Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 03.04.2016, 14:17   #1
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Icon21

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Hallo,
habe seit heute Morgen einen "GVU Trojaner" auf dem Rechner. Es kommt ein Sperrbildschirm (ich soll zahlen zum entsperren), ich komme auch nicht in den abgesicherten Modus.
LOG File in 2 Beiträgen mit Farbar Recovery Scan Tool ist anbei. Ich hoffe ich hab bis jetzt alles richtig gemacht & man kann mir schnell helfen
Danke!

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von SYSTEM auf MININT-V35OR70 (03-04-2016 15:00:08)
Gestartet von H:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Alison\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\Alison\...\Run: [ASRockXTU] => [X]
HKU\Alison\...\Run: [zASRockInstantBoot] => [X]
HKU\Alison\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-04-02] (Valve Corporation)
HKU\Alison\...\Run: [icq] => C:\Users\Alison\AppData\Roaming\ICQM\icq.exe [33664344 2014-02-02] (ICQ)
HKU\Alison\...\Run: [Microsoft� Windows�] => C:\Users\Alison\AppData\Local\Temp\svchos.exe <===== ACHTUNG
HKU\Alison\...\Run: [ScreenSplitter] => C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe
HKU\Alison\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\Alison\...\Run: [GalaxyClient] => D:\GalaxyClient\GalaxyClient.exe [3931192 2016-03-26] (GOG.com)
HKU\Alison\...\Run: [EADM] => D:\Origin\Origin.exe [3639280 2016-03-29] (Electronic Arts)
HKU\Alison\...\Winlogon: [Userinit] C:\Users\Alison\Desktop\    Jan Hegenberg  Games make my Day 2015.exe [58277349 2016-01-23] ()
HKU\Alison\...\Winlogon: [Shell] C:\Users\Alison\Desktop\    Jan Hegenberg  Games make my Day 2015.exe [58277349 2016-01-23] () <==== ACHTUNG
HKU\Alison\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-01-19]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2016-04-03]
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\Desktop\    Jan Hegenberg  Games make my Day 2015.exe (Keine Datei)

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-19] (Adobe Systems)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-11-17] (Digital Wave Ltd.)
S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [227896 2016-03-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [5971000 2016-03-23] (GOG.com)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2015-10-19] (The OpenVPN Project)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] ()
S2 Update Browsebeyond; "C:\Program Files (x86)\Browsebeyond\updateBrowsebeyond.exe" [X]
S2 Util Browsebeyond; "C:\Program Files (x86)\Browsebeyond\bin\utilBrowsebeyond.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2011-01-26] (ASRock Inc.)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160401.001\BHDrvx64.sys [1766640 2016-03-09] (Symantec Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-19] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-19] (Symantec Corporation)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160401.001\IDSvia64.sys [767224 2016-02-14] (Symantec Corporation)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160401.024\ENG64.SYS [138488 2015-10-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160401.024\EX64.SYS [2148080 2015-10-29] (Symantec Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
S3 umpusbvista; C:\Windows\System32\DRIVERS\umpusbvista.sys [64872 2012-09-13] (Texas Instruments Inc)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-04-03] ()
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]

========================== MD5 Treiber =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\ACPI.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\adpahci.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\adpu320.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\aliide.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\amdide.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\amdk8.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\amdppm.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\drivers\arc.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\arcsas.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\asahci64.sys 4DFF4312661F54EE87DC9A13CAEE60E0
C:\Windows\System32\DRIVERS\AsrAppCharger.sys E1AFEE1584C74050DE0DD16DE2A54BF3
C:\Windows\System32\DRIVERS\AsrRamDisk.sys 0C3F9E39C0B10D351026D580D9FF6F86
C:\Windows\System32\DRIVERS\AsrVDrive.sys 30F92A4B666E1E53C418B2D3024FDF6E
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\atapi.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\athrx.sys 40734F3A5EEC4C4AC6A1FAF10B293714
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\Beep.sys ==> MD5 ist legitim
C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20160401.001\BHDrvx64.sys 21F9843380D6151AE0E220B6CE73B9E4
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 ist legitim
C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 6A4D927BDEE8D9944FAA0012AF7AD232
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys 5A1C7DBDDB001BC6F1D1720E655445E2
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\circlass.sys ==> MD5 ist legitim
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\cmdide.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\system32\drivers\compbatt.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\ssudbus.sys 30710AEFCE721CEEE0F35EB6A01C263C
C:\Windows\System32\drivers\discache.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\disk.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 ist legitim
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys DB817375F4D6D3F2556DE7777775D885
C:\Windows\system32\drivers\elxstor.sys ==> MD5 ist legitim
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys A47F76D4AAFD6193AAC5E049C560213D
C:\Windows\system32\drivers\errdev.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\exfat.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\fdc.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\filetrace.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\hidbth.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\hidir.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\iaStorA.sys 6C91E425ACE29594BD574DE38AC9B76D
C:\Windows\System32\DRIVERS\iaStorF.sys 2B38F13E18E272459CD2CE83E6722C12
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20160401.001\IDSvia64.sys 3448DB2B812AA873ED6E5D609B1DB067
C:\Windows\System32\DRIVERS\igdkmd64.sys 24B5EE5A17AD83427D9BDFCBF7C2C1B4
C:\Windows\system32\drivers\iirsp.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\ikbevent.sys 67999A9D34A0B2479381E7A61AFC37AB
C:\Windows\System32\DRIVERS\imsevent.sys DDAE90DD5BDAC53C8C5CD5B82FC1F1B4
C:\Windows\System32\drivers\RTKVHD64.sys F242E36CDA231701CFA702641C20FAEC
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\ipnat.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\irenum.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\isapnp.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\ISCTD64.sys 970995B7C36F4408ED31C3BF204FE1F5
C:\Windows\System32\DRIVERS\iusb3hcs.sys 846354992EBB373F452EB9182D501B08
C:\Windows\System32\DRIVERS\iusb3hub.sys 1D88A23853387D34D52CC8F9DDBFC56C
C:\Windows\System32\DRIVERS\iusb3xhc.sys FC5EFD7C797DF19DFB999F0605A7924E
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\ksecdd.sys 211A379BAAB812A7B437319BD85B2435
C:\Windows\System32\Drivers\ksecpkg.sys CC1B3B52F33CBC1CE60867DA4E23537C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\luafv.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\drivers\megasas.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
C:\Windows\System32\drivers\modem.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 07F8F6B0CAEC7ADD30EBD94940A315D7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8856E45D23BFF4D977BF06D0543BCD96
C:\Windows\System32\DRIVERS\mrxsmb20.sys 8D383CED28332B5F3894658857472F47
C:\Windows\System32\drivers\msahci.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\msdsm.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\mt7612US.sys 32528D01ACBBC8DF6211268FA06D7C10
