| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.08.2013, 13:22
| #1 |
| |  Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Hallo zusammen. Seit meinem letzten Download war im Internet Explorer plötzlich QV06 als Hauptseite eingestellt. Ich habe alle Addons gelöscht und Google als Hauptseite eingespeichert, aber es ist immer noch alles voll mit Werbung und der IE ist auch sehr langsam. Ich habe mich bereits auf eigene Faust im Internet schlau gemacht und den adscleaner und DDS installiert aber bin damit auch nicht sehr viel weiter gekommen. Die logs dazu sind auch unten dabei. Ich hoffe ihr könnt mir dabei weiter helfen. Liebe Grüße Atrom defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:08 on 03/08/2013 (Mark)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Mark (administrator) on 03-08-2013 12:11:55
Running from C:\Users\Mark\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Micro-Star Int'l Co., Ltd.) c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(PC-Doctor, Inc.) C:\Program Files\AlienAutopsy\uaclauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2011-12-15] (Alienware)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [241984 2011-10-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203072 2011-10-20] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (DealPly Shopping) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx
==================== Services (Whitelisted) =================
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [891456 2013-08-02] (Wsys Co., Ltd.)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc [x]
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc [x]
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130801.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130801.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130801.034\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130801.034\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130801.034\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130801.034\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-03 12:10 - 2013-08-03 12:10 - 01781485 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-08-03 12:08 - 2013-08-03 12:08 - 00000470 _____ C:\Users\Mark\Downloads\defogger_disable.log
2013-08-03 12:08 - 2013-08-03 12:08 - 00000000 _____ C:\Users\Mark\defogger_reenable
2013-08-03 12:06 - 2013-08-03 12:06 - 00050477 _____ C:\Users\Mark\Downloads\Defogger.exe
2013-08-02 21:07 - 2013-08-02 21:07 - 00000854 _____ C:\AdwCleaner[S2].txt
2013-08-02 21:04 - 2013-08-02 21:10 - 00014519 _____ C:\Users\Mark\Desktop\dds.txt
2013-08-02 21:04 - 2013-08-02 21:10 - 00004667 _____ C:\Users\Mark\Desktop\attach.txt
2013-08-02 21:02 - 2013-08-02 21:02 - 00700783 ____R (Swearware) C:\Users\Mark\Downloads\dds+.exe
2013-08-02 21:01 - 2013-08-02 21:01 - 00655200 _____ C:\Users\Mark\Downloads\setup.exe
2013-08-02 20:56 - 2013-08-02 20:56 - 00010347 _____ C:\AdwCleaner[S1].txt
2013-08-02 20:55 - 2013-08-02 20:55 - 00666633 _____ C:\Users\Mark\Downloads\adwcleaner06.exe
2013-08-02 18:18 - 2013-08-03 12:00 - 00000000 ____D C:\ProgramData\eSafe
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\ServerJarStorage
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-schematics
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-0.1.6.win32
2013-08-02 18:17 - 2013-08-03 11:59 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-02 18:17 - 2013-08-02 21:22 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-02 18:17 - 2013-08-02 18:17 - 00003898 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-08-02 18:17 - 2013-08-02 18:17 - 00003646 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-08-02 18:17 - 2013-08-02 18:17 - 00003364 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-08-02 18:16 - 2013-08-03 12:00 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-02 18:16 - 2013-08-02 18:17 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-02 18:16 - 2013-08-02 18:16 - 00003032 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-02 18:16 - 2013-08-02 18:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-07-29 21:01 - 2013-07-29 21:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trine2
2013-07-29 20:59 - 2013-07-29 20:59 - 00000222 _____ C:\Users\Mark\Desktop\F1 2012.url
2013-07-29 20:49 - 2013-06-24 00:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-24 17:27 - 2013-07-24 17:27 - 00000221 _____ C:\Users\Mark\Desktop\Trine 2.url
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\Users\Mark\Documents\My Games
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\ProgramData\Codemasters
2013-07-24 07:02 - 2013-07-24 07:02 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000222 _____ C:\Users\Mark\Desktop\Assassin's Creed Revelations.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Global Offensive.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Saints Row The Third.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Assassin's Creed II.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Source.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero.url
2013-07-24 06:58 - 2013-07-24 06:58 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike.url
2013-07-22 17:59 - 2013-07-22 17:59 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2.url
2013-07-20 12:18 - 2013-07-20 12:18 - 01001338 _____ C:\Users\Mark\Desktop\SinglePlayerCommands-MC1.6.2_V5.0.zip
2013-07-17 18:55 - 2013-07-17 18:55 - 00000219 _____ C:\Users\Mark\Desktop\Team Fortress 2.url
2013-07-17 18:50 - 2013-07-17 18:50 - 00003120 _____ C:\Windows\System32\Tasks\{E81BC9DE-98DE-4E22-AB31-6DA0D5E69038}
2013-07-12 15:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 15:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 15:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 15:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 15:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 15:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 15:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 21:33 - 2013-07-11 21:33 - 00000000 ____D C:\4c53c8961b0478fb9962882ff0
2013-07-11 16:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 16:27 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:26 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 16:26 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 18:45 - 2013-07-10 18:45 - 13292297 _____ C:\Users\Mark\Desktop\ravands-converted-1373474728787.zip
2013-07-10 18:42 - 2013-07-10 18:43 - 52460484 _____ C:\Users\Mark\Desktop\ravands.zip
2013-07-10 15:18 - 2013-07-10 15:18 - 00065935 _____ C:\Users\Mark\Desktop\X-ray.rar
2013-07-10 15:17 - 2013-07-10 15:17 - 00066494 _____ C:\Users\Mark\Downloads\X-RayMod_v042.zip
2013-07-07 14:21 - 2013-07-07 14:21 - 53942177 _____ C:\Users\Mark\Desktop\Misa500-converted-1373199671883.zip
2013-07-07 14:15 - 2013-07-07 14:15 - 02570679 _____ C:\Users\Mark\Desktop\TextureEnder.jar
2013-07-07 14:09 - 2013-07-07 14:10 - 53886249 _____ C:\Users\Mark\Desktop\Misa500.zip
2013-07-07 14:06 - 2013-07-07 14:06 - 08625354 _____ C:\Users\Mark\Desktop\willpack3.zip
2013-07-07 13:57 - 2013-07-07 13:57 - 09628376 _____ C:\Users\Mark\Desktop\Romecraft GERMANIA 14.zip
2013-07-07 12:02 - 2013-07-07 12:02 - 00484992 _____ C:\Users\Mark\Desktop\Minecraft (1).exe
2013-07-04 20:51 - 2013-07-04 20:51 - 00000219 _____ C:\Users\Mark\Desktop\Dota 2.url
2013-07-04 19:03 - 2013-07-04 19:31 - 00000000 ____D C:\Users\Mark\Desktop\Neuer Ordner
2013-07-04 18:37 - 2013-07-04 18:37 - 00000000 ____D C:\Users\Mark\Documents\default
106
==================== One Month Modified Files and Folders =======
2013-08-03 12:11 - 2013-08-03 12:11 - 00000000 ____D C:\FRST
2013-08-03 12:10 - 2013-08-03 12:10 - 01781485 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-08-03 12:08 - 2013-08-03 12:08 - 00000470 _____ C:\Users\Mark\Downloads\defogger_disable.log
2013-08-03 12:08 - 2013-08-03 12:08 - 00000000 _____ C:\Users\Mark\defogger_reenable
2013-08-03 12:08 - 2012-08-11 12:57 - 00000000 ____D C:\Users\Mark
2013-08-03 12:06 - 2013-08-03 12:06 - 00050477 _____ C:\Users\Mark\Downloads\Defogger.exe
2013-08-03 12:04 - 2013-02-28 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-03 12:04 - 2010-11-21 08:50 - 03329076 _____ C:\Windows\system32\perfh007.dat
2013-08-03 12:04 - 2010-11-21 08:50 - 00965800 _____ C:\Windows\system32\perfc007.dat
2013-08-03 12:04 - 2009-07-14 07:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-03 12:04 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-03 12:04 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 12:00 - 2013-08-02 18:18 - 00000000 ____D C:\ProgramData\eSafe
2013-08-03 12:00 - 2013-08-02 18:16 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-03 12:00 - 2012-09-07 15:45 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-03 12:00 - 2012-01-23 22:25 - 01661826 _____ C:\Windows\WindowsUpdate.log
2013-08-03 11:59 - 2013-08-02 18:17 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-03 11:59 - 2012-08-13 20:59 - 00000000 ____D C:\Users\Mark\AppData\Local\LogMeIn Hamachi
2013-08-03 11:55 - 2012-01-23 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-03 11:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-03 11:55 - 2009-07-14 06:51 - 00075596 _____ C:\Windows\setupact.log
