ok
21:09:51.0390 4400 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:51.0412 4400 mrxsmb - ok
21:09:51.0433 4400 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:51.0443 4400 mrxsmb10 - ok
21:09:51.0457 4400 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:51.0466 4400 mrxsmb20 - ok
21:09:51.0482 4400 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:09:51.0489 4400 msahci - ok
21:09:51.0500 4400 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:09:51.0509 4400 msdsm - ok
21:09:51.0523 4400 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:09:51.0545 4400 MSDTC - ok
21:09:51.0555 4400 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:09:51.0577 4400 Msfs - ok
21:09:51.0595 4400 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:09:51.0627 4400 mshidkmdf - ok
21:09:51.0640 4400 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:09:51.0647 4400 msisadrv - ok
21:09:51.0670 4400 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:09:51.0693 4400 MSiSCSI - ok
21:09:51.0695 4400 msiserver - ok
21:09:51.0705 4400 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:09:51.0737 4400 MSKSSRV - ok
21:09:51.0752 4400 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:51.0787 4400 MSPCLOCK - ok
21:09:51.0789 4400 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:09:51.0812 4400 MSPQM - ok
21:09:51.0828 4400 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:09:51.0839 4400 MsRPC - ok
21:09:51.0850 4400 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:09:51.0856 4400 mssmbios - ok
21:09:51.0864 4400 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:09:51.0894 4400 MSTEE - ok
21:09:51.0909 4400 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:09:51.0917 4400 MTConfig - ok
21:09:51.0926 4400 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:09:51.0933 4400 Mup - ok
21:09:51.0978 4400 [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
21:09:51.0985 4400 N360 - ok
21:09:52.0007 4400 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:09:52.0041 4400 napagent - ok
21:09:52.0070 4400 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:09:52.0095 4400 NativeWifiP - ok
21:09:52.0209 4400 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\ENG64.SYS
21:09:52.0216 4400 NAVENG - ok
21:09:52.0251 4400 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130729.019\EX64.SYS
21:09:52.0275 4400 NAVEX15 - ok
21:09:52.0321 4400 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:09:52.0351 4400 NDIS - ok
21:09:52.0370 4400 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:52.0407 4400 NdisCap - ok
21:09:52.0441 4400 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:52.0468 4400 NdisTapi - ok
21:09:52.0481 4400 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:52.0508 4400 Ndisuio - ok
21:09:52.0515 4400 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:52.0551 4400 NdisWan - ok
21:09:52.0564 4400 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:09:52.0585 4400 NDProxy - ok
21:09:52.0622 4400 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
21:09:52.0629 4400 Netaapl - ok
21:09:52.0639 4400 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:09:52.0672 4400 NetBIOS - ok
21:09:52.0685 4400 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:09:52.0708 4400 NetBT - ok
21:09:52.0721 4400 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:09:52.0729 4400 Netlogon - ok
21:09:52.0757 4400 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:09:52.0791 4400 Netman - ok
21:09:52.0820 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0827 4400 NetMsmqActivator - ok
21:09:52.0829 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0836 4400 NetPipeActivator - ok
21:09:52.0851 4400 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:09:52.0883 4400 netprofm - ok
21:09:52.0885 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0891 4400 NetTcpActivator - ok
21:09:52.0893 4400 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0900 4400 NetTcpPortSharing - ok
21:09:52.0923 4400 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:09:52.0931 4400 nfrd960 - ok
21:09:52.0949 4400 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:09:52.0969 4400 NlaSvc - ok
21:09:52.0982 4400 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:09:53.0004 4400 Npfs - ok
21:09:53.0015 4400 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:09:53.0049 4400 nsi - ok
21:09:53.0058 4400 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:09:53.0081 4400 nsiproxy - ok
21:09:53.0117 4400 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:09:53.0142 4400 Ntfs - ok
21:09:53.0161 4400 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:09:53.0183 4400 Null - ok
21:09:53.0208 4400 [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:09:53.0216 4400 NVHDA - ok
21:09:53.0226 4400 nvlddmkm - ok
21:09:53.0252 4400 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:09:53.0261 4400 nvraid - ok
21:09:53.0274 4400 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:09:53.0283 4400 nvstor - ok
21:09:53.0310 4400 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:09:53.0318 4400 nv_agp - ok
21:09:53.0335 4400 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:09:53.0344 4400 ohci1394 - ok
21:09:53.0356 4400 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:53.0363 4400 ose - ok
21:09:53.0440 4400 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:09:53.0504 4400 osppsvc - ok
21:09:53.0516 4400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:09:53.0539 4400 p2pimsvc - ok
21:09:53.0574 4400 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:09:53.0584 4400 p2psvc - ok
21:09:53.0615 4400 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:09:53.0633 4400 Parport - ok
21:09:53.0650 4400 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:09:53.0657 4400 partmgr - ok
21:09:53.0668 4400 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:09:53.0688 4400 PcaSvc - ok
21:09:53.0701 4400 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:09:53.0709 4400 pci - ok
21:09:53.0719 4400 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:09:53.0726 4400 pciide - ok
21:09:53.0737 4400 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:09:53.0746 4400 pcmcia - ok
21:09:53.0767 4400 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:09:53.0775 4400 pcw - ok
21:09:53.0791 4400 pdfcDispatcher - ok
21:09:53.0808 4400 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:09:53.0843 4400 PEAUTH - ok
21:09:53.0902 4400 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:09:53.0925 4400 PerfHost - ok
21:09:53.0993 4400 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:09:54.0035 4400 pla - ok
21:09:54.0070 4400 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:09:54.0092 4400 PlugPlay - ok
21:09:54.0099 4400 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
21:09:54.0105 4400 pmxdrv - ok
21:09:54.0115 4400 PnkBstrA - ok
21:09:54.0122 4400 PnkBstrB - ok
21:09:54.0254 4400 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:09:54.0384 4400 PNRPAutoReg - ok
21:09:54.0475 4400 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:09:54.0496 4400 PNRPsvc - ok
21:09:54.0522 4400 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:09:54.0555 4400 PolicyAgent - ok
21:09:54.0579 4400 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:09:54.0602 4400 Power - ok
21:09:54.0625 4400 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:09:54.0657 4400 PptpMiniport - ok
21:09:54.0668 4400 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:09:54.0677 4400 Processor - ok
21:09:54.0699 4400 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:09:54.0709 4400 ProfSvc - ok
21:09:54.0712 4400 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:54.0720 4400 ProtectedStorage - ok
21:09:54.0735 4400 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:09:54.0771 4400 Psched - ok
21:09:54.0806 4400 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:09:54.0830 4400 ql2300 - ok
21:09:54.0855 4400 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:09:54.0863 4400 ql40xx - ok
21:09:54.0885 4400 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:09:54.0899 4400 QWAVE - ok
21:09:54.0913 4400 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:09:54.0933 4400 QWAVEdrv - ok
21:09:54.0947 4400 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:09:54.0970 4400 RasAcd - ok
21:09:54.0988 4400 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:55.0010 4400 RasAgileVpn - ok
21:09:55.0020 4400 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:09:55.0057 4400 RasAuto - ok
21:09:55.0069 4400 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:55.0091 4400 Rasl2tp - ok
21:09:55.0125 4400 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:09:55.0150 4400 RasMan - ok
21:09:55.0157 4400 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:55.0192 4400 RasPppoe - ok
21:09:55.0212 4400 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:09:55.0248 4400 RasSstp - ok
21:09:55.0271 4400 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:09:55.0295 4400 rdbss - ok
21:09:55.0310 4400 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:09:55.0324 4400 rdpbus - ok
21:09:55.0344 4400 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:55.0366 4400 RDPCDD - ok