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\mup.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 ist legitim
C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160401.024\ENG64.SYS FE7B38240E86075E6BC5953496B5C2F1
C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20160401.024\EX64.SYS C002FA84570CA35F704ACF0AC4A5EAB0
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\nvhda64v.sys D812362E8AF615B521AD4DF19A93BD5A
C:\Windows\System32\DRIVERS\nvlddmkm.sys 616D9A6F59FA604612E4B25AAF36BFCA
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys CE7D19D5865937045DBF7FB87675BCCC
C:\Windows\System32\drivers\nvvad64v.sys 0BAF8B3DF77EFF04CC0BEA5F2C3657F9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\parport.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\pciide.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\pcw.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\processr.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\ql2300.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\SCDEmu.sys 20AE08C7072DD0263651F7E6D60D0ACD
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\sermouse.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\spldr.sys ==> MD5 ist legitim
C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS D6786650A26543FFF83806057458B96E
C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS BA2ABBEA69BD1866C973DE11CB0CE9F8
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 91310683D7B6B292B746D60734B59322
C:\Windows\system32\drivers\stexstor.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS 6F227CF9E64364578E2DABD1EF6E51A4
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 6DF8F618B93C821630C9BAA8DA3FAAAF
C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS EC8538693C84E5B85014CB0F4174A8B7
C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS 751C968945EFD42469FE52D6CE384196
C:\Windows\System32\DRIVERS\tap0901.sys 54CB62322B7B1210CB317C4462691B10
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\uagp35.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\umpass.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\umpusbvista.sys EC5C2E3A30498B559C13F63B6D1FF2BE
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\usb80236.sys 2C42E595E7E381596B9A14F88F5AE027
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\vga.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\viaide.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\volmgr.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\volsnap.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\wacompen.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 ist legitim
C:\Windows\system32\drivers\wd.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\wimmount.sys ==> MD5 ist legitim
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 ist legitim
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\WPRO_41_2001.sys 7CA09731EB7FC99B910C7F239E57720F
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 ist legitim
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xboxgip.sys F0701B21AE5546930A7B6DEC4C6F2779
C:\Windows\System32\DRIVERS\xinputhid.sys 9A59E1059AE62321B7B85B6EB72F1509
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Drei Monate: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-03 13:47 - 2016-04-03 15:00 - 00000000 ____D C:\FRST
2016-04-03 10:13 - 2016-01-23 11:58 - 58277349 _____ C:\Users\Alison\Desktop\    Jan Hegenberg  Games make my Day 2015.exe
2016-04-03 10:13 - 2009-04-26 19:14 - 00000753 _____ C:\Users\Alison\Desktop\00 - Jan Hegenberg - SCHLACHTENLAERM(2008).nfo
2016-04-03 10:13 - 2008-08-06 00:33 - 00000000 ____D C:\Users\Alison\Desktop\Jan Hegenberg - Gamer sind Geil
2016-04-03 10:13 - 2008-08-06 00:14 - 00000000 ____D C:\Users\Alison\Desktop\Jan Hegenberg - Bam!Hegenberg
2016-04-03 10:11 - 2016-04-03 10:13 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part06.rar
2016-04-03 10:09 - 2016-04-03 10:11 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part05.rar
2016-04-02 13:07 - 2016-04-02 13:08 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part04.rar
2016-04-02 13:05 - 2016-04-02 13:07 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part03.rar
2016-04-02 13:03 - 2016-04-02 13:05 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part02.rar
2016-04-02 13:03 - 2016-04-02 13:03 - 24519610 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part29.rar
2016-04-02 13:01 - 2016-04-02 13:03 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.part01.rar
2016-04-02 13:01 - 2016-04-02 13:01 - 00256207 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.nzb
2016-04-02 13:01 - 2016-04-02 13:01 - 00046580 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.par2
2016-04-02 13:01 - 2016-04-02 13:01 - 00003981 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E15.720p.WEB-DL.DD5.1.H.264-KiNGS.nfo
2016-04-02 12:48 - 2016-04-02 12:50 - 51009384 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol164+66.PAR2
2016-04-02 12:46 - 2016-04-02 12:48 - 51009384 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol098+66.PAR2
2016-04-02 12:45 - 2016-04-02 12:46 - 36370832 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol051+47.PAR2
2016-04-02 12:44 - 2016-04-02 12:45 - 18660008 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol027+24.PAR2
2016-04-02 12:44 - 2016-04-02 12:44 - 09397932 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol015+12.PAR2
2016-04-02 12:44 - 2016-04-02 12:44 - 06325660 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol007+08.PAR2
2016-04-02 12:44 - 2016-04-02 12:44 - 03208128 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol003+04.PAR2
2016-04-02 12:44 - 2016-04-02 12:44 - 01626732 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol001+02.PAR2
2016-04-02 12:44 - 2016-04-02 12:44 - 00813404 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.vol000+01.PAR2
2016-04-02 12:44 - 2016-04-02 12:44 - 00009888 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.srr
2016-04-02 12:42 - 2016-04-02 12:44 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part27.rar
2016-04-02 12:41 - 2016-04-02 12:42 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part26.rar
2016-04-02 12:39 - 2016-04-02 12:41 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part25.rar
2016-04-02 12:37 - 2016-04-02 12:39 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part24.rar
2016-04-02 12:36 - 2016-04-02 12:37 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part23.rar
2016-04-02 12:34 - 2016-04-02 12:36 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part22.rar
2016-04-02 12:33 - 2016-04-02 12:34 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part21.rar
2016-04-02 12:31 - 2016-04-02 12:33 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part20.rar
2016-04-02 12:29 - 2016-04-02 12:31 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part19.rar
2016-04-02 12:27 - 2016-04-02 12:29 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part18.rar
2016-04-02 12:25 - 2016-04-02 12:27 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part17.rar
2016-04-02 12:23 - 2016-04-02 12:25 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part16.rar
2016-04-02 12:22 - 2016-04-02 12:22 - 05772880 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar.vol12+9.PAR2
2016-04-02 12:22 - 2016-04-02 12:22 - 03209560 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar.vol07+5.PAR2
2016-04-02 12:22 - 2016-04-02 12:22 - 02569492 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar.vol03+4.PAR2
2016-04-02 12:22 - 2016-04-02 12:22 - 01286308 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar.vol01+2.PAR2
2016-04-02 12:22 - 2016-04-02 12:22 - 00003124 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar.par2
2016-04-02 12:21 - 2016-04-02 12:22 - 00643192 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar.vol00+1.PAR2
2016-04-02 12:18 - 2016-04-02 12:21 - 86559071 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Gamer sind Geil.rar