2013-08-02 21:22 - 2013-08-02 18:17 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-02 21:10 - 2013-08-02 21:04 - 00014519 _____ C:\Users\Mark\Desktop\dds.txt
2013-08-02 21:10 - 2013-08-02 21:04 - 00004667 _____ C:\Users\Mark\Desktop\attach.txt
2013-08-02 21:07 - 2013-08-02 21:07 - 00000854 _____ C:\AdwCleaner[S2].txt
2013-08-02 21:02 - 2013-08-02 21:02 - 00700783 ____R (Swearware) C:\Users\Mark\Downloads\dds+.exe
2013-08-02 21:01 - 2013-08-02 21:01 - 00655200 _____ C:\Users\Mark\Downloads\setup.exe
2013-08-02 20:59 - 2012-08-11 13:40 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-08-02 20:56 - 2013-08-02 20:56 - 00010347 _____ C:\AdwCleaner[S1].txt
2013-08-02 20:56 - 2013-06-06 16:18 - 00000995 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-02 20:55 - 2013-08-02 20:55 - 00666633 _____ C:\Users\Mark\Downloads\adwcleaner06.exe
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\ServerJarStorage
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-schematics
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-0.1.6.win32
2013-08-02 18:17 - 2013-08-02 18:17 - 00003898 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-08-02 18:17 - 2013-08-02 18:17 - 00003646 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-08-02 18:17 - 2013-08-02 18:17 - 00003364 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-08-02 18:17 - 2013-08-02 18:16 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-08-02 18:16 - 2013-08-02 18:16 - 00003032 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-02 18:16 - 2013-08-02 18:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-08-02 18:15 - 2013-02-18 15:09 - 00000000 ____D C:\Users\Mark\AppData\Roaming\.minecraft
2013-08-02 12:02 - 2013-05-22 13:59 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-29 21:01 - 2013-07-29 21:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trine2
2013-07-29 21:01 - 2012-09-06 17:11 - 00257772 _____ C:\Windows\DirectX.log
2013-07-29 20:59 - 2013-07-29 20:59 - 00000222 _____ C:\Users\Mark\Desktop\F1 2012.url
2013-07-29 20:59 - 2012-09-07 16:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-25 13:04 - 2013-01-28 10:04 - 00000000 ____D C:\Program Files\AlienAutopsy
2013-07-25 13:04 - 2012-09-10 17:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-25 12:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-24 17:27 - 2013-07-24 17:27 - 00000221 _____ C:\Users\Mark\Desktop\Trine 2.url
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\Users\Mark\Documents\My Games
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\ProgramData\Codemasters
2013-07-24 07:02 - 2013-07-24 07:02 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000222 _____ C:\Users\Mark\Desktop\Assassin's Creed Revelations.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Global Offensive.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Saints Row The Third.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Assassin's Creed II.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Source.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero.url
2013-07-24 06:58 - 2013-07-24 06:58 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike.url
2013-07-22 17:59 - 2013-07-22 17:59 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2.url
2013-07-20 12:18 - 2013-07-20 12:18 - 01001338 _____ C:\Users\Mark\Desktop\SinglePlayerCommands-MC1.6.2_V5.0.zip
2013-07-20 11:57 - 2012-12-27 12:05 - 00000000 ____D C:\Users\Mark\AppData\Roaming\TS3Client
2013-07-17 18:55 - 2013-07-17 18:55 - 00000219 _____ C:\Users\Mark\Desktop\Team Fortress 2.url
2013-07-17 18:50 - 2013-07-17 18:50 - 00003120 _____ C:\Windows\System32\Tasks\{E81BC9DE-98DE-4E22-AB31-6DA0D5E69038}
2013-07-15 16:32 - 2010-11-21 05:47 - 00041190 _____ C:\Windows\PFRO.log
2013-07-12 19:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:59 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:59 - 2009-07-14 06:45 - 00278856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 21:33 - 2013-07-11 21:33 - 00000000 ____D C:\4c53c8961b0478fb9962882ff0
2013-07-10 18:45 - 2013-07-10 18:45 - 13292297 _____ C:\Users\Mark\Desktop\ravands-converted-1373474728787.zip
2013-07-10 18:43 - 2013-07-10 18:42 - 52460484 _____ C:\Users\Mark\Desktop\ravands.zip
2013-07-10 15:18 - 2013-07-10 15:18 - 00065935 _____ C:\Users\Mark\Desktop\X-ray.rar
2013-07-10 15:17 - 2013-07-10 15:17 - 00066494 _____ C:\Users\Mark\Downloads\X-RayMod_v042.zip
2013-07-07 14:21 - 2013-07-07 14:21 - 53942177 _____ C:\Users\Mark\Desktop\Misa500-converted-1373199671883.zip
2013-07-07 14:15 - 2013-07-07 14:15 - 02570679 _____ C:\Users\Mark\Desktop\TextureEnder.jar
2013-07-07 14:10 - 2013-07-07 14:09 - 53886249 _____ C:\Users\Mark\Desktop\Misa500.zip
2013-07-07 14:06 - 2013-07-07 14:06 - 08625354 _____ C:\Users\Mark\Desktop\willpack3.zip
2013-07-07 13:57 - 2013-07-07 13:57 - 09628376 _____ C:\Users\Mark\Desktop\Romecraft GERMANIA 14.zip
2013-07-07 12:02 - 2013-07-07 12:02 - 00484992 _____ C:\Users\Mark\Desktop\Minecraft (1).exe
2013-07-05 14:34 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-04 20:51 - 2013-07-04 20:51 - 00000219 _____ C:\Users\Mark\Desktop\Dota 2.url
2013-07-04 19:31 - 2013-07-04 19:03 - 00000000 ____D C:\Users\Mark\Desktop\Neuer Ordner
2013-07-04 19:30 - 2012-10-13 15:59 - 00000000 ____D C:\Users\Mark\Desktop\New Worlde
2013-07-04 18:37 - 2013-07-04 18:37 - 00000000 ____D C:\Users\Mark\Documents\default
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 19:00
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-08-2013
Ran by Mark at 2013-08-03 12:12:31
Running from C:\Users\Mark\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (x32 Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X MUI (x32 Version: 10.0.0)
AlienAutopsy (Version: 3.3.6280.92)
Alienware Command Center (Version: 2.7.24.0)
Alienware Command Center (x32 Version: 2.7.24.0)
Alienware Product Registration (x32 Version: 1.1.3)
Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6)
Assassin's Creed II (x32)
Assassin's Creed Revelations (x32)
Burnout(TM) Paradise The Ultimate Box (x32 Version: 1.0.0.0)
Call of Duty: Modern Warfare 2 - Multiplayer (x32)
Call of Duty: Modern Warfare 2 (x32)
Counter-Strike (x32)
Counter-Strike: Condition Zero (x32)
Counter-Strike: Condition Zero Deleted Scenes (x32)
Counter-Strike: Global Offensive (x32)
Counter-Strike: Source (x32)
devolo dLAN Cockpit (x32 Version: 3.0.0.0)
Die Siedler II - Die nächste Generation (x32)
dLAN Cockpit (x32 Version: 3 (23.12.2010))
dLAN Cockpit (x32 Version: 3.23.12)
Dota 2 (x32)
F1 2012 (x32)
Fallen Earth (x32)
Google Update Helper (x32 Version: 1.3.23.0)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2462)
Java Auto Updater (x32 Version: 2.1.5.1)
Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10)
Java(TM) 7 Update 1 (x32 Version: 7.0.10)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
LyricXeeker (x32)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
MSI ODD Monitor (x32 Version: 1.0.0.5)
Norton Internet Security (x32 Version: 20.4.0.40)
Notepad++ (x32 Version: 6.2.3)
NVIDIA 3D Vision Treiber 285.66 (Version: 285.66)
NVIDIA Grafiktreiber 285.66 (Version: 285.66)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA Optimus 1.5.20 (Version: 1.5.20)
NVIDIA PhysX (x32 Version: 9.11.0621)
NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8566)
NVIDIA Systemsteuerung 285.66 (Version: 285.66)
NVIDIA Update Components (Version: 1.5.20)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6494)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Saints Row: The Third (x32)
Skype™ 6.3 (x32 Version: 6.3.107)
Steam (x32 Version: 1.0.0.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client (x32 Version: 3.0.10)
Trine 2 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
World of Tanks - Common Test (x32)
World of Tanks (x32)
World of Warplanes (x32)
Worms Reloaded (x32)
Worms Revolution (x32)
Wsys Control 1.0.0.2598 (x32 Version: 1.0.0.2598)
==================== Restore Points =========================
31-07-2013 16:22:52 Geplanter Prüfpunkt
31-07-2013 17:36:56 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00EF4951-846C-4BAA-9398-D27419A4EBBE} - System32\Tasks\{3B9F6EE3-E25B-4C87-B960-9F01F39700D0} => C:\Program Files (x86)\Kalypso\Imperium Romanum\Imperium Romanum.exe No File
Task: {086D10AC-19DF-45F7-A89D-9F99850788F8} - System32\Tasks\{DAD20D5E-A892-489B-A5B7-B83851C287AC} => C:\Program Files\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {1C0A428F-1EC7-4E4C-BBE3-1F575E039245} - System32\Tasks\{5F3581CE-77AD-4D7D-AE3D-4E1542AA62F7} => C:\Program Files (x86)\Kalypso\Imperium Romanum\Imperium Romanum.exe No File
Task: {30B42719-BEBB-4429-BE0C-9FE321AFB78E} - System32\Tasks\{3200920A-54D8-4143-9A2D-531CB4F645F3} => C:\Program Files (x86)\Kalypso\Imperium Romanum\Imperium Romanum.exe No File
Task: {40A7469B-D3C7-4E7B-9624-8AEF5A369340} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {54BF3442-FB0A-4A84-BBCA-4A5A700A4F8C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {5AB69C48-81D7-4916-BBEF-3809ABDBD412} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe No File
Task: {76FC7E37-4E7D-4009-BF43-07C20D3163EB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-07-18] (PC-Doctor, Inc.)