21:09:55.0376 4400 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:09:55.0410 4400 RDPENCDD - ok
21:09:55.0421 4400 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:09:55.0443 4400 RDPREFMP - ok
21:09:55.0478 4400 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:55.0495 4400 RdpVideoMiniport - ok
21:09:55.0521 4400 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:09:55.0531 4400 RDPWD - ok
21:09:55.0551 4400 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:09:55.0560 4400 rdyboost - ok
21:09:55.0580 4400 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:09:55.0603 4400 RemoteAccess - ok
21:09:55.0615 4400 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:09:55.0652 4400 RemoteRegistry - ok
21:09:55.0662 4400 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:09:55.0698 4400 RpcEptMapper - ok
21:09:55.0716 4400 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:09:55.0736 4400 RpcLocator - ok
21:09:55.0754 4400 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:09:55.0779 4400 RpcSs - ok
21:09:55.0787 4400 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:09:55.0816 4400 rspndr - ok
21:09:55.0851 4400 [ 130DD683DCC902F47A4AC35201D07E2F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:09:55.0865 4400 RTL8167 - ok
21:09:55.0893 4400 [ A1973C20C6837FA453445AEF8FCF7EF4 ] RZMAELSTROMVADService C:\Windows\system32\drivers\RzMaelstromVAD.sys
21:09:55.0900 4400 RZMAELSTROMVADService - ok
21:09:55.0912 4400 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:09:55.0920 4400 SamSs - ok
21:09:55.0941 4400 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:09:55.0948 4400 sbp2port - ok
21:09:55.0973 4400 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:09:55.0997 4400 SCardSvr - ok
21:09:56.0010 4400 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:09:56.0044 4400 scfilter - ok
21:09:56.0061 4400 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:09:56.0098 4400 Schedule - ok
21:09:56.0123 4400 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:09:56.0144 4400 SCPolicySvc - ok
21:09:56.0157 4400 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:09:56.0167 4400 SDRSVC - ok
21:09:56.0183 4400 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:09:56.0217 4400 secdrv - ok
21:09:56.0235 4400 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:09:56.0257 4400 seclogon - ok
21:09:56.0277 4400 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:09:56.0308 4400 SENS - ok
21:09:56.0322 4400 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:09:56.0343 4400 SensrSvc - ok
21:09:56.0385 4400 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:09:56.0399 4400 Serenum - ok
21:09:56.0401 4400 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:09:56.0419 4400 Serial - ok
21:09:56.0431 4400 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:09:56.0453 4400 sermouse - ok
21:09:56.0462 4400 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:09:56.0489 4400 SessionEnv - ok
21:09:56.0500 4400 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:09:56.0510 4400 sffdisk - ok
21:09:56.0512 4400 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:09:56.0531 4400 sffp_mmc - ok
21:09:56.0546 4400 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:09:56.0556 4400 sffp_sd - ok
21:09:56.0564 4400 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:09:56.0582 4400 sfloppy - ok
21:09:56.0612 4400 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:09:56.0626 4400 Sftfs - ok
21:09:56.0654 4400 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:09:56.0665 4400 sftlist - ok
21:09:56.0687 4400 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:09:56.0695 4400 Sftplay - ok
21:09:56.0700 4400 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:09:56.0705 4400 Sftredir - ok
21:09:56.0710 4400 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:09:56.0715 4400 Sftvol - ok
21:09:56.0728 4400 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:09:56.0736 4400 sftvsa - ok
21:09:56.0757 4400 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:09:56.0790 4400 SharedAccess - ok
21:09:56.0808 4400 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:56.0841 4400 ShellHWDetection - ok
21:09:56.0858 4400 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:09:56.0866 4400 SiSRaid2 - ok
21:09:56.0880 4400 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:09:56.0888 4400 SiSRaid4 - ok
21:09:56.0932 4400 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:09:56.0940 4400 SkypeUpdate - ok
21:09:56.0964 4400 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:09:56.0989 4400 Smb - ok
21:09:57.0017 4400 [ 962ABD93C70B28CE97F78B8F115FF1B2 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:09:57.0023 4400 SmbDrvI - ok
21:09:57.0037 4400 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:09:57.0047 4400 SNMPTRAP - ok
21:09:57.0052 4400 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:09:57.0060 4400 spldr - ok
21:09:57.0079 4400 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:09:57.0092 4400 Spooler - ok
21:09:57.0139 4400 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:09:57.0208 4400 sppsvc - ok
21:09:57.0229 4400 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:09:57.0254 4400 sppuinotify - ok
21:09:57.0380 4400 [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
21:09:57.0404 4400 SRTSP - ok
21:09:57.0418 4400 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
21:09:57.0424 4400 SRTSPX - ok
21:09:57.0444 4400 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:09:57.0469 4400 srv - ok
21:09:57.0485 4400 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:09:57.0511 4400 srv2 - ok
21:09:57.0521 4400 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:09:57.0531 4400 srvnet - ok
21:09:57.0554 4400 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:09:57.0582 4400 SSDPSRV - ok
21:09:57.0592 4400 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:09:57.0615 4400 SstpSvc - ok
21:09:57.0664 4400 [ 605ECCCE95ACF7AF12CBCCDAB55B8DD0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
21:09:57.0689 4400 STacSV - ok
21:09:57.0719 4400 [ 9E1380328C39D661E085B24D6A6E044E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:09:57.0730 4400 Steam Client Service - ok
21:09:57.0749 4400 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:09:57.0756 4400 stexstor - ok
21:09:57.0796 4400 [ 5709F6AEECC9C43AD9D550FB1D882209 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:09:57.0809 4400 STHDA - ok
21:09:57.0840 4400 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:09:57.0866 4400 stisvc - ok
21:09:57.0880 4400 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:09:57.0887 4400 swenum - ok
21:09:57.0909 4400 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:09:57.0944 4400 swprv - ok
21:09:57.0961 4400 [ 52DC0048D667757A8A2E4C87182890AC ] SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
21:09:57.0972 4400 SymDS - ok
21:09:57.0992 4400 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
21:09:58.0011 4400 SymEFA - ok
21:09:58.0046 4400 [ F19E5E37ED8134B9E5F6287F2D3A75D7 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:09:58.0052 4400 SymEvent - ok
21:09:58.0077 4400 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS
21:09:58.0085 4400 SymIRON - ok
21:09:58.0095 4400 [ 9CDCA70485BD6B9D230365F67C31F132 ] SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
21:09:58.0104 4400 SymNetS - ok
21:09:58.0143 4400 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:09:58.0177 4400 SysMain - ok
21:09:58.0184 4400 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:58.0197 4400 TabletInputService - ok
21:09:58.0217 4400 [ 3A7CABF7DE8F1325BE8F46685469AEC3 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
21:09:58.0224 4400 taphss6 - ok
21:09:58.0231 4400 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:09:58.0255 4400 TapiSrv - ok
21:09:58.0270 4400 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:09:58.0293 4400 TBS - ok
21:09:58.0339 4400 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:09:58.0367 4400 Tcpip - ok
21:09:58.0386 4400 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:09:58.0410 4400 TCPIP6 - ok
21:09:58.0427 4400 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:09:58.0435 4400 tcpipreg - ok
21:09:58.0453 4400 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:09:58.0470 4400 TDPIPE - ok
21:09:58.0493 4400 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:09:58.0500 4400 TDTCP - ok
21:09:58.0508 4400 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:09:58.0530 4400 tdx - ok
21:09:58.0540 4400 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:09:58.0547 4400 TermDD - ok
21:09:58.0574 4400 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:09:58.0602 4400 TermService - ok
21:09:58.0614 4400 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:09:58.0626 4400 Themes - ok
21:09:58.0633 4400 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:09:58.0655 4400 THREADORDER - ok
21:09:58.0679 4400 [ FF879027C552A37897D107BE6CEDF6DF ] tihub3 C:\Windows\system32\drivers\tihub3.sys
21:09:58.0686 4400 tihub3 - ok
21:09:58.0706 4400 [ 133C3B4A3E44616F8F571A0EBBEF9B74 ] tixhci C:\Windows\system32\drivers\tixhci.sys
21:09:58.0714 4400 tixhci - ok
21:09:58.0722 4400 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:09:58.0756 4400 TrkWks - ok