2016-04-02 12:18 - 2016-04-02 12:18 - 02705664 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.vol07+7.PAR2
2016-04-02 12:18 - 2016-04-02 12:18 - 01553460 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.vol03+4.PAR2
2016-04-02 12:17 - 2016-04-02 12:18 - 00779620 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.vol01+2.PAR2
2016-04-02 12:17 - 2016-04-02 12:17 - 10485760 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.part5.rar
2016-04-02 12:17 - 2016-04-02 12:17 - 00389848 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.vol00+1.PAR2
2016-04-02 12:16 - 2016-04-02 12:17 - 10485760 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.part4.rar
2016-04-02 12:16 - 2016-04-02 12:16 - 10485760 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.part3.rar
2016-04-02 12:16 - 2016-04-02 12:16 - 10485760 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.part2.rar
2016-04-02 12:15 - 2016-04-02 12:16 - 07458740 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.part6.rar
2016-04-02 12:15 - 2016-04-02 12:15 - 10485760 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.part1.rar
2016-04-02 12:15 - 2016-04-02 12:15 - 03206140 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Bam!Hegenberg.rar.vol07+5.PAR2
2016-04-02 12:15 - 2016-04-02 12:15 - 02566072 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Bam!Hegenberg.rar.vol03+4.PAR2
2016-04-02 12:15 - 2016-04-02 12:15 - 01284028 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Bam!Hegenberg.rar.vol01+2.PAR2
2016-04-02 12:15 - 2016-04-02 12:15 - 00005780 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.par2
2016-04-02 12:15 - 2016-04-02 12:15 - 00001984 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Bam!Hegenberg.rar.par2
2016-04-02 12:15 - 2016-04-02 12:15 - 00000552 _____ C:\Users\Alison\Downloads\Jan.Hegenberg-2009-Untot.auf.Urlaub.nfo
2016-04-02 12:14 - 2016-04-02 12:15 - 00642052 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Bam!Hegenberg.rar.vol00+1.PAR2
2016-04-02 12:12 - 2016-04-02 12:14 - 50443659 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Bam!Hegenberg.rar
2016-04-02 12:09 - 2016-04-02 12:11 - 43038012 _____ C:\Users\Alison\Downloads\Jan Hegenberg - Schlachtenlaerm.rar
2016-04-02 12:08 - 2016-04-02 12:12 - 58277458 _____ C:\Users\Alison\Downloads\Jan Hegenberg  Games make my Day 2015.rar
2016-04-02 12:07 - 2016-04-02 12:23 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part15.rar
2016-04-02 12:05 - 2016-04-02 12:07 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part14.rar
2016-04-02 12:03 - 2016-04-02 12:05 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part13.rar
2016-04-02 12:01 - 2016-04-02 12:03 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part12.rar
2016-04-02 12:00 - 2016-04-02 12:01 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part11.rar
2016-04-02 11:58 - 2016-04-02 12:00 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part10.rar
2016-04-02 11:55 - 2016-04-02 11:58 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part09.rar
2016-04-02 11:54 - 2016-04-02 11:55 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part08.rar
2016-04-02 11:52 - 2016-04-02 11:54 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part07.rar
2016-04-02 11:50 - 2016-04-02 11:52 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part06.rar
2016-04-02 11:48 - 2016-04-02 11:50 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part05.rar
2016-04-02 11:46 - 2016-04-02 11:48 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part04.rar
2016-04-02 11:44 - 2016-04-02 11:46 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part03.rar
2016-04-02 11:42 - 2016-04-02 11:44 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part02.rar
2016-04-02 11:40 - 2016-04-02 11:42 - 37853166 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part28.rar
2016-04-02 11:38 - 2016-04-02 11:40 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.part01.rar
2016-04-02 11:38 - 2016-04-02 11:38 - 00249727 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.nzb
2016-04-02 11:38 - 2016-04-02 11:38 - 00045336 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.par2
2016-04-02 11:38 - 2016-04-02 11:38 - 00003860 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E12.720p.WEB-DL.DD5.1.H.264-KiNGS.nfo
2016-04-02 11:36 - 2016-04-02 11:38 - 51014872 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol167+66.PAR2
2016-04-02 11:34 - 2016-04-02 11:36 - 51014872 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol101+66.PAR2
2016-04-02 11:32 - 2016-04-02 11:34 - 37143604 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol053+48.PAR2
2016-04-02 11:31 - 2016-04-02 11:32 - 19431996 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol028+25.PAR2
2016-04-02 11:31 - 2016-04-02 11:31 - 10169136 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol015+13.PAR2
2016-04-02 11:31 - 2016-04-02 11:31 - 06328796 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol007+08.PAR2
2016-04-02 11:30 - 2016-04-02 11:31 - 03210480 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol003+04.PAR2
2016-04-02 11:30 - 2016-04-02 11:30 - 01628300 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol001+02.PAR2
2016-04-02 11:30 - 2016-04-02 11:30 - 00814188 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.vol000+01.PAR2
2016-04-02 11:30 - 2016-04-02 11:30 - 00010099 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.srr
2016-04-02 11:28 - 2016-04-02 11:30 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part28.rar
2016-04-02 11:26 - 2016-04-02 11:28 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part27.rar
2016-04-02 11:24 - 2016-04-02 11:26 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part26.rar
2016-04-02 11:22 - 2016-04-02 11:24 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part25.rar
2016-04-02 11:20 - 2016-04-02 11:22 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part24.rar
2016-04-02 11:18 - 2016-04-02 11:20 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part23.rar
2016-04-02 11:16 - 2016-04-02 11:18 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part22.rar
2016-04-02 11:14 - 2016-04-02 11:16 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part21.rar
2016-04-02 11:12 - 2016-04-02 11:14 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part20.rar
2016-04-02 11:10 - 2016-04-02 11:12 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part19.rar
2016-04-02 11:08 - 2016-04-02 11:10 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part18.rar
2016-04-02 11:06 - 2016-04-02 11:08 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part17.rar
2016-04-02 11:03 - 2016-04-02 11:06 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part16.rar
2016-04-02 11:01 - 2016-04-02 11:03 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part15.rar
2016-04-02 10:59 - 2016-04-02 11:01 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part14.rar
2016-04-02 10:57 - 2016-04-02 10:59 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part13.rar
2016-04-02 10:55 - 2016-04-02 10:57 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part12.rar
2016-04-02 10:53 - 2016-04-02 10:55 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part11.rar
2016-04-02 10:51 - 2016-04-02 10:53 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part10.rar
2016-04-02 10:49 - 2016-04-02 10:51 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part09.rar
2016-04-02 10:47 - 2016-04-02 10:49 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part08.rar
2016-04-02 10:45 - 2016-04-02 10:47 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part07.rar
2016-04-02 10:43 - 2016-04-02 10:45 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part06.rar
2016-04-02 10:41 - 2016-04-02 10:43 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part05.rar
2016-04-02 10:39 - 2016-04-02 10:41 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part04.rar
2016-04-02 10:38 - 2016-04-02 10:39 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part03.rar
2016-04-02 10:35 - 2016-04-02 10:38 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part02.rar