Task: {7B97DBAA-7AFB-4A4B-B1B9-DDBFCE72189A} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe No File
Task: {86D8F676-201A-488C-8128-97F71ADECA42} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {931FA6B9-E821-429B-AEA4-D970EF6E50D3} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {972AD7F1-F45C-4180-8B5B-1CA9CD56D03B} - System32\Tasks\{F8974EE9-C66F-4EDA-8E77-DDE83B4C8B4D} => C:\Program Files (x86)\Kalypso\Imperium Romanum\Imperium Romanum.exe No File
Task: {9A2F1769-6E09-4D2F-B37F-ED192C789A5E} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe No File
Task: {AA5610E8-ACCA-42D8-8F9B-C1302CD51A14} - System32\Tasks\{474D05D0-E50A-4902-950E-C9CBDB4F7366} => C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {AD9E0840-3A17-4274-B0A6-F8D994EA5757} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {C2538203-5507-4E6D-BE98-67C118734B68} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {CBB88796-BD09-422F-9DB3-169046943557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {D3C2F7D6-DCFC-4966-BD6B-D95AAAA1D74C} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe [2013-07-27] (LyriXeeker Tech)
Task: {DA9BA69B-02BE-4B94-8D89-150323547A6E} - System32\Tasks\{B5413418-9E22-41C7-82C9-21FCE97169B0} => C:\Program Files (x86)\Kalypso\Imperium Romanum\Imperium Romanum.exe No File
Task: {F3E58122-078F-4743-A615-F2A74848761B} - System32\Tasks\{F72C2E4D-18CA-432C-AFD3-7BC916686ED7} => C:\Program Files (x86)\Kalypso\Imperium Romanum\Imperium Romanum.exe No File
Task: {FAA10320-8FE8-4685-8167-2818987B0A32} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1277150531-3409653676-2563953427-1001
Task: {FF1D7BBB-3B82-4C6C-AAB6-F382501454E9} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe
==================== Faulty Device Manager Devices =============
Name: Dell Wireless 1502 802.11b/g/n
Description: Dell Wireless 1502 802.11b/g/n
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2013 00:04:09 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/03/2013 00:04:09 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/03/2013 00:04:09 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/02/2013 09:16:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/02/2013 09:16:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/02/2013 09:16:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/02/2013 09:06:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (08/02/2013 09:06:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/02/2013 09:06:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (08/02/2013 05:37:21 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15a4
Startzeit: 01ce8f9474ab9bac
Endzeit: 4
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 5993ee5d-fb89-11e2-8f2a-f04da2de3fdc
System errors:
=============
Error: (08/03/2013 11:59:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/03/2013 11:57:15 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (08/02/2013 09:11:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/02/2013 09:09:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (08/02/2013 09:01:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/02/2013 08:59:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error: (07/31/2013 06:17:23 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/29/2013 08:51:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706be fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software x64 - Juli 2013 (KB890830)
Error: (07/29/2013 08:50:54 PM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}
Error: (07/29/2013 04:38:33 PM) (Source: DCOM) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}
Microsoft Office Sessions:
=========================
Error: (08/03/2013 00:04:09 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/03/2013 00:04:09 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/03/2013 00:04:09 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/02/2013 09:16:36 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/02/2013 09:16:36 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/02/2013 09:16:36 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/02/2013 09:06:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (08/02/2013 09:06:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/02/2013 09:06:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (08/02/2013 05:37:21 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1663515a401ce8f9474ab9bac4C:\Program Files\Internet Explorer\iexplore.exe5993ee5d-fb89-11e2-8f2a-f04da2de3fdc
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 3990.79 MB
Available physical RAM: 1911.33 MB
Total Pagefile: 7979.75 MB
Available Pagefile: 5483.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:930.74 GB) (Free:753.95 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: A56771B0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-03 12:55:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST31000524AS rev.JC4A 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Mark\AppData\Local\Temp\pxldypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fff000 8 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 576 fffff80002fff010 29 bytes [60, DC, 34, 0E, A0, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010027091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100270048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001002702ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001002704b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001002709fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100270ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010027012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100270758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100270676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001002703d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100270594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010027083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[924] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010027020c
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010015091c
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100150048
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001001502ee
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001001504b2
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001001509fe
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100150ae0
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010015012a
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100150758
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100150676
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001001503d0
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100150594
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010015083a
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010015020c
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ad1492 7 bytes JMP 00000001001e059e
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007695524f 7 bytes JMP 0000000100150f52
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769553d0 7 bytes JMP 00000001001e0210
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076955677 1 byte JMP 00000001001e0048
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076955679 5 bytes {JMP 0xffffffff8988a9d1}
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007695589a 7 bytes JMP 0000000100150ca6
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076955a1d 7 bytes JMP 00000001001e03d8
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076955c9b 7 bytes JMP 00000001001e012c
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076955d87 7 bytes JMP 00000001001e02f4
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076957240 7 bytes JMP 0000000100150e6e
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b91465 2 bytes [B9, 77]
.text C:\ProgramData\eSafe\eGdpSvc.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b914bb 2 bytes [B9, 77]
.text ... * 2
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010035091c
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100350048
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001003502ee
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001003504b2
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001003509fe
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100350ae0
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010026004c
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010035012a
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100350758
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100350676
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001003503d0
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100350594
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010035083a
.text C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe[336] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010035020c
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010038091c
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100380048
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001003802ee
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001003804b2
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001003809fe
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100380ae0
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010038012a
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100380758
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100380676
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001003803d0
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100380594
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010038083a
.text c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe[1604] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010038020c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 00000001001e091c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 00000001001e0048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001001e02ee
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001001e04b2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001001e09fe
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 00000001001e0ae0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 00000001001e012a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 00000001001e0758
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 00000001001e0676
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001001e03d0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 00000001001e0594
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 00000001001e083a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 00000001001e020c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b91465 2 bytes [B9, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b914bb 2 bytes [B9, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ad1492 7 bytes JMP 00000001001f04bc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007695524f 7 bytes JMP 00000001001e0f52
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769553d0 7 bytes JMP 00000001001f0210