21:09:58.0795 4400 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:58.0831 4400 TrustedInstaller - ok
21:09:58.0838 4400 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:58.0874 4400 tssecsrv - ok
21:09:58.0918 4400 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:09:58.0946 4400 TsUsbFlt - ok
21:09:58.0973 4400 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:09:58.0992 4400 TsUsbGD - ok
21:09:59.0021 4400 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:09:59.0068 4400 tunnel - ok
21:09:59.0083 4400 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:09:59.0092 4400 uagp35 - ok
21:09:59.0107 4400 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:09:59.0143 4400 udfs - ok
21:09:59.0169 4400 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:09:59.0197 4400 UI0Detect - ok
21:09:59.0216 4400 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:09:59.0233 4400 uliagpkx - ok
21:09:59.0246 4400 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:09:59.0270 4400 umbus - ok
21:09:59.0285 4400 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:09:59.0302 4400 UmPass - ok
21:09:59.0317 4400 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:09:59.0359 4400 upnphost - ok
21:09:59.0398 4400 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:09:59.0408 4400 USBAAPL64 - ok
21:09:59.0430 4400 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:59.0441 4400 usbccgp - ok
21:09:59.0457 4400 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:09:59.0470 4400 usbcir - ok
21:09:59.0512 4400 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:09:59.0557 4400 usbehci - ok
21:09:59.0622 4400 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
21:09:59.0646 4400 usbhub - ok
21:09:59.0708 4400 [ F9B3054339A71F16430F6585EBC8BE96 ] USBMULCD C:\Windows\system32\drivers\CM10664.sys
21:09:59.0738 4400 USBMULCD - ok
21:09:59.0752 4400 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:09:59.0779 4400 usbohci - ok
21:09:59.0798 4400 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:09:59.0824 4400 usbprint - ok
21:09:59.0845 4400 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:59.0856 4400 USBSTOR - ok
21:09:59.0880 4400 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:09:59.0903 4400 usbuhci - ok
21:09:59.0919 4400 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:09:59.0961 4400 UxSms - ok
21:09:59.0970 4400 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:09:59.0978 4400 VaultSvc - ok
21:10:00.0004 4400 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:10:00.0011 4400 vdrvroot - ok
21:10:00.0023 4400 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:10:00.0053 4400 vds - ok
21:10:00.0070 4400 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:00.0082 4400 vga - ok
21:10:00.0091 4400 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:10:00.0127 4400 VgaSave - ok
21:10:00.0143 4400 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:10:00.0152 4400 vhdmp - ok
21:10:00.0186 4400 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:10:00.0194 4400 viaide - ok
21:10:00.0209 4400 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:10:00.0216 4400 volmgr - ok
21:10:00.0230 4400 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:10:00.0241 4400 volmgrx - ok
21:10:00.0252 4400 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:10:00.0262 4400 volsnap - ok
21:10:00.0270 4400 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:10:00.0278 4400 vsmraid - ok
21:10:00.0324 4400 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:10:00.0361 4400 VSS - ok
21:10:00.0372 4400 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:10:00.0389 4400 vwifibus - ok
21:10:00.0412 4400 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:10:00.0451 4400 W32Time - ok
21:10:00.0469 4400 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:10:00.0477 4400 WacomPen - ok
21:10:00.0503 4400 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:10:00.0532 4400 WANARP - ok
21:10:00.0534 4400 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:10:00.0555 4400 Wanarpv6 - ok
21:10:00.0591 4400 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:10:00.0613 4400 wbengine - ok
21:10:00.0646 4400 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:10:00.0659 4400 WbioSrvc - ok
21:10:00.0677 4400 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:10:00.0703 4400 wcncsvc - ok
21:10:00.0713 4400 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:00.0732 4400 WcsPlugInService - ok
21:10:00.0752 4400 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:10:00.0759 4400 Wd - ok
21:10:00.0786 4400 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:10:00.0802 4400 Wdf01000 - ok
21:10:00.0814 4400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:10:00.0849 4400 WdiServiceHost - ok
21:10:00.0851 4400 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:10:00.0863 4400 WdiSystemHost - ok
21:10:00.0885 4400 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:10:00.0908 4400 WebClient - ok
21:10:00.0916 4400 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:10:00.0950 4400 Wecsvc - ok
21:10:00.0959 4400 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:10:00.0982 4400 wercplsupport - ok
21:10:00.0995 4400 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:10:01.0018 4400 WerSvc - ok
21:10:01.0043 4400 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:01.0065 4400 WfpLwf - ok
21:10:01.0076 4400 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:10:01.0082 4400 WIMMount - ok
21:10:01.0098 4400 WinDefend - ok
21:10:01.0107 4400 WinHttpAutoProxySvc - ok
21:10:01.0150 4400 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:10:01.0174 4400 Winmgmt - ok
21:10:01.0208 4400 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:10:01.0247 4400 WinRM - ok
21:10:01.0283 4400 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:10:01.0303 4400 WinUsb - ok
21:10:01.0345 4400 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:10:01.0382 4400 Wlansvc - ok
21:10:01.0419 4400 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:10:01.0426 4400 wlcrasvc - ok
21:10:01.0475 4400 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:10:01.0507 4400 wlidsvc - ok
21:10:01.0532 4400 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:10:01.0550 4400 WmiAcpi - ok
21:10:01.0574 4400 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:10:01.0592 4400 wmiApSrv - ok
21:10:01.0616 4400 WMPNetworkSvc - ok
21:10:01.0643 4400 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:10:01.0651 4400 WPCSvc - ok
21:10:01.0664 4400 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:10:01.0675 4400 WPDBusEnum - ok
21:10:01.0680 4400 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:10:01.0703 4400 ws2ifsl - ok
21:10:01.0717 4400 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:10:01.0739 4400 wscsvc - ok
21:10:01.0740 4400 WSearch - ok
21:10:01.0782 4400 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:10:01.0816 4400 wuauserv - ok
21:10:01.0832 4400 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:10:01.0854 4400 WudfPf - ok
21:10:01.0877 4400 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:01.0886 4400 WUDFRd - ok
21:10:01.0898 4400 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:10:01.0920 4400 wudfsvc - ok
21:10:01.0945 4400 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:10:01.0963 4400 WwanSvc - ok
21:10:01.0992 4400 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:10:01.0999 4400 xusb21 - ok
21:10:02.0010 4400 ================ Scan global ===============================
21:10:02.0026 4400 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:10:02.0044 4400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:10:02.0057 4400 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:10:02.0069 4400 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:10:02.0090 4400 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:10:02.0093 4400 [Global] - ok
21:10:02.0093 4400 ================ Scan MBR ==================================
21:10:02.0100 4400 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:10:02.0420 4400 \Device\Harddisk0\DR0 - ok
21:10:02.0420 4400 ================ Scan VBR ==================================
21:10:02.0422 4400 [ 9B4AD56C341A563FF669ED8129EFB49D ] \Device\Harddisk0\DR0\Partition1
21:10:02.0424 4400 \Device\Harddisk0\DR0\Partition1 - ok
21:10:02.0463 4400 [ 8056FDB0E5402E7EF044D32A3F24CB92 ] \Device\Harddisk0\DR0\Partition2
21:10:02.0464 4400 \Device\Harddisk0\DR0\Partition2 - ok
21:10:02.0503 4400 [ D090948AD1CB70F43FE3B895B70DCFDB ] \Device\Harddisk0\DR0\Partition3
21:10:02.0504 4400 \Device\Harddisk0\DR0\Partition3 - ok
21:10:02.0505 4400 ============================================================
21:10:02.0505 4400 Scan finished
21:10:02.0505 4400 ============================================================
21:10:02.0512 4976 Detected object count: 2
21:10:02.0512 4976 Actual detected object count: 2
21:10:15.0200 4976 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:15.0200 4976 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:15.0201 4976 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:15.0201 4976 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:21.0336 3920 Deinitialize success