2016-04-02 10:35 - 2016-04-02 10:35 - 06627786 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part29.rar
2016-04-02 10:33 - 2016-04-02 10:35 - 50000000 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.part01.rar
2016-04-02 10:33 - 2016-04-02 10:33 - 00253233 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.nzb
2016-04-02 10:33 - 2016-04-02 10:33 - 00046120 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.par2
2016-04-02 10:33 - 2016-04-02 10:33 - 00003862 _____ C:\Users\Alison\Downloads\Switched.at.Birth.S04E11.720p.WEB-DL.DD5.1.H.264-KiNGS.nfo
2016-03-31 19:41 - 2016-03-31 19:41 - 00207872 _____ C:\Users\Alison\Downloads\70972.xls
2016-03-31 16:35 - 2016-03-31 16:35 - 00126621 _____ C:\Users\Alison\Desktop\Amazon.pdf
2016-03-31 14:39 - 2016-03-31 14:39 - 52428800 _____ C:\Users\Alison\Downloads\TVS-GOT-DD51-DED-DL-7P-HDTV-X264-205.R34
2016-03-31 13:34 - 2016-03-31 13:35 - 52428800 _____ C:\Users\Alison\Downloads\GAMETHRONES.S02E04.HDTV.720-PRETAIL.R25
2016-03-31 13:08 - 2016-03-31 13:09 - 52428800 _____ C:\Users\Alison\Downloads\GAMETHRONES.S02E04.HDTV.720-PRETAIL.R09
2016-03-31 12:55 - 2016-03-31 12:56 - 52428800 _____ C:\Users\Alison\Downloads\GAMETHRONES.S02E04.HDTV.720-PRETAIL.R01
2016-03-31 11:09 - 2016-03-31 11:09 - 51945372 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL44+27.PAR2
2016-03-31 11:09 - 2016-03-31 11:09 - 25043732 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL31+13.PAR2
2016-03-31 11:08 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r24
2016-03-31 11:08 - 2016-03-31 11:09 - 30824624 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL15+16.PAR2
2016-03-31 11:08 - 2016-03-31 11:08 - 15443392 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL07+08.PAR2
2016-03-31 11:08 - 2016-03-31 11:08 - 07742432 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL03+04.PAR2
2016-03-31 11:08 - 2016-03-31 11:08 - 03881608 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL01+02.PAR2
2016-03-31 11:08 - 2016-03-31 11:08 - 01940852 _____ C:\Users\Alison\Downloads\ZZGTV-GOT-S02E01.VOL00+01.PAR2
2016-03-31 11:07 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r23
2016-03-31 11:07 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r22
2016-03-31 11:06 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r21
2016-03-31 11:06 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r20
2016-03-31 11:05 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r19
2016-03-31 11:05 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r18
2016-03-31 11:04 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r17
2016-03-31 11:04 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r16
2016-03-31 11:03 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r15
2016-03-31 11:03 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r14
2016-03-31 11:02 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r13
2016-03-31 11:02 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r12
2016-03-31 11:01 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r11
2016-03-31 11:01 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r10
2016-03-31 11:01 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r09
2016-03-31 11:00 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r08
2016-03-31 11:00 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r07
2016-03-31 10:59 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r06
2016-03-31 10:59 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r05
2016-03-31 10:58 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r04
2016-03-31 10:58 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r03
2016-03-31 10:58 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r02
2016-03-31 10:57 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r01
2016-03-31 10:57 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r00
2016-03-31 10:56 - 2016-04-03 10:12 - 50000000 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.rar
2016-03-31 10:56 - 2016-04-03 10:12 - 18632362 _____ C:\Users\Alison\Downloads\zzgtv-got-s02e01.r25
2016-03-31 10:34 - 2016-03-31 10:34 - 314572800 _____ C:\Users\Alison\Downloads\ACDC_Dallas2016_dEQ2496.zip.001
2016-03-31 10:33 - 2016-03-31 10:33 - 40093986 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part35.4.rar
2016-03-31 10:33 - 2016-03-31 10:33 - 40093986 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part35.3.rar
2016-03-31 10:33 - 2016-03-31 10:33 - 40093986 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part35.2.rar
2016-03-31 10:32 - 2016-03-31 10:32 - 52428800 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part34.rar
2016-03-31 10:32 - 2016-03-31 10:32 - 40093986 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part35.1.rar
2016-03-31 10:31 - 2016-03-31 10:32 - 52428800 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part33.rar
2016-03-31 10:31 - 2016-03-31 10:31 - 2046197792 _____ C:\Users\Alison\Downloads\MuMYW5hbCquVoZE.bin
2016-03-31 10:28 - 2016-03-31 10:28 - 52428800 _____ C:\Users\Alison\Downloads\94fc8c2f_467f0e23_1bd53826_5d703f4-u4e.part35.rar
2016-03-31 10:22 - 2016-03-31 10:22 - 1465517460 _____ C:\Users\Alison\Downloads\11672c046affe974788ccb0b9bf7fac1faca077e.1.avi
2016-03-31 10:20 - 2016-03-31 10:20 - 1465517460 _____ C:\Users\Alison\Downloads\11672c046affe974788ccb0b9bf7fac1faca077e.avi
2016-03-30 22:59 - 2016-03-30 22:59 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.12.rar
2016-03-30 22:59 - 2016-03-30 22:59 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.11.rar
2016-03-30 22:58 - 2016-03-30 22:59 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.10.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.9.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.8.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.7.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.6.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.5.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.4.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.2.rar
2016-03-30 22:58 - 2016-03-30 22:58 - 105346140 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.3.rar
2016-03-30 22:48 - 2016-03-30 22:49 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.1.rar
2016-03-30 22:48 - 2016-03-30 22:48 - 250000000 _____ C:\Users\Alison\Downloads\fo57SkrgEBltEeaLnoZTKnKmEuSL.part024.rar
2016-03-30 22:35 - 2016-03-30 22:35 - 00009396 _____ C:\Users\Alison\Downloads\The.Big.Bang.Theory.S09E12.720p.HDTV.X264-DIMENSION.par2
2016-03-30 18:42 - 2016-03-30 18:42 - 00000046 _____ C:\Users\Alison\My NewsLeecher Notes.txt
2016-03-29 14:44 - 2016-03-22 03:10 - 00112184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-03-29 14:43 - 2016-03-22 05:12 - 42923576 _____ C:\Windows\System32\nvcompiler.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 31555008 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 25321408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 21355248 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 20897416 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 17748712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 17342392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 17248408 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 12567608 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2016-03-29 14:43 - 2016-03-22 05:12 - 10550736 _____ C:\Windows\System32\nvptxJitCompiler.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 08659472 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 03235896 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 02809280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 01924152 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436472.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 01573432 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436472.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00959544 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00889400 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00753208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00678520 _____ C:\Windows\System32\nvfatbinaryLoader.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00501896 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00473592 _____ (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00425016 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00175368 _____ (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00151368 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00129208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-03-29 14:43 - 2016-03-22 05:12 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-03-29 14:43 - 2016-03-22 05:12 - 00000139 _____ C:\Windows\System32\nv-vk64.json