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076955677 1 byte JMP 00000001001f0048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076955679 5 bytes {JMP 0xffffffff8989a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007695589a 7 bytes JMP 00000001001e0ca6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076955a1d 7 bytes JMP 00000001001f03d8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076955c9b 7 bytes JMP 00000001001f012c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076955d87 7 bytes JMP 00000001001f02f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1092] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076957240 7 bytes JMP 00000001001e0e6e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007695524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769553d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076955677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076955679 5 bytes {JMP 0xffffffff8974a9d1}
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007695589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076955a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076955c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076955d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076957240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ad1492 7 bytes JMP 00000001000a0762
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b91465 2 bytes [B9, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b914bb 2 bytes [B9, 77]
.text ... * 2
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ad1492 7 bytes JMP 000000010029059e
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007695524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769553d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076955677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076955679 5 bytes {JMP 0xffffffff8993a9d1}
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007695589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076955a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076955c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076955d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[2800] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076957240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4084] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 000000010029020c
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bdfc90 5 bytes JMP 00000001001d091c
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077bdfdf4 5 bytes JMP 00000001001d0048
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 0000000077bdfe88 5 bytes JMP 00000001001d02ee
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077bdffe4 5 bytes JMP 00000001001d04b2
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077be0018 5 bytes JMP 00000001001d09fe
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077be0048 5 bytes JMP 00000001001d0ae0
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077be0064 5 bytes JMP 000000010002004c
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077be077c 5 bytes JMP 00000001001d012a
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000077be086c 5 bytes JMP 00000001001d0758
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077be0884 5 bytes JMP 00000001001d0676
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077be0dd4 5 bytes JMP 00000001001d03d0
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077be1900 5 bytes JMP 00000001001d0594
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077be1bc4 5 bytes JMP 00000001001d083a
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077be1d50 5 bytes JMP 00000001001d020c
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007695524f 7 bytes JMP 00000001001d0f52
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000769553d0 7 bytes JMP 0000000100260210
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076955677 1 byte JMP 0000000100260048
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076955679 5 bytes {JMP 0xffffffff8990a9d1}
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007695589a 7 bytes JMP 00000001001d0ca6
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076955a1d 7 bytes JMP 00000001002603d8
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076955c9b 7 bytes JMP 000000010026012c
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076955d87 7 bytes JMP 00000001002602f4
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076957240 7 bytes JMP 00000001001d0e6e
.text C:\Users\Mark\Downloads\gmer_2.1.19163.exe[6380] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076ad1492 7 bytes JMP 00000001002604bc
---- EOF - GMER 2.1 ----
Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Mark at 21:09:57 on 2013-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3991.2437 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\ProgramData\eSafe\eGdpSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.de/?gws_rd=cr
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: LyricXeeker: {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: DealPly Shopping: {9cf699ca-2174-4ed8-bec1-ba82095edce0} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{1B117D54-2D73-41FE-8F42-A21C0CD18E4E} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{1D62BBB2-33C8-4AAA-BDA3-F46411A0CC60} : DHCPNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-1-24 28992]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-9 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-9 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130801.001\IDSviA64.sys [2013-8-2 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-9 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-9 433752]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-24 98208]
R2 DevoloNetworkService;devolo Network Service;C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]
R2 MSI_ODD_Service;MSI_ODD_Service;C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-5 76800]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
R2 WsysSvc;Wsys Service;C:\ProgramData\eSafe\eGdpSvc.exe [2013-8-2 891456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-2-12 138912]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-24 317440]
R3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-1-18 14136]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-24 539240]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-1-24 100352]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-1-24 216064]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-12-15 14664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dealplylive;DealPly Live-Dienst (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc --> C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-12-4 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-12-4 21872]
S3 dealplylivem;DealPly Live-Dienst (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc --> C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [?]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-1-24 158976]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-1-24 291648]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-08-02 16:18:12 -------- d-----w- C:\ProgramData\eSafe
2013-08-02 16:16:57 -------- d-----w- C:\Users\Mark\AppData\Local\Google
2013-08-02 16:16:56 -------- d-----w- C:\Program Files (x86)\LyriXeeker
2013-07-29 19:01:48 -------- d-----w- C:\Users\Mark\AppData\Roaming\Trine2
2013-07-24 12:22:10 -------- d-----w- C:\ProgramData\Codemasters
2013-07-12 13:06:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-12 13:06:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-11 19:33:04 -------- d-----w- C:\4c53c8961b0478fb9962882ff0
2013-07-11 14:26:50 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 14:26:50 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-06-19 14:00:02 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-12 15:04:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 15:04:46 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-05 19:53:55 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys
2013-05-21 05:02:00 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys
2013-05-16 05:02:14 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 21:10:37,35 ===============
Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11.08.2012 12:57:30
System Uptime: 02.08.2013 21:08:06 (0 hours ago)
.
Motherboard: Alienware | | 08PG26
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 753,715 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Dell Wireless 1502 802.11b/g/n
Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_02041028&REV_01\4&21A0897D&0&00E2
Manufacturer: Atheros Communications Inc.
Name: Dell Wireless 1502 802.11b/g/n
PNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_02041028&REV_01\4&21A0897D&0&00E2
Service: athr
.
==== System Restore Points ===================
.
RP88: 31.07.2013 18:22:52 - Geplanter Prüfpunkt
RP89: 31.07.2013 19:36:56 - DirectX wurde installiert
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
AlienAutopsy
Alienware Command Center
Alienware Product Registration
Ashampoo Burning Studio 2013 v.11.0.6
Assassin's Creed II
Assassin's Creed Revelations
Burnout(TM) Paradise The Ultimate Box
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Counter-Strike
Counter-Strike: Condition Zero
Counter-Strike: Condition Zero Deleted Scenes
Counter-Strike: Global Offensive
Counter-Strike: Source
devolo dLAN Cockpit
Die Siedler II - Die nächste Generation
dLAN Cockpit
Dota 2
F1 2012
Fallen Earth
Google Update Helper
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 7 Update 1
Java(TM) 7 Update 1 (64-bit)
LogMeIn Hamachi
LyricXeeker
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSI ODD Monitor
Norton Internet Security
Notepad++
NVIDIA 3D Vision Treiber 285.66
NVIDIA Grafiktreiber 285.66
NVIDIA HD-Audiotreiber 1.2.24.0
NVIDIA Install Application
NVIDIA Optimus 1.5.20
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 285.66
NVIDIA Update Components
Realtek High Definition Audio Driver
Saints Row: The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Steam
Team Fortress 2
TeamSpeak 3 Client
Trine 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WinRAR 4.20 (32-Bit)
World of Tanks
World of Tanks - Common Test
World of Warplanes
Worms Reloaded
Worms Revolution
Wsys Control 1.0.0.2598
.
==== End Of File ===========================
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 02/08/2013 um 20:56:26 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mark - MARK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mark\Downloads\adwcleaner06.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Desinfiziert : C:\Users\Mark\Desktop\Internet Explorer.lnk
Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\Users\Mark\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\Mark\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_9VPF01RAXXXX9VPF01RA&ts=1375460218
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_9VPF01RAXXXX9VPF01RA&ts=1375460218 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_9VPF01RAXXXX9VPF01RA&ts=1375460218 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_9VPF01RAXXXX9VPF01RA&ts=1375460218 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_9VPF01RAXXXX9VPF01RA&ts=1375460218 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST31000524AS_9VPF01RAXXXX9VPF01RA&ts=1375460218 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [10252 octets] - [02/08/2013 20:56:26]
########## EOF - C:\AdwCleaner[S1].txt - [10313 octets] ##########
|
|
03.08.2013, 13:50
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Hi,
__________________Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Und ein frisches Frst log bitte.
__________________ |
|
03.08.2013, 14:15
| #3 |
| | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Danke für die schnelle Antwort!