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-30.03 - Marv 30.07.2013  21:24:35.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.12268.9752 [GMT 2:00]
ausgeführt von:: c:\users\Marv\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-28 bis 2013-07-30  ))))))))))))))))))))))))))))))
.
.
2013-07-30 19:28 . 2013-07-30 19:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-30 19:09 . 2013-07-30 19:09	208216	----a-w-	c:\windows\system32\drivers\01910157.sys
2013-07-30 18:49 . 2013-07-30 18:56	--------	d-----w-	C:\_OTL
2013-07-30 13:24 . 2013-07-30 13:24	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2013-07-29 22:44 . 2013-07-29 22:44	--------	d-----w-	c:\program files\Intel
2013-07-29 22:42 . 2013-07-29 22:42	--------	d-----w-	c:\programdata\ATI
2013-07-29 22:41 . 2013-07-29 22:41	--------	d-----w-	c:\program files (x86)\AMD AVT
2013-07-29 22:38 . 2013-07-29 22:38	--------	d-----w-	c:\program files\Synaptics
2013-07-29 22:38 . 2013-05-07 14:41	33008	----a-w-	c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-07-29 22:34 . 2013-07-29 22:34	--------	d-----w-	c:\users\Marv\AppData\Roaming\WinBatch
2013-07-29 22:33 . 2013-07-29 22:33	--------	d-----w-	c:\programdata\AmUStor
2013-07-29 22:33 . 2013-07-29 22:33	--------	d-----w-	c:\program files (x86)\AmUStor
2013-07-29 22:31 . 2013-02-27 13:37	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-07-29 22:31 . 2013-07-29 22:31	--------	d-----w-	C:\Intel
2013-07-29 22:31 . 2013-07-29 22:46	--------	d-----w-	C:\temp
2013-07-29 19:53 . 2013-07-29 19:53	--------	d-----w-	c:\program files (x86)\SIW 2013 Home Edition
2013-07-29 19:53 . 2013-07-29 19:53	--------	d-----w-	c:\users\Marv\AppData\Local\Programs
2013-07-29 19:51 . 2013-07-29 19:51	--------	d-----w-	c:\program files (x86)\SoftwareUpdater
2013-07-29 19:51 . 2013-07-29 19:51	--------	d-----w-	c:\program files (x86)\FoxyDeal
2013-07-29 19:51 . 2013-07-29 19:52	--------	d-----w-	c:\programdata\FreeDriverScout
2013-07-29 19:50 . 2013-07-30 18:57	--------	d-----w-	c:\program files\SoftwareUpdater
2013-07-29 19:50 . 2013-07-29 19:50	--------	d-----w-	c:\program files\Covus Freemium
2013-07-29 19:50 . 2013-07-29 19:50	--------	d-----w-	c:\programdata\Package Cache
2013-07-29 19:48 . 2013-07-29 19:49	--------	d-----w-	c:\users\Marv\AppData\Local\DownloadGuide
2013-07-29 10:28 . 2013-07-29 10:28	--------	d-----w-	c:\users\Marv\AppData\Local\Robot Entertainment
2013-07-28 13:04 . 2013-07-29 08:49	--------	d-----w-	c:\programdata\Easybits Magic Desktop for HP
2013-07-16 18:14 . 2013-07-16 18:41	--------	d-----w-	c:\users\Marv\AppData\Roaming\Dwarfs
2013-07-16 17:42 . 2013-07-16 17:45	--------	d-----w-	c:\users\Marv\AppData\Roaming\vlc
2013-07-15 18:03 . 2013-07-15 18:05	--------	d-----w-	c:\programdata\Tarma Installer
2013-07-10 10:31 . 2013-06-04 06:00	624128	----a-w-	c:\windows\system32\qedit.dll
2013-07-10 10:31 . 2013-06-04 04:53	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2013-07-10 10:31 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-10 10:31 . 2013-05-27 05:50	571904	----a-w-	c:\program files\Windows Defender\MpClient.dll
2013-07-10 10:31 . 2013-05-27 05:50	314880	----a-w-	c:\program files\Windows Defender\MpCommu.dll
2013-07-10 10:31 . 2013-05-27 04:57	4608	----a-w-	c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 10:31 . 2013-05-27 04:57	54784	----a-w-	c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 10:31 . 2013-05-27 04:57	392704	----a-w-	c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 10:31 . 2013-05-27 03:15	9216	----a-w-	c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 10:31 . 2013-05-06 06:03	1887744	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-10 10:31 . 2013-05-06 04:56	1620480	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 10:30 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-07-10 10:30 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 10:30 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 10:30 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 10:30 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 10:30 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 10:30 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-07-10 10:30 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-07-08 15:54 . 2013-07-08 15:54	--------	d-----w-	c:\program files (x86)\Conduit
2013-07-08 15:54 . 2013-07-08 16:07	--------	d-----w-	c:\users\Marv\AppData\Local\Conduit
2013-07-08 15:51 . 2013-07-30 19:22	--------	d-----w-	c:\program files (x86)\Norton 360
2013-07-04 13:28 . 2013-07-30 09:52	--------	d-----w-	c:\users\Marv\AppData\Roaming\Origin
2013-07-04 13:28 . 2013-07-29 10:28	--------	d-----w-	c:\program files (x86)\Origin Games
2013-07-04 13:28 . 2013-07-30 13:32	--------	d-----w-	c:\users\Marv\AppData\Local\Origin
2013-07-04 13:24 . 2013-07-30 17:11	--------	d-----w-	c:\programdata\Origin
2013-07-04 13:24 . 2013-07-30 17:11	--------	d-----w-	c:\programdata\Electronic Arts
2013-07-04 13:24 . 2013-07-30 18:57	--------	d-----w-	c:\program files (x86)\Origin
2013-07-04 05:24 . 2013-07-04 05:24	--------	d-----w-	c:\users\Marv\AppData\Local\SCE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 19:00 . 2013-04-17 20:42	291328	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-07-30 19:00 . 2013-04-17 20:30	291328	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-07-30 18:58 . 2013-04-17 20:30	280600	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-07-30 13:23 . 2013-04-17 20:30	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-07-10 11:06 . 2013-03-31 16:29	78185248	----a-w-	c:\windows\system32\MRT.exe
2013-06-23 20:48 . 2013-06-23 20:48	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 20:48 . 2013-04-07 12:14	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-23 20:48 . 2013-04-07 12:14	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-21 01:09 . 2013-06-21 01:09	42184	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-06-12 16:26 . 2013-04-16 11:28	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:26 . 2011-12-31 08:53	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 23:45 . 2011-12-31 08:48	8192	----a-w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2013-05-17 15:27 . 2013-05-17 15:27	40696	----a-w-	c:\windows\system32\drivers\RzMaelstromVAD.sys
2013-05-17 15:25 . 2013-05-17 15:25	245248	----a-w-	c:\windows\system32\DriverInstallCACMD.exe
2013-05-17 15:25 . 2013-05-17 15:25	69120	----a-w-	c:\windows\system32\DriverInstallCA.dll
2013-05-13 05:51 . 2013-06-13 05:53	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 05:53	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 05:53	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 05:53	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 05:53	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 05:53	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 05:53	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 05:53	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 05:53	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 05:53	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-11 11:09 . 2010-06-24 19:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-13 05:54	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 05:54	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-09 02:23 . 2013-05-09 02:23	99800	----a-w-	c:\windows\system32\drivers\TeeDriverx64.sys
2013-05-09 02:23 . 2013-05-09 02:23	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2013-05-08 06:39 . 2013-06-13 05:55	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-07-28 1238016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S4 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 69426961
*Deregistered* - 69426961
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-16 16:26]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job
- c:\users\Marv\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-30 14:34]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job
- c:\users\Marv\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-30 14:34]
.
2013-07-01 c:\windows\Tasks\HPCeeScheduleForMARV-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-07-30 c:\windows\Tasks\HPCeeScheduleForMarv.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-24 1425408]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-10-20 8151040]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110311341134} - c:\program files (x86)\Plus-HD-2.4\Plus-HD-2.4-bho.dll
BHO-{DA3D98A6-868D-4E1B-BB78-0887230DA405} - c:\program files (x86)\LyricsContainer\125.dll
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-Lyrics@LyricsContainer.co - c:\program files (x86)\LyricsContainer\uninstall.exe
AddRemove-Plus-HD-2.4 - c:\program files (x86)\Plus-HD-2.4\Uninstall.exe
AddRemove-Windows Utils - c:\users\Marv\AppData\Roaming\Windows Net Data\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-30  21:29:15
ComboFix-quarantined-files.txt  2013-07-30 19:29
.
Vor Suchlauf: 13 Verzeichnis(se), 773.393.170.432 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 773.003.452.416 Bytes frei
.
- - End Of File - - 9282A77494D9D5CFDF3704D57C6B40A0
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