2016-03-29 14:37 - 2016-03-21 21:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2016-03-29 14:37 - 2016-03-21 21:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-03-29 14:37 - 2016-03-21 21:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2016-03-25 10:26 - 2016-03-25 10:26 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-03-25 10:21 - 2016-03-25 10:21 - 00003208 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-03-24 14:55 - 2016-03-29 19:25 - 00000000 ____D C:\Users\Alison\AppData\Roaming\OBS
2016-03-24 14:55 - 2016-03-24 14:55 - 00000000 ____D C:\Program Files\OBS
2016-03-24 14:55 - 2016-03-24 14:55 - 00000000 ____D C:\Program Files (x86)\OBS
2016-03-22 21:11 - 2016-03-22 21:11 - 00000000 ____D C:\Users\Alison\AppData\Roaming\TheLastDream
2016-03-16 22:30 - 2016-03-16 22:30 - 00128792 _____ C:\Windows\SysWOW64\vulkan-1-1-0-5-1.dll
2016-03-16 22:29 - 2016-03-16 22:29 - 00127768 _____ C:\Windows\System32\vulkan-1-1-0-5-1.dll
2016-03-16 22:29 - 2016-03-16 22:29 - 00041752 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 22:28 - 2016-03-16 22:28 - 00045848 _____ C:\Windows\System32\vulkaninfo-1-1-0-5-1.exe
2016-03-11 13:25 - 2016-03-29 14:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-11 13:25 - 2016-03-16 22:30 - 00128792 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-03-11 13:25 - 2016-03-16 22:29 - 00127768 _____ C:\Windows\System32\vulkan-1.dll
2016-03-11 13:25 - 2016-03-16 22:29 - 00041752 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-03-11 13:25 - 2016-03-16 22:28 - 00045848 _____ C:\Windows\System32\vulkaninfo.exe
2016-03-11 09:41 - 2016-02-12 19:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2016-03-11 09:41 - 2016-02-12 19:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2016-03-11 09:41 - 2016-02-12 19:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2016-03-11 09:41 - 2016-02-12 19:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2016-03-11 09:41 - 2016-02-12 19:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-11 09:41 - 2016-02-12 19:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2016-03-11 09:41 - 2016-02-12 19:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2016-03-11 09:41 - 2016-02-12 19:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2016-03-11 09:41 - 2016-02-12 19:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2016-03-11 09:41 - 2016-02-12 19:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2016-03-11 09:41 - 2016-02-12 19:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2016-03-11 09:41 - 2016-02-12 19:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2016-03-11 09:41 - 2016-02-12 19:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-11 09:41 - 2016-02-12 19:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-11 09:41 - 2016-02-12 19:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-11 09:41 - 2016-02-12 19:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-11 09:41 - 2016-02-09 07:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2016-03-11 09:41 - 2016-02-09 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-11 09:41 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-11 09:41 - 2016-02-08 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-11 09:41 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-11 09:41 - 2016-02-08 21:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-11 09:41 - 2016-02-08 21:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-11 09:41 - 2016-02-08 21:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-11 09:41 - 2016-02-08 21:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-11 09:41 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-11 09:41 - 2016-02-08 21:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-11 09:41 - 2016-02-08 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-11 09:41 - 2016-02-08 21:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-11 09:41 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-11 09:41 - 2016-02-08 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-11 09:41 - 2016-02-08 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-11 09:41 - 2016-02-08 21:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-11 09:41 - 2016-02-08 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-11 09:41 - 2016-02-08 21:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-11 09:41 - 2016-02-08 21:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-11 09:41 - 2016-02-08 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-11 09:41 - 2016-02-08 21:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-11 09:41 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-11 09:41 - 2016-02-08 21:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-11 09:41 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-03-11 09:41 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-11 09:41 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-11 09:41 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-11 09:41 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-11 09:41 - 2016-02-08 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-11 09:41 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-11 09:41 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-11 09:41 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-11 09:41 - 2016-02-08 19:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2016-03-11 09:41 - 2016-02-08 19:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2016-03-11 09:41 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2016-03-11 09:41 - 2016-02-08 19:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2016-03-11 09:41 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2016-03-11 09:41 - 2016-02-08 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2016-03-11 09:41 - 2016-02-08 19:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2016-03-11 09:41 - 2016-02-08 19:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2016-03-11 09:41 - 2016-02-08 19:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2016-03-11 09:41 - 2016-02-08 19:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2016-03-11 09:41 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2016-03-11 09:41 - 2016-02-08 19:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2016-03-11 09:41 - 2016-02-08 19:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2016-03-11 09:41 - 2016-02-08 19:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2016-03-11 09:41 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2016-03-11 09:41 - 2016-02-08 19:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2016-03-11 09:41 - 2016-02-08 19:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2016-03-11 09:41 - 2016-02-08 19:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2016-03-11 09:41 - 2016-02-08 18:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-03-11 09:41 - 2016-02-08 18:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2016-03-11 09:41 - 2016-02-08 18:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2016-03-11 09:41 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2016-03-11 09:41 - 2016-02-08 18:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2016-03-11 09:41 - 2016-02-08 18:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2016-03-11 09:41 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2016-03-11 09:41 - 2016-02-08 18:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2016-03-11 09:41 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2016-03-11 09:41 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2016-03-11 09:41 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2016-03-11 09:41 - 2016-02-08 18:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2016-03-11 09:41 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2016-03-11 09:41 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2016-03-11 09:41 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2016-03-11 09:41 - 2016-02-04 18:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2016-03-11 09:41 - 2016-02-03 19:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2016-03-11 09:41 - 2016-02-03 19:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2016-03-11 09:41 - 2016-02-03 19:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-11 09:41 - 2016-02-03 19:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-11 09:41 - 2016-02-03 19:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2016-03-11 09:41 - 2016-01-11 20:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2016-03-11 09:41 - 2015-11-19 15:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-11 09:41 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-11 09:40 - 2016-02-19 20:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2016-03-11 09:40 - 2016-02-19 19:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2016-03-11 09:40 - 2016-02-19 15:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2016-03-11 09:40 - 2016-02-11 19:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-03-11 09:40 - 2016-02-11 19:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-03-11 09:40 - 2016-02-11 19:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2016-03-11 09:40 - 2016-02-11 19:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2016-03-11 09:40 - 2016-02-11 19:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2016-03-11 09:40 - 2016-02-11 19:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2016-03-11 09:40 - 2016-02-11 19:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2016-03-11 09:40 - 2016-02-11 19:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2016-03-11 09:40 - 2016-02-11 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2016-03-11 09:40 - 2016-02-11 19:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2016-03-11 09:40 - 2016-02-11 19:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2016-03-11 09:40 - 2016-02-11 19:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2016-03-11 09:40 - 2016-02-11 19:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2016-03-11 09:40 - 2016-02-11 19:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2016-03-11 09:40 - 2016-02-11 19:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2016-03-11 09:40 - 2016-02-11 19:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-11 09:40 - 2016-02-11 19:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-11 09:40 - 2016-02-11 19:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2016-03-11 09:40 - 2016-02-11 19:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2016-03-11 09:40 - 2016-02-11 19:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2016-03-11 09:40 - 2016-02-11 19:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2016-03-11 09:40 - 2016-02-11 19:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2016-03-11 09:40 - 2016-02-11 19:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2016-03-11 09:40 - 2016-02-11 19:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-11 09:40 - 2016-02-11 19:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-11 09:40 - 2016-02-11 19:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-11 09:40 - 2016-02-11 19:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-11 09:40 - 2016-02-11 19:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-11 09:40 - 2016-02-11 19:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-11 09:40 - 2016-02-11 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-11 09:40 - 2016-02-11 19:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-11 09:40 - 2016-02-11 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-11 09:40 - 2016-02-11 19:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-11 09:40 - 2016-02-11 19:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 18:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2016-03-11 09:40 - 2016-02-11 18:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-11 09:40 - 2016-02-11 18:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2016-03-11 09:40 - 2016-02-11 18:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2016-03-11 09:40 - 2016-02-11 18:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2016-03-11 09:40 - 2016-02-11 18:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2016-03-11 09:40 - 2016-02-11 18:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2016-03-11 09:40 - 2016-02-11 18:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2016-03-11 09:40 - 2016-02-11 18:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2016-03-11 09:40 - 2016-02-11 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-11 09:40 - 2016-02-11 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-11 09:40 - 2016-02-11 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-11 09:40 - 2016-02-11 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-11 09:40 - 2016-02-11 18:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-11 09:40 - 2016-02-11 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-11 09:40 - 2016-02-11 15:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2016-03-11 09:40 - 2016-02-09 10:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2016-03-11 09:40 - 2016-02-09 10:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2016-03-11 09:40 - 2016-02-09 10:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
2016-03-11 09:40 - 2016-02-09 10:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
2016-03-11 09:40 - 2016-02-09 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\seclogon.dll
2016-03-11 09:40 - 2016-02-09 10:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
2016-03-11 09:40 - 2016-02-09 10:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-11 09:40 - 2016-02-09 10:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-11 09:40 - 2016-02-09 10:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-11 09:40 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-11 09:40 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-11 09:40 - 2016-02-05 19:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2016-03-11 09:40 - 2016-02-05 19:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2016-03-11 09:40 - 2016-02-05 19:53 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2016-03-11 09:40 - 2016-02-05 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2016-03-11 09:40 - 2016-02-05 19:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-11 09:40 - 2016-02-05 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-11 09:40 - 2016-02-05 19:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-11 09:40 - 2016-02-05 18:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2016-03-11 09:40 - 2016-02-05 18:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-11 09:40 - 2016-02-05 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-11 09:40 - 2016-02-05 15:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2016-03-11 09:40 - 2016-02-05 15:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2016-03-11 09:40 - 2016-02-05 15:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2016-03-11 09:40 - 2016-02-05 02:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2016-03-11 09:40 - 2016-02-04 19:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-11 09:33 - 2016-03-08 11:07 - 01924152 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436451.dll
2016-03-11 09:33 - 2016-03-08 11:07 - 01571776 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436451.dll
2016-03-07 22:04 - 2016-03-03 13:20 - 01922496 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436447.dll