__________________ Jrt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.1 (08.02.2013:3)
OS: Windows 7 Home Premium x64
Ran by Mark on 03.08.2013 at 15:02:31,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] dealplylive
Successfully deleted: [Service] dealplylive
Successfully stopped: [Service] dealplylivem
Successfully deleted: [Service] dealplylivem
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealplylive.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Program Files (x86)\lyrixeeker"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.08.2013 at 15:05:55,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Mark (administrator) on 03-08-2013 15:09:52
Running from C:\Users\Mark\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Micro-Star Int'l Co., Ltd.) c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2011-12-15] (Alienware)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [241984 2011-10-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203072 2011-10-20] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (DealPly Shopping) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx
==================== Services (Whitelisted) =================
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130802.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130802.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130802.006\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130802.006\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130802.006\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130802.006\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-03 15:02 - 2013-08-03 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-03 15:01 - 2013-08-03 15:01 - 00560986 _____ (Oleg N. Scherbakov) C:\Users\Mark\Downloads\JRT.exe
2013-08-03 13:09 - 2013-08-03 13:09 - 00024360 _____ C:\Users\Mark\Desktop\defogger_disable.lnk
2013-08-03 12:55 - 2013-08-03 12:55 - 00038767 _____ C:\Users\Mark\Downloads\gmer.txt
2013-08-03 12:55 - 2013-08-03 12:55 - 00000498 _____ C:\Users\Mark\Desktop\gmer.lnk
2013-08-03 12:17 - 2013-08-03 12:17 - 00377856 _____ C:\Users\Mark\Downloads\gmer_2.1.19163.exe
2013-08-03 12:12 - 2013-08-03 12:12 - 00029261 _____ C:\Users\Mark\Desktop\FRST.txt
2013-08-03 12:12 - 2013-08-03 12:12 - 00017719 _____ C:\Users\Mark\Desktop\Addition.txt
2013-08-03 12:11 - 2013-08-03 12:11 - 00000000 ____D C:\FRST
2013-08-03 12:10 - 2013-08-03 12:10 - 01781485 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-08-03 12:08 - 2013-08-03 12:08 - 00000470 _____ C:\Users\Mark\Downloads\defogger_disable.log
2013-08-03 12:08 - 2013-08-03 12:08 - 00000000 _____ C:\Users\Mark\defogger_reenable
2013-08-03 12:06 - 2013-08-03 12:06 - 00050477 _____ C:\Users\Mark\Downloads\Defogger.exe
2013-08-02 21:07 - 2013-08-02 21:07 - 00000854 _____ C:\AdwCleaner[S2].txt
2013-08-02 21:04 - 2013-08-02 21:10 - 00014519 _____ C:\Users\Mark\Desktop\dds.txt
2013-08-02 21:04 - 2013-08-02 21:10 - 00004667 _____ C:\Users\Mark\Desktop\attach.txt
2013-08-02 21:02 - 2013-08-02 21:02 - 00700783 ____R (Swearware) C:\Users\Mark\Downloads\dds+.exe
2013-08-02 21:01 - 2013-08-02 21:01 - 00655200 _____ C:\Users\Mark\Downloads\setup.exe
2013-08-02 20:56 - 2013-08-02 20:56 - 00010347 _____ C:\AdwCleaner[S1].txt
2013-08-02 20:55 - 2013-08-02 20:55 - 00666633 _____ C:\Users\Mark\Downloads\adwcleaner06.exe
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\ServerJarStorage
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-schematics
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-0.1.6.win32
2013-08-02 18:17 - 2013-08-03 14:22 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-02 18:17 - 2013-08-03 13:03 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-02 18:17 - 2013-08-02 18:17 - 00003898 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-08-02 18:17 - 2013-08-02 18:17 - 00003646 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-08-02 18:17 - 2013-08-02 18:17 - 00003364 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-08-02 18:16 - 2013-08-03 13:03 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-02 18:16 - 2013-08-02 18:16 - 00003032 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-02 18:16 - 2013-08-02 18:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-07-29 21:01 - 2013-07-29 21:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trine2
2013-07-29 20:59 - 2013-07-29 20:59 - 00000222 _____ C:\Users\Mark\Desktop\F1 2012.url
2013-07-29 20:49 - 2013-06-24 00:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-24 17:27 - 2013-07-24 17:27 - 00000221 _____ C:\Users\Mark\Desktop\Trine 2.url
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\Users\Mark\Documents\My Games
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\ProgramData\Codemasters
2013-07-24 07:02 - 2013-07-24 07:02 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000222 _____ C:\Users\Mark\Desktop\Assassin's Creed Revelations.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Global Offensive.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Saints Row The Third.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Assassin's Creed II.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Source.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero.url
2013-07-24 06:58 - 2013-07-24 06:58 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike.url
2013-07-22 17:59 - 2013-07-22 17:59 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2.url
2013-07-20 12:18 - 2013-07-20 12:18 - 01001338 _____ C:\Users\Mark\Desktop\SinglePlayerCommands-MC1.6.2_V5.0.zip
2013-07-17 18:55 - 2013-07-17 18:55 - 00000219 _____ C:\Users\Mark\Desktop\Team Fortress 2.url
2013-07-17 18:50 - 2013-07-17 18:50 - 00003120 _____ C:\Windows\System32\Tasks\{E81BC9DE-98DE-4E22-AB31-6DA0D5E69038}
2013-07-12 15:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 15:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 15:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 15:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 15:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 15:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 15:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 21:33 - 2013-07-11 21:33 - 00000000 ____D C:\4c53c8961b0478fb9962882ff0
2013-07-11 16:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 16:27 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:26 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 16:26 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 18:45 - 2013-07-10 18:45 - 13292297 _____ C:\Users\Mark\Desktop\ravands-converted-1373474728787.zip
2013-07-10 18:42 - 2013-07-10 18:43 - 52460484 _____ C:\Users\Mark\Desktop\ravands.zip
2013-07-10 15:18 - 2013-07-10 15:18 - 00065935 _____ C:\Users\Mark\Desktop\X-ray.rar
2013-07-10 15:17 - 2013-07-10 15:17 - 00066494 _____ C:\Users\Mark\Downloads\X-RayMod_v042.zip
2013-07-07 14:21 - 2013-07-07 14:21 - 53942177 _____ C:\Users\Mark\Desktop\Misa500-converted-1373199671883.zip
2013-07-07 14:15 - 2013-07-07 14:15 - 02570679 _____ C:\Users\Mark\Desktop\TextureEnder.jar
2013-07-07 14:09 - 2013-07-07 14:10 - 53886249 _____ C:\Users\Mark\Desktop\Misa500.zip
2013-07-07 14:06 - 2013-07-07 14:06 - 08625354 _____ C:\Users\Mark\Desktop\willpack3.zip
2013-07-07 13:57 - 2013-07-07 13:57 - 09628376 _____ C:\Users\Mark\Desktop\Romecraft GERMANIA 14.zip
2013-07-07 12:02 - 2013-07-07 12:02 - 00484992 _____ C:\Users\Mark\Desktop\Minecraft (1).exe
2013-07-04 20:51 - 2013-07-04 20:51 - 00000219 _____ C:\Users\Mark\Desktop\Dota 2.url
2013-07-04 19:03 - 2013-07-04 19:31 - 00000000 ____D C:\Users\Mark\Desktop\Neuer Ordner
2013-07-04 18:37 - 2013-07-04 18:37 - 00000000 ____D C:\Users\Mark\Documents\default
113
==================== One Month Modified Files and Folders =======
2013-08-03 15:05 - 2013-08-03 15:05 - 00001424 _____ C:\Users\Mark\Desktop\JRT.txt
2013-08-03 15:04 - 2013-02-28 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-03 15:03 - 2012-08-11 13:40 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-08-03 15:02 - 2013-08-03 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-03 15:01 - 2013-08-03 15:01 - 00560986 _____ (Oleg N. Scherbakov) C:\Users\Mark\Downloads\JRT.exe
2013-08-03 14:59 - 2013-02-18 15:09 - 00000000 ____D C:\Users\Mark\AppData\Roaming\.minecraft