Alt 31.07.2013, 12:29   #8
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Hi,
es sind 2 Logs zu posten, poste diese möglichst gleichzeitig.
1.
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


2.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 18:59   #9
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.07.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Marv :: MARV-HP [Administrator]

Schutz: Aktiviert

31.07.2013 19:31:33
mbam-log-2013-07-31 (19-31-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218936
Laufzeit: 1 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marv\Downloads\Setup.exe (PUP.Optional.Solimba) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)










Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.07.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Marv :: MARV-HP [Administrator]

Schutz: Aktiviert

31.07.2013 19:31:05
mbam-log-2013-07-31 (19-31-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 0
Laufzeit: 2 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)





Adobe AIR Adobe Systems Incorporated 31.12.2011 2.6.0.19120 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2013 6,00 MB 11.7.700.224 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00 MB 11.7.700.224 notwendig
Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 19.06.2013 133 MB 11.0.03 notwendig
Alan Wake Remedy Entertainment 17.07.2013 notwendig
Alcor Micro USB Card Reader Driver Alcor Micro Corp. 30.07.2013 3.1.45.72435 notwendig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 30.07.2013 26,3 MB 8.0.911.0 notwendig
Apple Application Support Apple Inc. 17.04.2013 62,7 MB 2.3.3 notwendig
Apple Mobile Device Support Apple Inc. 17.04.2013 25,2 MB 6.1.0.13 notwendig
Apple Software Update Apple Inc. 17.04.2013 2,38 MB 2.1.3.127 notwendig
Borderlands 2 Gearbox Software 25.05.2013 notwendig
Call of Duty: Black Ops II 27.04.2013
Call of Duty: Black Ops II - Multiplayer 27.04.2013 notwendig
Call of Duty: Black Ops II - Zombies 27.04.2013 notwendig
CanoScan Toolbox Ver4.9 10.04.2013 notwendig
Castle Crashers The Behemoth 16.07.2013 notwendig
CCleaner Piriform 22.07.2013 4.04 notwendig
Counter-Strike: Global Offensive Valve 18.05.2013 notwendig
Counter-Strike: Source Valve 22.06.2013 notwendig
CPUID CPU-Z 1.64.0 22.06.2013 3,26 MB notwendig
Desura Desura 04.06.2013 100.53 notwendig
Desura: Paranautical Activity CodeAvarice 26.06.2013 252 MB Beta notwendig
Diablo III Blizzard Entertainment 24.06.2013 1.0.8.16603 notwendig
Dota 2 Valve 29.06.2013 notwendig
Dwarfs F2P Power of 2 16.07.2013 notwendig
FoxyDeal R&E Media GmbH 29.07.2013 813 KB 1.1.0 unbekannt
Fraps (remove only) 22.06.2013 unnötig
Free Driver Scout Covus Freemium 29.07.2013 10,8 MB 1.0.0.101 notwendig
Free YouTube to MP3 Converter version 3.12.1.320 DVDVideoSoft Ltd. 17.04.2013 76,1 MB 3.12.1.320 notwendig
Google Chrome Google Inc. 30.03.2013 28.0.1500.72 notwendig
HD Tune 2.55 EFD Software 31.07.2013 notwendig
HP Odometer Hewlett-Packard 31.12.2011 48,0 KB 2.10.0000 notwendig
HP Setup Hewlett-Packard Company 31.12.2011 118 MB 8.7.4747.3786 notwendig
HP Setup Manager Hewlett-Packard Company 31.12.2011 8,32 MB 1.1.13880.3792 notwendig
HP SimplePass PE 2011 Hewlett-Packard 31.12.2011 65,4 MB 5.3.0.194 notwendig
HP Support Assistant Hewlett-Packard Company 16.04.2013 91,7 MB 7.0.39.15 notwendig
HP Support Information Hewlett-Packard 31.12.2011 156 KB 10.1.1000 notwendig
HP Update Hewlett-Packard 31.12.2011 2,97 MB 5.002.003.003 notwendig
HP Vision Hardware Diagnostics Hewlett-Packard 31.12.2011 11,7 MB 2.9.0.0 notwendig
IDT Audio IDT 31.12.2011 1.0.6346.0 notwendig
Intel(R) Identity Protection Technology 1.1.2.0 Intel Corporation 31.12.2011 1,13 MB 1.1.2.0 notwendig
Intel(R) Management Engine Components Intel Corporation 30.07.2013 9.5.3.1520 notwendig
Intel® Watchdog Timer Driver (Intel® WDT) Intel Corporation 30.07.2013 5,03 MB notwendig
iTunes Apple Inc. 22.04.2013 187 MB 11.0.2.26 notwendig
Java 7 Update 25 Oracle 23.06.2013 129 MB 7.0.250 notwendig
Killing Floor Tripwire Interactive 03.06.2013 notwendig
LabelPrint CyberLink Corp. 31.12.2011 229 MB 2.5.3925 notwendig
Logitech Gaming Software 8.40 Logitech Inc. 30.03.2013 89,7 MB 8.40.83 notwendig
LyricsContainer RYD Software 28.07.2013 unnötig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 31.07.2013 19,2 MB 1.75.0.1300 notwendig
Medal of Honor™ Warfighter Electronic Arts 30.07.2013 16,7 GB 1.0.0.3 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8 MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9 MB 4.0.30319 notwendig
Microsoft Mathematics Microsoft Corporation 30.03.2013 18,1 MB 4.0 notwendig
Microsoft Office 2010 Microsoft Corporation 31.12.2011 6,40 MB 14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 30.03.2013 14.0.4763.1000 notwendig
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 30.03.2013 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 10.07.2013 100 MB 5.1.20513.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 31.12.2011 1,69 MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 31.03.2013 300 KB 8.0.59193 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 31.12.2011 620 KB 8.0.61000 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 11.02.2011 788 KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 31.12.2011 784 KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 31.03.2013 788 KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.02.2011 596 KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 31.12.2011 592 KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31.03.2013 600 KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 30.07.2013 13,8 MB 10.0.40219 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.07.2013 15,0 MB 10.0.40219 notwendig
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 16.07.2013 7,48 MB 3.1.10527.0 notwendig
Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 08.05.2013 8,03 MB 4.0.20823.0 notwendig
Nexon Game Manager 29.05.2013 unnötig
Norton 360 Symantec Corporation 30.07.2013 20.4.0.40 notwendig
Norton PC Checkup Symantec Corporation 31.07.2013 51,4 MB 3.0.5.71.0 notwendig
Orcs Must Die! 2 Robot Entertainment 29.07.2013 notwendig
Origin Electronic Arts, Inc. 04.07.2013 9.2.1.4399 notwendig
Pando Media Booster Pando Networks Inc. 22.06.2013 5,46 MB 2.6.0.9 unnötig
PDF Complete Special Edition PDF Complete, Inc 31.03.2013 4.0.54 notwendig
PlanetSide 2 Sony Online Entertainment 03.07.2013 notwendig
PlayReady PC Runtime amd64 Microsoft Corporation 31.12.2011 2,05 MB 1.3.0 notwendig
Plus-HD-2.4 Plus HD 29.07.2013 1.27.153.10 notwendig
Power2Go CyberLink Corp. 31.12.2011 175 MB 6.1.5331 notwendig
PunkBuster Services Even Balance, Inc. 30.07.2013 0.993 notwendig
Serious Sam 3: BFE Croteam 17.07.2013 notwendig
SIW 2013 Home Edition Topala Software Solutions 29.07.2013 6,39 MB 2013.05.14 notwendig
Skype™ 6.3 Skype Technologies S.A. 05.06.2013 21,0 MB 6.3.107 notwendig
Steam Valve Corporation 30.03.2013 35,4 MB 1.0.0.0 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 08.04.2013 3.0.10.1 notwendig
Terraria 08.05.2013 notwendig
The Binding of Isaac Edmund McMillen and Florian Himsl 28.07.2013 notwendig
USB Multi-Channel Audio Device 24.05.2013 notwendig
VIP Access SDK (1.0.1.4) Symantec Inc. 31.03.2013 1.0.1.4 unbekannt
VLC media player 2.0.7 VideoLAN 16.07.2013 2.0.7 notwendig
Windows Live Essentials Microsoft Corporation 31.12.2011 15.4.3508.1109 notwendig
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 31.12.2011 5,57 MB 15.4.5722.2 notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 31.12.2011 5,57 MB 15.4.5722.2 notwendig
Windows Utils 29.07.2013 unbekannt
WinRAR 4.20 (64-Bit) win.rar GmbH 09.04.2013 4.20.0 notwendig
Zinio Reader 4 Zinio LLC 31.12.2011 4.2.4164 notwendig