2016-03-07 22:04 - 2016-03-03 13:20 - 01573432 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436447.dll
2016-03-04 18:34 - 2016-03-24 12:25 - 00000000 ____D C:\Users\Alison\AppData\Roaming\StardewValley
2016-03-01 20:42 - 2016-03-01 20:42 - 00016661 _____ C:\Users\Alison\Desktop\Berechnung_2015.pdf
2016-02-27 11:59 - 2016-02-27 11:59 - 00000000 ____D C:\Program Files\Microsoft Xbox One Controller for Windows
2016-02-24 17:07 - 2016-02-24 17:07 - 00000000 ____D C:\ProgramData\WEBREG
2016-02-21 12:48 - 2016-02-21 12:48 - 00000000 ____D C:\Users\Alison\AppData\LocalLow\Royal Troupe
2016-02-15 19:31 - 2016-02-09 09:39 - 01924152 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6436191.dll
2016-02-15 19:31 - 2016-02-09 09:39 - 01571776 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6436191.dll
2016-02-14 20:28 - 2016-02-14 20:28 - 00000000 ____D C:\Users\Alison\AppData\LocalLow\CampoSanto
2016-02-14 02:47 - 2016-02-14 02:47 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1-1-0-3-0.dll
2016-02-14 02:46 - 2016-02-14 02:46 - 00126232 _____ C:\Windows\System32\vulkan-1-1-0-3-0.dll
2016-02-14 02:45 - 2016-02-14 02:45 - 00045848 _____ C:\Windows\System32\vulkaninfo-1-1-0-3-0.exe
2016-02-14 02:45 - 2016-02-14 02:45 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-3-0.exe
2016-02-13 11:45 - 2016-02-13 19:03 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Artifex Mundi
2016-02-13 11:31 - 2016-04-03 13:57 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2016-02-12 18:55 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2016-02-12 18:55 - 2016-01-06 20:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2016-02-12 18:55 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-12 18:54 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2016-02-12 18:54 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-12 18:54 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2016-02-12 18:54 - 2015-12-20 19:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2016-02-12 18:54 - 2015-12-20 19:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2016-02-12 18:54 - 2015-12-20 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2016-02-12 18:53 - 2016-01-22 07:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2016-02-12 18:53 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2016-02-12 18:53 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2016-02-12 18:53 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\mtxoci.dll
2016-02-12 18:53 - 2016-01-22 07:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2016-02-12 18:53 - 2016-01-22 07:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2016-02-12 18:53 - 2016-01-22 07:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-12 18:53 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-12 18:53 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-12 18:53 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-12 18:53 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-12 18:53 - 2016-01-22 07:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-12 18:53 - 2016-01-22 06:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-12 18:53 - 2016-01-22 06:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-12 18:53 - 2016-01-22 06:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-12 18:41 - 2016-03-29 14:55 - 00000000 ____D C:\Users\Alison\AppData\Roaming\HpUpdate
2016-02-12 18:41 - 2016-02-12 18:41 - 00000000 ____D C:\Windows\Hewlett-Packard
2016-02-04 23:13 - 2016-02-04 23:13 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-02-04 23:13 - 2016-02-04 23:13 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-02-04 23:03 - 2016-02-04 23:03 - 00869568 _____ (Microsoft Corporation) C:\Windows\System32\msvcr120_clr0400.dll
2016-02-04 23:03 - 2016-02-04 23:03 - 00678600 _____ (Microsoft Corporation) C:\Windows\System32\msvcp120_clr0400.dll
2016-01-25 19:43 - 2016-04-03 10:08 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForAlison.job
2016-01-25 19:43 - 2016-04-02 09:53 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlison
2016-01-24 20:57 - 2016-02-24 17:07 - 00000000 ____D C:\Users\Alison\AppData\Roaming\HP
2016-01-20 19:10 - 2016-01-20 19:10 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Yahoo!
2016-01-20 19:10 - 2016-01-20 19:10 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Hewlett-Packard
2016-01-20 19:10 - 2016-01-20 19:10 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-01-20 19:10 - 2016-01-20 19:10 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-01-20 19:09 - 2016-01-20 19:09 - 00000000 ____D C:\Windows\SysWOW64\spool
2016-01-20 19:09 - 2016-01-20 19:09 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-01-20 19:08 - 2016-02-12 18:41 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-20 19:07 - 2016-02-24 17:07 - 00226784 _____ C:\Windows\hpoins18.dat
2016-01-20 19:07 - 2016-02-12 19:02 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-20 19:07 - 2016-01-20 19:07 - 00000000 ____D C:\System.sav
2016-01-20 19:07 - 2016-01-20 19:07 - 00000000 ____D C:\Program Files\HP
2016-01-20 19:07 - 2009-10-08 02:33 - 00005355 ____N C:\Windows\hpomdl18.dat
2016-01-20 19:06 - 2016-01-20 19:06 - 00000000 ____D C:\Users\Alison\AppData\Roaming\hpqLog
2016-01-20 19:04 - 2016-01-20 19:13 - 00000000 ____D C:\ProgramData\HP
2016-01-20 19:03 - 2009-07-08 11:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
2016-01-20 18:53 - 2016-01-25 19:43 - 00000000 ____D C:\Users\Alison\AppData\Local\Hewlett-Packard
2016-01-20 18:52 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-20 18:52 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-20 18:52 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-20 18:52 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-20 18:52 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-20 18:52 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-20 18:52 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-20 18:52 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-20 18:52 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-20 18:52 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\System32\WMVENCOD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOE.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\System32\WMALFXGFXDSP.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2adec.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOE.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\System32\WMVXENCD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\System32\MFWMAAEC.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\System32\WMVSENCD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\System32\VIDRESZR.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\System32\qasf.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\System32\RESAMPLEDMO.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\System32\MPG4DECD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\MP43DECD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\System32\COLORCNV.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\MP3DMOD.DLL
2016-01-20 18:52 - 2015-12-08 20:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\devenum.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\mfvdsp.dll
2016-01-20 18:52 - 2015-12-08 20:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2016-01-20 18:52 - 2015-12-08 20:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\ksuser.dll
2016-01-20 18:52 - 2015-12-08 20:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2016-01-20 18:52 - 2015-12-08 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2016-01-20 18:52 - 2015-12-08 20:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2016-01-20 18:52 - 2015-12-08 19:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2016-01-20 18:52 - 2015-12-08 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2016-01-20 18:52 - 2015-12-08 19:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2016-01-20 18:52 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\mapistub.dll