2013-08-03 14:22 - 2013-08-02 18:17 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-03 13:11 - 2010-11-21 08:50 - 03343618 _____ C:\Windows\system32\perfh007.dat
2013-08-03 13:11 - 2010-11-21 08:50 - 00970318 _____ C:\Windows\system32\perfc007.dat
2013-08-03 13:11 - 2009-07-14 07:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-03 13:11 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-03 13:11 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 13:09 - 2013-08-03 13:09 - 00024360 _____ C:\Users\Mark\Desktop\defogger_disable.lnk
2013-08-03 13:07 - 2012-01-23 22:25 - 01675427 _____ C:\Windows\WindowsUpdate.log
2013-08-03 13:04 - 2012-08-13 20:59 - 00000000 ____D C:\Users\Mark\AppData\Local\LogMeIn Hamachi
2013-08-03 13:03 - 2013-08-02 18:17 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-03 13:03 - 2013-08-02 18:16 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-03 13:03 - 2012-09-07 15:45 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-03 13:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-03 13:02 - 2012-01-23 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-03 13:02 - 2009-07-14 06:51 - 00075652 _____ C:\Windows\setupact.log
2013-08-03 12:55 - 2013-08-03 12:55 - 00038767 _____ C:\Users\Mark\Downloads\gmer.txt
2013-08-03 12:55 - 2013-08-03 12:55 - 00000498 _____ C:\Users\Mark\Desktop\gmer.lnk
2013-08-03 12:21 - 2013-05-22 13:59 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-08-03 12:17 - 2013-08-03 12:17 - 00377856 _____ C:\Users\Mark\Downloads\gmer_2.1.19163.exe
2013-08-03 12:12 - 2013-08-03 12:12 - 00029261 _____ C:\Users\Mark\Desktop\FRST.txt
2013-08-03 12:12 - 2013-08-03 12:12 - 00017719 _____ C:\Users\Mark\Desktop\Addition.txt
2013-08-03 12:11 - 2013-08-03 12:11 - 00000000 ____D C:\FRST
2013-08-03 12:10 - 2013-08-03 12:10 - 01781485 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-08-03 12:08 - 2013-08-03 12:08 - 00000470 _____ C:\Users\Mark\Downloads\defogger_disable.log
2013-08-03 12:08 - 2013-08-03 12:08 - 00000000 _____ C:\Users\Mark\defogger_reenable
2013-08-03 12:08 - 2012-08-11 12:57 - 00000000 ____D C:\Users\Mark
2013-08-03 12:06 - 2013-08-03 12:06 - 00050477 _____ C:\Users\Mark\Downloads\Defogger.exe
2013-08-02 21:10 - 2013-08-02 21:04 - 00014519 _____ C:\Users\Mark\Desktop\dds.txt
2013-08-02 21:10 - 2013-08-02 21:04 - 00004667 _____ C:\Users\Mark\Desktop\attach.txt
2013-08-02 21:07 - 2013-08-02 21:07 - 00000854 _____ C:\AdwCleaner[S2].txt
2013-08-02 21:02 - 2013-08-02 21:02 - 00700783 ____R (Swearware) C:\Users\Mark\Downloads\dds+.exe
2013-08-02 21:01 - 2013-08-02 21:01 - 00655200 _____ C:\Users\Mark\Downloads\setup.exe
2013-08-02 20:56 - 2013-08-02 20:56 - 00010347 _____ C:\AdwCleaner[S1].txt
2013-08-02 20:56 - 2013-06-06 16:18 - 00000995 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-02 20:55 - 2013-08-02 20:55 - 00666633 _____ C:\Users\Mark\Downloads\adwcleaner06.exe
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\ServerJarStorage
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-schematics
2013-08-02 18:18 - 2013-08-02 18:18 - 00000000 ____D C:\Users\Mark\Desktop\MCEdit-0.1.6.win32
2013-08-02 18:17 - 2013-08-02 18:17 - 00003898 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-08-02 18:17 - 2013-08-02 18:17 - 00003646 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-08-02 18:17 - 2013-08-02 18:17 - 00003364 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-08-02 18:16 - 2013-08-02 18:16 - 00003032 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-02 18:16 - 2013-08-02 18:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-07-29 21:01 - 2013-07-29 21:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trine2
2013-07-29 21:01 - 2012-09-06 17:11 - 00257772 _____ C:\Windows\DirectX.log
2013-07-29 20:59 - 2013-07-29 20:59 - 00000222 _____ C:\Users\Mark\Desktop\F1 2012.url
2013-07-29 20:59 - 2012-09-07 16:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-25 13:04 - 2013-01-28 10:04 - 00000000 ____D C:\Program Files\AlienAutopsy
2013-07-25 13:04 - 2012-09-10 17:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-25 12:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-24 17:27 - 2013-07-24 17:27 - 00000221 _____ C:\Users\Mark\Desktop\Trine 2.url
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\Users\Mark\Documents\My Games
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\ProgramData\Codemasters
2013-07-24 07:02 - 2013-07-24 07:02 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000222 _____ C:\Users\Mark\Desktop\Assassin's Creed Revelations.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Global Offensive.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Saints Row The Third.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Assassin's Creed II.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Source.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero.url
2013-07-24 06:58 - 2013-07-24 06:58 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike.url
2013-07-22 17:59 - 2013-07-22 17:59 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2.url
2013-07-20 12:18 - 2013-07-20 12:18 - 01001338 _____ C:\Users\Mark\Desktop\SinglePlayerCommands-MC1.6.2_V5.0.zip
2013-07-20 11:57 - 2012-12-27 12:05 - 00000000 ____D C:\Users\Mark\AppData\Roaming\TS3Client
2013-07-17 18:55 - 2013-07-17 18:55 - 00000219 _____ C:\Users\Mark\Desktop\Team Fortress 2.url
2013-07-17 18:50 - 2013-07-17 18:50 - 00003120 _____ C:\Windows\System32\Tasks\{E81BC9DE-98DE-4E22-AB31-6DA0D5E69038}
2013-07-15 16:32 - 2010-11-21 05:47 - 00041190 _____ C:\Windows\PFRO.log
2013-07-12 19:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:59 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:59 - 2009-07-14 06:45 - 00278856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 21:33 - 2013-07-11 21:33 - 00000000 ____D C:\4c53c8961b0478fb9962882ff0
2013-07-10 18:45 - 2013-07-10 18:45 - 13292297 _____ C:\Users\Mark\Desktop\ravands-converted-1373474728787.zip
2013-07-10 18:43 - 2013-07-10 18:42 - 52460484 _____ C:\Users\Mark\Desktop\ravands.zip
2013-07-10 15:18 - 2013-07-10 15:18 - 00065935 _____ C:\Users\Mark\Desktop\X-ray.rar
2013-07-10 15:17 - 2013-07-10 15:17 - 00066494 _____ C:\Users\Mark\Downloads\X-RayMod_v042.zip
2013-07-07 14:21 - 2013-07-07 14:21 - 53942177 _____ C:\Users\Mark\Desktop\Misa500-converted-1373199671883.zip
2013-07-07 14:15 - 2013-07-07 14:15 - 02570679 _____ C:\Users\Mark\Desktop\TextureEnder.jar
2013-07-07 14:10 - 2013-07-07 14:09 - 53886249 _____ C:\Users\Mark\Desktop\Misa500.zip
2013-07-07 14:06 - 2013-07-07 14:06 - 08625354 _____ C:\Users\Mark\Desktop\willpack3.zip
2013-07-07 13:57 - 2013-07-07 13:57 - 09628376 _____ C:\Users\Mark\Desktop\Romecraft GERMANIA 14.zip
2013-07-07 12:02 - 2013-07-07 12:02 - 00484992 _____ C:\Users\Mark\Desktop\Minecraft (1).exe
2013-07-05 14:34 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-04 20:51 - 2013-07-04 20:51 - 00000219 _____ C:\Users\Mark\Desktop\Dota 2.url
2013-07-04 19:31 - 2013-07-04 19:03 - 00000000 ____D C:\Users\Mark\Desktop\Neuer Ordner
2013-07-04 19:30 - 2012-10-13 15:59 - 00000000 ____D C:\Users\Mark\Desktop\New Worlde
2013-07-04 18:37 - 2013-07-04 18:37 - 00000000 ____D C:\Users\Mark\Documents\default
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 19:00
==================== End Of Log ============================
lg Atrom |
|
04.08.2013, 09:38
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Reste entfernen  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.08.2013, 12:01
| #5 |
| | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Ganz Herzlichen Dank! funktioniert wieder alles wie vorher  Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8b8a88d9f4ab85489a643dd2c1207df9
# engine=14644
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-04 10:40:01
# local_time=2013-08-04 12:40:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 1962570 138209386 0 0
# compatibility_mode=5893 16776574 100 94 1962644 127242651 0 0
# scanned=216120
# found=1
# cleaned=0
# scan_time=5372
sh=5A779BC6E4899AC06ED7F72B55323D9DB0469AE6 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\59KFMAOB\base[1].htm"
Code:
ATTFilter Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 7 Update 1