Alt 31.07.2013, 19:06   #10
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Hi,
wenn du Programme instalierst:
- informiere dich via Google Suche, Plus-HD: weg damit ist adware.
z.B. ist Adware, hättest du auch als Info bei uns gefunden.
- lies die Lizenzverträge bzw AGBS
- instaliere Programme bzw Updates immer Nutzerdefiniert, wähle toolbars etc ab.


es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig.
Stoppe bei Problemen, poste diese.
1.
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
FoxyDeal
LyricsContainer
Plus-HD: weg damit ist adware.
Öffne CCleaner, analysieren, starten, PC neustarten.
2.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

neustarten.
3.
HitmanPro - Download - Filepony
Hitmanpro laden, doppelklicken, Scan klicken.
Nichts löschen.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 19:44   #11
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 31/07/2013 um 20:26:12 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Marv - MARV-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marv\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Gelöscht mit Neustart : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files\Covus Freemium
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
Ordner Gelöscht : C:\Users\Marv\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Marv\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Marv\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.4
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033434.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033434.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0033434.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341134}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Plus-HD-2.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311341134}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322342234}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355345534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366346634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341134}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\ub8y3vr2.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5339 octets] - [31/07/2013 20:26:12]

########## EOF - C:\AdwCleaner[S1].txt - [5399 octets] ##########
         
--- --- ---



Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : MARV-HP
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Marv-HP\Marv
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-31 20:38:24
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 55s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 211

   Objects scanned . . . : 1.286.091
   Files scanned . . . . : 38.352
   Remnants scanned  . . : 365.199 files / 882.540 keys

Suspicious files ____________________________________________________________

   C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wc002316.dll
      Size . . . . . . . : 951.565 bytes
      Age  . . . . . . . : 1.2 days (2013-07-30 15:23:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 28FDCBC64DEB82D8A64A4770F2B616CE5E95B4751BBE6FA459DD2B64A12298CF
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file appears to be part of an installation package or setup program. This is typical for most programs.
      Forensic Cluster
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.dll
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbag.dll
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wc002316.htm
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbns_c.dat
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wa001388.htm
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wc002316.dll
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wa001388.dll
          2.3s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
          2.3s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
          2.5s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
          2.5s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6

   C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.dll
      Size . . . . . . . : 951.565 bytes
      Age  . . . . . . . : 1.2 days (2013-07-30 15:23:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 28FDCBC64DEB82D8A64A4770F2B616CE5E95B4751BBE6FA459DD2B64A12298CF
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file appears to be part of an installation package or setup program. This is typical for most programs.
      Forensic Cluster
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.dll
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbag.dll
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wc002316.htm
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbns_c.dat
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\htm\wa001388.htm
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wc002316.dll
          0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\dll\wa001388.dll
          2.4s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
          2.4s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_DB4BFB76C5B90F73150068C0B961EF10
          2.6s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
          2.6s C:\Users\Marv\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6

   C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 104.9 days (2013-04-17 22:56:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 104.9 days (2013-04-17 22:56:30)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll
      Size . . . . . . . : 947.283 bytes
      Age  . . . . . . . : 104.9 days (2013-04-17 22:41:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Marv\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.648 bytes
      Age  . . . . . . . : 104.9 days (2013-04-17 22:42:30)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 164A5F0B9153B75F8955C44BFAE12B594B8D53922AE090132695FF2DAD191C8A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\AppData\Local\PunkBuster\TWZ\pb\pbcl.dll
      Size . . . . . . . : 964.936 bytes
      Age  . . . . . . . : 55.5 days (2013-06-06 07:41:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4B79C9E2ED01AF93CE240F235DB266B9276F6EEB9497D341B2CC04B7B640B3AE
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\AppData\Local\PunkBuster\TWZ\pb\PnkBstrK.sys
      Size . . . . . . . : 139.528 bytes
      Age  . . . . . . . : 55.5 days (2013-06-06 07:41:46)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : C2657515354653B5A7C17F3F9CA4B5F97B9442C976F5A9FC9A5FDB8A7392138E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\wc002324.dll
      Size . . . . . . . : 966.584 bytes
      Age  . . . . . . . : 1.1 days (2013-07-30 19:21:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : F31CCD85C6A207C7650223676ED7FEDD1CB30F77D23B813F3C349FBD35879E51
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\htm\wc002324.htm
          0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\wc002324.dll

   C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbcl.dll
      Size . . . . . . . : 966.584 bytes
      Age  . . . . . . . : 0.4 days (2013-07-31 11:10:36)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : F31CCD85C6A207C7650223676ED7FEDD1CB30F77D23B813F3C349FBD35879E51
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbclold.dll
      Size . . . . . . . : 966.584 bytes
      Age  . . . . . . . : 1.1 days (2013-07-30 19:12:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : F31CCD85C6A207C7650223676ED7FEDD1CB30F77D23B813F3C349FBD35879E51
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -3.9s C:\Users\Marv\Documents\MOHW\
         -3.7s C:\Users\Marv\Documents\MOHW\Screenshots\
         -0.0s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.db
         -0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\
         -0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\
         -0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbcl.db
          0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbclold.dll
          0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbag.dll
          0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\scrnshot\
          0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\
          0.1s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\htm\
          0.3s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrB.exe
         10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys

   C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys
      Size . . . . . . . : 140.768 bytes
      Age  . . . . . . . : 1.1 days (2013-07-30 19:12:39)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 2851FAC9951AF256AEBFF91C734A747F9A0C91BE24BEDD982FE46EC43713BF4C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -14.7s C:\Users\Marv\Documents\MOHW\
         -14.5s C:\Users\Marv\Documents\MOHW\Screenshots\
         -10.7s C:\Program Files (x86)\Origin Games\Medal of Honor Warfighter\pb\pbcl.db
         -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\
         -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\
         -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbcl.db
         -10.7s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbclold.dll
         -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\pbag.dll
         -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\scrnshot\
         -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\dll\
         -10.6s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\htm\
         -10.5s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrB.exe
          0.0s C:\Users\Marv\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys

   C:\Users\Marv\Documents\The War Z\pb\dll\wc002316.dll
      Size . . . . . . . : 964.936 bytes
      Age  . . . . . . . : 55.5 days (2013-06-06 07:40:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4B79C9E2ED01AF93CE240F235DB266B9276F6EEB9497D341B2CC04B7B640B3AE
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Marv\Documents\The War Z\pb\pbcl.dll
      Size . . . . . . . : 964.936 bytes
      Age  . . . . . . . : 55.5 days (2013-06-06 07:40:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4B79C9E2ED01AF93CE240F235DB266B9276F6EEB9497D341B2CC04B7B640B3AE
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.