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by Mark (administrator) on 04-08-2013 12:59:24
Running from C:\Users\Mark\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Micro-Star Int'l Co., Ltd.) c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2011-12-15] (Alienware)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [241984 2011-10-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203072 2011-10-20] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (DealPly Shopping) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx
==================== Services (Whitelisted) =================
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-05] (Micro-Star Int'l Co., Ltd.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130802.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130802.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130803.004\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130803.004\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130803.004\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130803.004\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-04 11:07 - 2013-08-04 11:07 - 02347384 _____ (ESET) C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
2013-08-03 15:05 - 2013-08-03 15:05 - 00001424 _____ C:\Users\Mark\Desktop\JRT.txt
2013-08-03 15:02 - 2013-08-03 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-03 15:01 - 2013-08-03 15:01 - 00560986 _____ (Oleg N. Scherbakov) C:\Users\Mark\Downloads\JRT.exe
2013-08-03 13:09 - 2013-08-03 13:09 - 00024360 _____ C:\Users\Mark\Desktop\defogger_disable.lnk
2013-08-03 12:55 - 2013-08-03 12:55 - 00038767 _____ C:\Users\Mark\Downloads\gmer.txt
2013-08-03 12:55 - 2013-08-03 12:55 - 00000498 _____ C:\Users\Mark\Desktop\gmer.lnk
2013-08-03 12:17 - 2013-08-03 12:17 - 00377856 _____ C:\Users\Mark\Downloads\gmer_2.1.19163.exe
2013-08-03 12:12 - 2013-08-03 12:12 - 00029261 _____ C:\Users\Mark\Desktop\FRST.txt
2013-08-03 12:12 - 2013-08-03 12:12 - 00017719 _____ C:\Users\Mark\Desktop\Addition.txt
2013-08-03 12:11 - 2013-08-03 12:11 - 00000000 ____D C:\FRST
2013-08-03 12:10 - 2013-08-03 12:10 - 01781485 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-08-03 12:08 - 2013-08-03 12:08 - 00000470 _____ C:\Users\Mark\Downloads\defogger_disable.log
2013-08-03 12:08 - 2013-08-03 12:08 - 00000000 _____ C:\Users\Mark\defogger_reenable
2013-08-03 12:06 - 2013-08-03 12:06 - 00050477 _____ C:\Users\Mark\Downloads\Defogger.exe
2013-08-02 21:07 - 2013-08-02 21:07 - 00000854 _____ C:\AdwCleaner[S2].txt
2013-08-02 21:04 - 2013-08-02 21:10 - 00014519 _____ C:\Users\Mark\Desktop\dds.txt
2013-08-02 21:04 - 2013-08-02 21:10 - 00004667 _____ C:\Users\Mark\Desktop\attach.txt
2013-08-02 21:02 - 2013-08-02 21:02 - 00700783 ____R (Swearware) C:\Users\Mark\Downloads\dds+.exe
2013-08-02 21:01 - 2013-08-02 21:01 - 00655200 _____ C:\Users\Mark\Downloads\setup.exe
2013-08-02 20:56 - 2013-08-02 20:56 - 00010347 _____ C:\AdwCleaner[S1].txt
2013-08-02 20:55 - 2013-08-02 20:55 - 00666633 _____ C:\Users\Mark\Downloads\adwcleaner06.exe
2013-08-02 18:17 - 2013-08-04 12:22 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-02 18:17 - 2013-08-04 10:58 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-02 18:17 - 2013-08-02 18:17 - 00003898 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-08-02 18:17 - 2013-08-02 18:17 - 00003646 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-08-02 18:17 - 2013-08-02 18:17 - 00003364 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-08-02 18:16 - 2013-08-04 10:58 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-02 18:16 - 2013-08-02 18:16 - 00003032 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-02 18:16 - 2013-08-02 18:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-07-29 21:01 - 2013-07-29 21:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trine2
2013-07-29 20:59 - 2013-07-29 20:59 - 00000222 _____ C:\Users\Mark\Desktop\F1 2012.url
2013-07-29 20:49 - 2013-06-24 00:41 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-24 17:27 - 2013-07-24 17:27 - 00000221 _____ C:\Users\Mark\Desktop\Trine 2.url
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\Users\Mark\Documents\My Games
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\ProgramData\Codemasters
2013-07-24 07:02 - 2013-07-24 07:02 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000222 _____ C:\Users\Mark\Desktop\Assassin's Creed Revelations.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Global Offensive.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Saints Row The Third.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Assassin's Creed II.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Source.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero.url
2013-07-24 06:58 - 2013-07-24 06:58 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike.url
2013-07-22 17:59 - 2013-07-22 17:59 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2.url
2013-07-20 12:18 - 2013-07-20 12:18 - 01001338 _____ C:\Users\Mark\Desktop\SinglePlayerCommands-MC1.6.2_V5.0.zip
2013-07-17 18:55 - 2013-07-17 18:55 - 00000219 _____ C:\Users\Mark\Desktop\Team Fortress 2.url
2013-07-17 18:50 - 2013-07-17 18:50 - 00003120 _____ C:\Windows\System32\Tasks\{E81BC9DE-98DE-4E22-AB31-6DA0D5E69038}
2013-07-12 15:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 15:06 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 15:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 15:05 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 15:05 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 15:05 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 15:05 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 15:05 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 15:05 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 15:05 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 15:05 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 21:33 - 2013-07-11 21:33 - 00000000 ____D C:\4c53c8961b0478fb9962882ff0
2013-07-11 16:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 16:27 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 16:26 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 16:26 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 18:45 - 2013-07-10 18:45 - 13292297 _____ C:\Users\Mark\Desktop\ravands-converted-1373474728787.zip
2013-07-10 18:42 - 2013-07-10 18:43 - 52460484 _____ C:\Users\Mark\Desktop\ravands.zip
2013-07-10 15:18 - 2013-07-10 15:18 - 00065935 _____ C:\Users\Mark\Desktop\X-ray.rar
2013-07-10 15:17 - 2013-07-10 15:17 - 00066494 _____ C:\Users\Mark\Downloads\X-RayMod_v042.zip
2013-07-07 14:21 - 2013-07-07 14:21 - 53942177 _____ C:\Users\Mark\Desktop\Misa500-converted-1373199671883.zip
2013-07-07 14:15 - 2013-07-07 14:15 - 02570679 _____ C:\Users\Mark\Desktop\TextureEnder.jar
2013-07-07 14:09 - 2013-07-07 14:10 - 53886249 _____ C:\Users\Mark\Desktop\Misa500.zip
2013-07-07 14:06 - 2013-07-07 14:06 - 08625354 _____ C:\Users\Mark\Desktop\willpack3.zip
2013-07-07 13:57 - 2013-07-07 13:57 - 09628376 _____ C:\Users\Mark\Desktop\Romecraft GERMANIA 14.zip
2013-07-07 12:02 - 2013-07-07 12:02 - 00484992 _____ C:\Users\Mark\Desktop\Minecraft (1).exe
110
==================== One Month Modified Files and Folders =======
2013-08-04 12:50 - 2013-08-04 12:50 - 00891098 _____ C:\Users\Mark\Downloads\SecurityCheck.exe
2013-08-04 12:22 - 2013-08-02 18:17 - 00000902 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-04 12:08 - 2012-01-23 22:25 - 01715634 _____ C:\Windows\WindowsUpdate.log
2013-08-04 12:04 - 2013-02-28 18:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-04 11:13 - 2013-05-22 13:59 - 00003460 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-08-04 11:09 - 2010-11-21 08:50 - 03372702 _____ C:\Windows\system32\perfh007.dat
2013-08-04 11:09 - 2010-11-21 08:50 - 00979354 _____ C:\Windows\system32\perfc007.dat
2013-08-04 11:09 - 2009-07-14 07:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-04 11:08 - 2012-08-11 13:40 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2013-08-04 11:07 - 2013-08-04 11:07 - 02347384 _____ (ESET) C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
2013-08-04 11:05 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 11:05 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-04 10:58 - 2013-08-02 18:17 - 00000898 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-04 10:58 - 2013-08-02 18:16 - 00000386 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-04 10:58 - 2012-09-07 15:45 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-04 10:58 - 2012-08-13 20:59 - 00000000 ____D C:\Users\Mark\AppData\Local\LogMeIn Hamachi
2013-08-04 10:57 - 2012-01-23 22:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-04 10:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-04 10:57 - 2009-07-14 06:51 - 00075708 _____ C:\Windows\setupact.log
2013-08-03 19:22 - 2013-02-18 15:09 - 00000000 ____D C:\Users\Mark\AppData\Roaming\.minecraft
2013-08-03 15:05 - 2013-08-03 15:05 - 00001424 _____ C:\Users\Mark\Desktop\JRT.txt
2013-08-03 15:02 - 2013-08-03 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-08-03 15:01 - 2013-08-03 15:01 - 00560986 _____ (Oleg N. Scherbakov) C:\Users\Mark\Downloads\JRT.exe
2013-08-03 13:09 - 2013-08-03 13:09 - 00024360 _____ C:\Users\Mark\Desktop\defogger_disable.lnk
2013-08-03 12:55 - 2013-08-03 12:55 - 00038767 _____ C:\Users\Mark\Downloads\gmer.txt
2013-08-03 12:55 - 2013-08-03 12:55 - 00000498 _____ C:\Users\Mark\Desktop\gmer.lnk
2013-08-03 12:17 - 2013-08-03 12:17 - 00377856 _____ C:\Users\Mark\Downloads\gmer_2.1.19163.exe
2013-08-03 12:12 - 2013-08-03 12:12 - 00029261 _____ C:\Users\Mark\Desktop\FRST.txt
2013-08-03 12:12 - 2013-08-03 12:12 - 00017719 _____ C:\Users\Mark\Desktop\Addition.txt
2013-08-03 12:11 - 2013-08-03 12:11 - 00000000 ____D C:\FRST
2013-08-03 12:10 - 2013-08-03 12:10 - 01781485 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2013-08-03 12:08 - 2013-08-03 12:08 - 00000470 _____ C:\Users\Mark\Downloads\defogger_disable.log
2013-08-03 12:08 - 2013-08-03 12:08 - 00000000 _____ C:\Users\Mark\defogger_reenable
2013-08-03 12:08 - 2012-08-11 12:57 - 00000000 ____D C:\Users\Mark
2013-08-03 12:06 - 2013-08-03 12:06 - 00050477 _____ C:\Users\Mark\Downloads\Defogger.exe
2013-08-02 21:10 - 2013-08-02 21:04 - 00014519 _____ C:\Users\Mark\Desktop\dds.txt
2013-08-02 21:10 - 2013-08-02 21:04 - 00004667 _____ C:\Users\Mark\Desktop\attach.txt
2013-08-02 21:07 - 2013-08-02 21:07 - 00000854 _____ C:\AdwCleaner[S2].txt
2013-08-02 21:02 - 2013-08-02 21:02 - 00700783 ____R (Swearware) C:\Users\Mark\Downloads\dds+.exe
2013-08-02 21:01 - 2013-08-02 21:01 - 00655200 _____ C:\Users\Mark\Downloads\setup.exe
2013-08-02 20:56 - 2013-08-02 20:56 - 00010347 _____ C:\AdwCleaner[S1].txt
2013-08-02 20:56 - 2013-06-06 16:18 - 00000995 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-02 20:55 - 2013-08-02 20:55 - 00666633 _____ C:\Users\Mark\Downloads\adwcleaner06.exe
2013-08-02 18:17 - 2013-08-02 18:17 - 00003898 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
2013-08-02 18:17 - 2013-08-02 18:17 - 00003646 _____ C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
2013-08-02 18:17 - 2013-08-02 18:17 - 00003364 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-08-02 18:16 - 2013-08-02 18:16 - 00003032 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-08-02 18:16 - 2013-08-02 18:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Google
2013-07-29 21:01 - 2013-07-29 21:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Trine2
2013-07-29 21:01 - 2012-09-06 17:11 - 00257772 _____ C:\Windows\DirectX.log
2013-07-29 20:59 - 2013-07-29 20:59 - 00000222 _____ C:\Users\Mark\Desktop\F1 2012.url
2013-07-29 20:59 - 2012-09-07 16:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-07-25 13:04 - 2013-01-28 10:04 - 00000000 ____D C:\Program Files\AlienAutopsy
2013-07-25 13:04 - 2012-09-10 17:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-25 12:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-24 17:27 - 2013-07-24 17:27 - 00000221 _____ C:\Users\Mark\Desktop\Trine 2.url
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\Users\Mark\Documents\My Games
2013-07-24 14:22 - 2013-07-24 14:22 - 00000000 ____D C:\ProgramData\Codemasters
2013-07-24 07:02 - 2013-07-24 07:02 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000222 _____ C:\Users\Mark\Desktop\Assassin's Creed Revelations.url
2013-07-24 07:01 - 2013-07-24 07:01 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Global Offensive.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Saints Row The Third.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2013-07-24 07:00 - 2013-07-24 07:00 - 00000221 _____ C:\Users\Mark\Desktop\Assassin's Creed II.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000219 _____ C:\Users\Mark\Desktop\Counter-Strike Source.url
2013-07-24 06:59 - 2013-07-24 06:59 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike Condition Zero.url
2013-07-24 06:58 - 2013-07-24 06:58 - 00000218 _____ C:\Users\Mark\Desktop\Counter-Strike.url
2013-07-22 17:59 - 2013-07-22 17:59 - 00000221 _____ C:\Users\Mark\Desktop\Call of Duty Modern Warfare 2.url
2013-07-20 12:18 - 2013-07-20 12:18 - 01001338 _____ C:\Users\Mark\Desktop\SinglePlayerCommands-MC1.6.2_V5.0.zip
2013-07-20 11:57 - 2012-12-27 12:05 - 00000000 ____D C:\Users\Mark\AppData\Roaming\TS3Client
2013-07-17 18:55 - 2013-07-17 18:55 - 00000219 _____ C:\Users\Mark\Desktop\Team Fortress 2.url
2013-07-17 18:50 - 2013-07-17 18:50 - 00003120 _____ C:\Windows\System32\Tasks\{E81BC9DE-98DE-4E22-AB31-6DA0D5E69038}
2013-07-15 16:32 - 2010-11-21 05:47 - 00041190 _____ C:\Windows\PFRO.log
2013-07-12 19:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 19:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:59 - 2010-11-21 09:00 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:59 - 2009-07-14 06:45 - 00278856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 21:33 - 2013-07-11 21:33 - 00000000 ____D C:\4c53c8961b0478fb9962882ff0
2013-07-10 18:45 - 2013-07-10 18:45 - 13292297 _____ C:\Users\Mark\Desktop\ravands-converted-1373474728787.zip
2013-07-10 18:43 - 2013-07-10 18:42 - 52460484 _____ C:\Users\Mark\Desktop\ravands.zip
2013-07-10 15:18 - 2013-07-10 15:18 - 00065935 _____ C:\Users\Mark\Desktop\X-ray.rar
2013-07-10 15:17 - 2013-07-10 15:17 - 00066494 _____ C:\Users\Mark\Downloads\X-RayMod_v042.zip
2013-07-07 14:21 - 2013-07-07 14:21 - 53942177 _____ C:\Users\Mark\Desktop\Misa500-converted-1373199671883.zip
2013-07-07 14:15 - 2013-07-07 14:15 - 02570679 _____ C:\Users\Mark\Desktop\TextureEnder.jar
2013-07-07 14:10 - 2013-07-07 14:09 - 53886249 _____ C:\Users\Mark\Desktop\Misa500.zip
2013-07-07 14:06 - 2013-07-07 14:06 - 08625354 _____ C:\Users\Mark\Desktop\willpack3.zip
2013-07-07 13:57 - 2013-07-07 13:57 - 09628376 _____ C:\Users\Mark\Desktop\Romecraft GERMANIA 14.zip
2013-07-07 12:02 - 2013-07-07 12:02 - 00484992 _____ C:\Users\Mark\Desktop\Minecraft (1).exe
2013-07-05 14:34 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 19:00
==================== End Of Log ============================
lg Atrom |
|
05.08.2013, 07:12
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Java updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [x]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet |
|
06.08.2013, 12:21
| #7 |
| | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Schon mal ganz herzlichen dank für deine Hilfe, alles sehr gut, ausführlich und verständlich erklärt, top! zu der Fixlog.txt. die wurde erstellt und ich hab sie auch abgespeichert, aber nachdem ich Delfix ausgeführt hatte war die auch verschwunden, oder ich kann sie zumindest nicht mehr finden. Was soll ich dafür machen, bzw. ist die überhaupt noch wichtig? Wenn nicht bedanke ich mich noch mal recht herzlich und du kannst mich wieder aus den Abos löschen. lg Atrom |
|
06.08.2013, 16:40
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet Nee die ist nit wichtig. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 Internet Explorer Standart Seite wird auf QV06 umgeleitet |
| 4d36e972-e325-11ce-bfc1-08002be10318, alienware, cpu, desktop, entfernen, farbar, farbar recovery scan tool, fehler, flash player, google, helper, home, internet, internet browser, internet explorer, lyricxeeker, lyrixeeker, monitor, ntdll.dll, nvpciflt.sys, performance, plug-in, programm, prozess, realtek, registrierungsdatenbank, registry, scan, security, software, svchost.exe, symantec, system, vista, werbung, windows, windows-tool |