Cookies _____________________________________________________________________

   C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\0TGBW48L.txt
   C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\1DN6DDSZ.txt
   C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\H7QDCHAK.txt
   C:\Users\Marv\AppData\Roaming\Microsoft\Windows\Cookies\U4SFAMZ6.txt
         

Alt 31.07.2013, 20:58   #12
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Hi,
1. alle Browser schließen, Hitmanpro Kookies löschen lassen.
2. neues OTL Log, nach Neustart
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 21:28   #13
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



Wie meinen sie das mit Hitmanpro Kookies löschen ??

Alt 31.07.2013, 21:39   #14
markusg
/// Malware-holic
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



die Funde in dieser kategorie löschen. wenn du das nicht findest, lass es weg.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2013, 21:58   #15
Lovas45
 
Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Standard

Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/31/2013 10:48:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marv\Desktop\Viren Vernichtungstrakt\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11.98 Gb Total Physical Memory | 10.03 Gb Available Physical Memory | 83.75% Memory free
23.96 Gb Paging File | 21.82 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.54 Gb Total Space | 721.74 Gb Free Space | 78.58% Space Free | Partition Type: NTFS
Drive D: | 12.87 Gb Total Space | 1.58 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
 
Computer Name: MARV-HP | User Name: Marv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/30 18:53:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\Viren Vernichtungstrakt\OTL\OTL.exe
PRC - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/07/28 15:04:59 | 001,238,016 | ---- | M] (Easybits) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
PRC - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/06/09 15:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 15:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/04/24 20:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 12:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/30 15:23:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/07/27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/12 18:26:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/04 15:05:06 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2013/05/21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/11 16:16:26 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/30 22:16:34 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/21 03:09:46 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/05/23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/17 17:27:56 | 000,040,696 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013/05/16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/09 04:23:38 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/05/07 16:41:48 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/04/25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/24 12:31:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/10 11:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/29 15:53:30 | 000,027,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2012/04/24 20:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/31 11:01:02 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/31 10:39:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/31 10:39:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/21 01:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 01:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/04/27 19:43:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2009/11/24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/20 11:03:16 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/07/30 12:13:19 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130730.032\ex64.sys -- (NAVEX15)
DRV - [2013/07/30 12:13:19 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/07/30 12:13:19 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/30 12:13:19 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130730.032\eng64.sys -- (NAVENG)
DRV - [2013/07/27 05:08:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130730.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/07/15 22:58:54 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Fixhomepage
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
IE - HKCU\..\SearchScopes\{647C71E8-2833-4F2B-B94B-E43215126C85}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marv\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/07/31 22:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/07/30 21:47:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\125.xpi
 
[2013/04/16 19:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions
[2013/07/31 20:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions
[2013/07/29 21:51:25 | 000,000,000 | ---D | M] ("Plus-HD-2.4") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com
[2013/07/29 21:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\ub8y3vr2.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com\chrome\content\extensionCode
[2013/06/22 10:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/17 14:14:37 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marv\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marv\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Battlefield Heroes = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: Google-Suche = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Marv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/30 21:28:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001B9B5E-958A-4C68-A5E8-F264E017B527}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ACF081F-C756-495C-B1C9-4F590E714AB7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/31 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Viren Vernichtungstrakt
[2013/07/31 20:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/07/31 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013/07/31 19:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/31 19:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/31 19:29:09 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Malwarebytes
[2013/07/31 19:28:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/31 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/31 19:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/31 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/31 14:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup 3.0
[2013/07/31 14:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0
[2013/07/31 12:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2013/07/31 12:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013/07/31 11:55:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/31 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\PCCUStubInstaller
[2013/07/30 22:15:42 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys
[2013/07/30 22:15:42 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys
[2013/07/30 22:15:42 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys
[2013/07/30 22:15:42 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys
[2013/07/30 22:15:42 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys
[2013/07/30 22:15:42 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys
[2013/07/30 22:15:42 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys
[2013/07/30 22:15:42 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys
[2013/07/30 22:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1404000.028
[2013/07/30 21:46:53 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/30 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/07/30 21:45:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/07/30 21:45:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/07/30 21:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/07/30 21:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/07/30 21:31:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/30 21:23:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/30 21:23:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/30 21:23:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/30 21:15:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/30 21:15:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/30 21:09:15 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\01910157.sys
[2013/07/30 20:49:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/30 19:12:25 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\MOHW
[2013/07/30 15:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medal of Honor™ Warfighter
[2013/07/30 15:24:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/07/30 00:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/07/30 00:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/07/30 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/07/30 00:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/07/30 00:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/30 00:38:04 | 000,033,008 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys
[2013/07/30 00:34:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\WinBatch
[2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2013/07/30 00:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmUStor
[2013/07/30 00:31:14 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/07/30 00:31:06 | 000,000,000 | ---D | C] -- C:\Intel
[2013/07/30 00:31:01 | 000,000,000 | ---D | C] -- C:\temp
[2013/07/29 21:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2013/07/29 21:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW 2013 Home Edition
[2013/07/29 21:53:18 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Programs
[2013/07/29 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Freemium Driver Utilities
[2013/07/29 21:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDriverScout
[2013/07/29 21:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013/07/29 21:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/07/29 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Robot Entertainment
[2013/07/28 15:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits Magic Desktop for HP
[2013/07/17 23:06:47 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\Remedy
[2013/07/16 20:14:22 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Dwarfs
[2013/07/16 19:42:17 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\vlc
[2013/07/16 19:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/15 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2013/07/15 20:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/07/04 15:28:26 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Origin
[2013/07/04 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Origin
[2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/07/04 15:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/07/04 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/07/04 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\SCE
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/31 22:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/31 22:45:54 | 1058,258,942 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/31 22:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/31 21:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000UA.job
[2013/07/31 21:18:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMARV-HP$.job
[2013/07/31 21:01:29 | 000,002,366 | ---- | M] () -- C:\Users\Marv\Desktop\Google Chrome.lnk
[2013/07/31 20:36:30 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 20:36:30 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 20:26:55 | 000,000,100 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/31 14:21:23 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
[2013/07/31 12:03:08 | 000,000,892 | ---- | M] () -- C:\Users\Marv\Desktop\HD Tune.lnk
[2013/07/31 11:59:08 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1452787171-1215630587-1040080072-1000Core.job
[2013/07/31 11:10:40 | 000,291,328 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/07/31 11:10:40 | 000,291,328 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/07/31 11:09:38 | 000,280,600 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/07/31 10:30:19 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/07/31 10:29:41 | 001,819,324 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/30 22:16:35 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/30 22:16:34 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/30 22:16:34 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/30 21:28:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/30 21:09:15 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\01910157.sys
[2013/07/30 20:51:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarv.job
[2013/07/30 15:24:20 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk
[2013/07/30 15:23:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/07/30 00:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013/07/30 00:43:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2013/07/30 00:39:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/29 21:53:34 | 000,001,033 | ---- | M] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk
[2013/07/29 21:50:24 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk
[2013/07/29 12:27:07 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url
[2013/07/17 14:33:02 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Alan Wake.url
[2013/07/17 14:32:21 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Terraria.url
[2013/07/17 14:32:18 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url
[2013/07/17 14:32:14 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\PlanetSide 2.url
[2013/07/17 14:32:11 | 000,000,220 | ---- | M] () -- C:\Users\Marv\Desktop\Killing Floor.url
[2013/07/17 14:32:06 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url
[2013/07/17 14:32:03 | 000,000,219 | ---- | M] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url
[2013/07/17 14:32:00 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Castle Crashers.url
[2013/07/17 14:31:57 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url
[2013/07/17 14:31:53 | 000,000,222 | ---- | M] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2013/07/17 14:31:49 | 000,000,221 | ---- | M] () -- C:\Users\Marv\Desktop\Borderlands 2.url
[2013/07/17 10:36:07 | 000,510,899 | ---- | M] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe
[2013/07/11 19:39:26 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 19:39:26 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/11 19:39:26 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 19:39:26 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/11 19:39:26 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/10 17:51:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 08:18:26 | 000,001,100 | ---- | M] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk
[2013/07/09 22:01:16 | 000,000,462 | ---- | M] () -- C:\Users\Marv\Desktop\HouseTime.asx
[2013/07/09 22:00:25 | 000,000,470 | ---- | M] () -- C:\Users\Marv\Desktop\TechnoBase.asx
[2013/07/08 17:50:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/07/04 15:24:08 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/07/02 03:03:16 | 001,590,994 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2013/07/31 20:26:33 | 000,000,100 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/31 14:21:23 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
[2013/07/31 12:06:20 | 000,024,576 | ---- | C] () -- C:\Users\Marv\Desktop\memtest.exe
[2013/07/31 12:03:07 | 000,000,892 | ---- | C] () -- C:\Users\Marv\Desktop\HD Tune.lnk
[2013/07/31 10:29:22 | 001,819,324 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/07/30 22:17:20 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013/07/30 22:15:42 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat
[2013/07/30 22:15:42 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat
[2013/07/30 22:15:42 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat
[2013/07/30 22:15:42 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat
[2013/07/30 22:15:42 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat
[2013/07/30 22:15:42 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat
[2013/07/30 22:15:42 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf
[2013/07/30 22:15:42 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf
[2013/07/30 22:15:42 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf
[2013/07/30 22:15:42 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf
[2013/07/30 22:15:42 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf
[2013/07/30 22:15:42 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf
[2013/07/30 22:15:42 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf
[2013/07/30 22:15:42 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf
[2013/07/30 22:15:36 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat
[2013/07/30 22:15:36 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat
[2013/07/30 22:15:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013/07/30 21:46:53 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/30 21:46:53 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/07/30 21:46:46 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/07/30 21:23:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/30 21:23:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/30 21:23:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/30 21:23:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/30 21:23:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/30 15:24:19 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor™ Warfighter.lnk
[2013/07/30 00:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013/07/30 00:43:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2013/07/30 00:39:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013/07/29 21:53:34 | 000,001,033 | ---- | C] () -- C:\Users\Marv\Desktop\SIW Home Edition.lnk
[2013/07/29 21:50:23 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\Free Driver Scout.lnk
[2013/07/29 12:27:07 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Orcs Must Die! 2.url
[2013/07/17 14:33:02 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Alan Wake.url
[2013/07/17 14:32:21 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Terraria.url
[2013/07/17 14:32:18 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Serious Sam 3 BFE.url
[2013/07/17 14:32:14 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\PlanetSide 2.url
[2013/07/17 14:32:11 | 000,000,220 | ---- | C] () -- C:\Users\Marv\Desktop\Killing Floor.url
[2013/07/17 14:32:06 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Source.url
[2013/07/17 14:32:03 | 000,000,219 | ---- | C] () -- C:\Users\Marv\Desktop\Counter-Strike Global Offensive.url
[2013/07/17 14:32:00 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Castle Crashers.url
[2013/07/17 14:31:57 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Zombies.url
[2013/07/17 14:31:53 | 000,000,222 | ---- | C] () -- C:\Users\Marv\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2013/07/17 14:31:49 | 000,000,221 | ---- | C] () -- C:\Users\Marv\Desktop\Borderlands 2.url
[2013/07/17 10:36:17 | 000,510,899 | ---- | C] () -- C:\Users\Marv\Desktop\FTB_Launcher.exe
[2013/07/15 20:50:09 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/07/10 08:18:26 | 000,001,100 | ---- | C] () -- C:\Users\Marv\Desktop\lol.launcher - Verknüpfung.lnk
[2013/07/09 22:01:21 | 000,000,462 | ---- | C] () -- C:\Users\Marv\Desktop\HouseTime.asx
[2013/07/09 22:00:31 | 000,000,470 | ---- | C] () -- C:\Users\Marv\Desktop\TechnoBase.asx
[2013/07/04 15:24:08 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/05/24 21:12:26 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013/05/24 21:12:26 | 000,000,232 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013/05/24 21:12:14 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013/05/24 21:12:14 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2013/05/24 21:12:14 | 000,000,112 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2013/04/17 22:30:55 | 000,291,328 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/17 22:30:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/03/30 17:58:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/30 16:13:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/03/29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/12/19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/31 11:01:55 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/12/31 10:52:59 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/17 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.minecraft
[2013/04/23 19:30:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\.technic
[2013/04/04 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Curse Advertising
[2013/04/17 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoft
[2013/07/16 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Dwarfs
[2013/05/13 20:23:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ftblauncher
[2013/03/30 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Leadertech
[2013/04/12 21:25:47 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\LolClient
[2013/07/30 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Origin
[2013/07/31 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\PCCUStubInstaller
[2013/06/22 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\SoftGrid Client
[2013/04/26 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Teeworlds
[2013/03/30 16:32:57 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TP
[2013/07/31 20:01:10 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TS3Client
[2013/07/30 00:34:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---











Ich hoffe das war richtig

Antwort

Themen zu Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )
ads, andere, anderen, facebook, google, grund, hilfe internet, inter, interne, internet, internetseite, internetseiten, leute, not, seite, seiten, this, web.de, website, weiterhelfen, werbung



Ähnliche Themen: Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )


  1. Internet lags die ganze Zeit nur auf meinem PC
    Log-Analyse und Auswertung - 11.12.2013 (1)
  2. Plötzlich komische Werbung auf Google Facebook usw. und unterstrichene Worte
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (5)
  3. Werbung im Internet (Facebook, Google, usw.)
    Log-Analyse und Auswertung - 27.06.2013 (6)
  4. Werbung auf Google, Youtube, Facebook, etc.
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (14)
  5. Trojaner typ schickt mir ganze Zeit PW nachrichten !
    Log-Analyse und Auswertung - 29.10.2012 (1)
  6. Lüfter läuft die ganze Zeit/ Schwankende CPU Leistung/Internet spinnt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (36)
  7. PC startet nur die ganze Zeit neu - Blackscreen
    Netzwerk und Hardware - 25.04.2011 (9)
  8. IE öffnet sich die ganze zeit von selbst :(
    Log-Analyse und Auswertung - 21.12.2010 (1)
  9. Werbung taucht die ganze Zeit beim Internet Explorer auf und Installationsprogramm!
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (1)
  10. Die ganze Zeit Leerzeichen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (1)
  11. winlogon.exe öffnet sich die ganze Zeit
    Plagegeister aller Art und deren Bekämpfung - 15.07.2008 (10)
  12. Es kommt die ganze zeit fehler Meldungen!!!
    Mülltonne - 21.03.2008 (1)
  13. PC sendet und empfängt die ganze Zeit Packete !?
    Überwachung, Datenschutz und Spam - 21.06.2007 (4)
  14. PC sendet und empfängt die ganze Zeit Packete !?
    Log-Analyse und Auswertung - 20.06.2007 (1)
  15. internet explorer läuft die ganze zeit
    Plagegeister aller Art und deren Bekämpfung - 27.06.2006 (6)
  16. Modem läuft die ganze Zeit!
    Plagegeister aller Art und deren Bekämpfung - 23.08.2005 (1)
  17. Die ganze Zeit erscheint der Windows Installer
    Alles rund um Windows - 03.05.2005 (3)

Zum Thema Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) - Hallo Leute, aus irgendeinem Grund werde ich dauern bei Facebook und anderen Internetseiten mit Werbung zugespamt wo unten dran steh ! ads not from this website ! kann mir da - Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw )...
Archiv
Du betrachtest: Ich habe die Ganze Zeit Werbung im Internet (facebook,google,web.de usw ) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.