2016-01-20 18:52 - 2015-11-14 00:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\mapi32.dll
2016-01-20 18:52 - 2015-11-14 00:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\fixmapi.exe
2016-01-20 18:52 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-20 18:52 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-20 18:52 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-20 18:51 - 2015-12-08 22:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-20 18:51 - 2015-12-08 20:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2016-01-20 18:51 - 2015-11-16 21:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2016-01-20 18:50 - 2016-02-12 19:02 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-01-20 18:50 - 2016-01-20 19:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-01-20 18:46 - 2016-01-20 18:46 - 00003034 _____ C:\Windows\System32\Tasks\{B9545CD1-D287-43BB-9111-C81E7A918D3D}
2016-01-10 21:45 - 2016-01-10 21:45 - 00000000 ____D C:\Users\Alison\AppData\Roaming\hps-install
2016-01-10 17:00 - 2016-02-28 19:45 - 00000000 ____D C:\Program Files (x86)\Thunderbird
2016-01-06 01:25 - 2016-01-06 01:31 - 00000000 ____D C:\ProgramData\purevpn
2016-01-06 01:25 - 2016-01-06 01:25 - 00000000 ____D C:\Users\Alison\AppData\Local\IsolatedStorage
2016-01-06 01:25 - 2016-01-06 01:25 - 00000000 ____D C:\Program Files (x86)\PureVPN
2016-01-06 01:25 - 2015-10-19 17:45 - 00039040 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
         

Alt 03.04.2016, 14:18   #2
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Code:
ATTFilter
==================== Drei Monate: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-03 13:57 - 2014-08-04 19:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-03 13:57 - 2014-01-11 22:03 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2016-04-03 13:57 - 2014-01-11 21:51 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-03 13:57 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 13:50 - 2011-04-12 08:43 - 00700454 _____ C:\Windows\System32\perfh007.dat
2016-04-03 13:50 - 2011-04-12 08:43 - 00150092 _____ C:\Windows\System32\perfc007.dat
2016-04-03 13:50 - 2009-07-14 06:13 - 01624034 _____ C:\Windows\System32\PerfStringBackup.INI
2016-04-03 13:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-03 13:46 - 2014-04-27 20:16 - 01216998 _____ C:\Windows\ntbtlog.txt
2016-04-03 11:51 - 2009-07-14 05:45 - 00029136 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-03 11:51 - 2009-07-14 05:45 - 00029136 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-03 10:12 - 2014-03-08 18:14 - 00000000 ____D C:\Users\Alison\AppData\Local\QuickPar
2016-04-03 10:09 - 2014-01-14 20:30 - 00000000 ____D C:\ProgramData\Origin
2016-04-02 13:06 - 2015-08-23 18:57 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-04-02 12:57 - 2014-01-11 21:51 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 12:56 - 2014-01-12 16:41 - 00000000 ____D C:\Users\Alison\AppData\Local\CrashDumps
2016-04-02 12:55 - 2014-01-12 16:59 - 00000000 ____D C:\Users\Alison\AppData\Roaming\vlc
2016-04-02 12:54 - 2014-01-11 23:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-30 23:52 - 2015-08-02 11:14 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-03-30 21:58 - 2014-01-11 21:51 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-30 18:46 - 2016-01-01 14:19 - 00000000 ____D C:\Program Files (x86)\NewsLeecher
2016-03-30 18:42 - 2014-01-11 21:41 - 00000000 ____D C:\users\Alison
2016-03-30 02:06 - 2014-06-02 17:00 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-30 02:06 - 2014-01-11 08:17 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-30 02:05 - 2015-12-19 12:25 - 00112216 _____ C:\Windows\System32\NvRtmpStreamer64.dll
2016-03-30 02:05 - 2014-06-02 17:00 - 01756424 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2016-03-30 02:05 - 2014-01-11 08:17 - 01767248 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2016-03-29 14:45 - 2014-07-20 17:08 - 00000000 ____D C:\Temp
2016-03-29 14:45 - 2014-01-11 00:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-29 14:44 - 2014-01-10 23:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-25 12:54 - 2014-01-11 00:27 - 00000000 ____D C:\Users\Alison\Documents\telltale games
2016-03-25 10:21 - 2014-01-11 14:20 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2016-03-23 23:17 - 2015-04-05 00:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-23 23:17 - 2015-04-05 00:17 - 00000000 ___SD C:\Windows\System32\GWX
2016-03-23 21:54 - 2014-01-11 23:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-23 21:54 - 2014-01-11 23:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-23 21:54 - 2014-01-11 23:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-23 13:47 - 2014-12-07 12:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-22 05:12 - 2015-06-29 18:22 - 03286992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-03-22 05:12 - 2015-05-24 20:38 - 19004040 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2016-03-22 05:12 - 2015-05-24 20:38 - 16446032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-03-22 05:12 - 2015-05-24 20:38 - 14128840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-03-22 05:12 - 2014-08-04 19:26 - 03714472 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2016-03-22 05:12 - 2014-08-04 19:26 - 00037091 _____ C:\Windows\System32\nvinfo.pb
2016-03-22 03:25 - 2015-12-21 18:41 - 00532536 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2016-03-22 03:25 - 2015-12-21 18:41 - 00081856 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2016-03-22 03:25 - 2014-08-04 19:27 - 06369728 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2016-03-22 03:25 - 2014-08-04 19:27 - 02993088 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2016-03-22 03:25 - 2014-08-04 19:27 - 02561472 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2016-03-22 03:25 - 2014-08-04 19:27 - 01264064 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2016-03-22 03:25 - 2014-08-04 19:27 - 00393784 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2016-03-22 03:25 - 2014-08-04 19:27 - 00069568 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2016-03-20 15:44 - 2015-02-26 20:51 - 00000000 ___RD C:\Users\Alison\Dropbox
2016-03-18 19:10 - 2014-08-04 19:27 - 06253721 _____ C:\Windows\System32\nvcoproc.bin
2016-03-13 12:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-03-11 21:06 - 2009-07-14 05:45 - 00467064 _____ C:\Windows\System32\FNTCACHE.DAT
2016-03-11 14:10 - 2014-01-11 13:49 - 00000000 ____D C:\Windows\System32\MRT
2016-03-11 14:03 - 2014-12-14 11:21 - 00000000 ____D C:\Windows\System32\appraiser
2016-03-11 14:03 - 2014-01-11 13:49 - 143659408 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Einige Dateien in TEMP:
====================
C:\Users\Alison\AppData\Local\Temp\_is9E5.exe


==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => MD5 ist legitim
C:\Windows\System32\wininit.exe => MD5 ist legitim
C:\Windows\SysWOW64\wininit.exe => MD5 ist legitim
C:\Windows\explorer.exe
[2016-02-12 18:53] - [2016-01-22 06:19] - 3231232 ____A (Microsoft Corporation) 9D77CC4A36FEEA644D002CFB9B2D42C0

C:\Windows\SysWOW64\explorer.exe
[2016-02-12 18:53] - [2016-01-22 06:12] - 2973184 ____A (Microsoft Corporation) 2A156D5EBF221EF2A6AE7CE452324DAC

C:\Windows\System32\svchost.exe => MD5 ist legitim
C:\Windows\SysWOW64\svchost.exe => MD5 ist legitim
C:\Windows\System32\services.exe => MD5 ist legitim
C:\Windows\System32\User32.dll
[2015-12-11 15:38] - [2015-11-10 19:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-11 15:38] - [2015-11-10 19:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 ist legitim
C:\Windows\SysWOW64\userinit.exe => MD5 ist legitim
C:\Windows\System32\rpcss.dll => MD5 ist legitim
C:\Windows\System32\dnsapi.dll => MD5 ist legitim
C:\Windows\SysWOW64\dnsapi.dll => MD5 ist legitim
C:\Windows\System32\Drivers\volsnap.sys => MD5 ist legitim

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============


==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkt Datum: 2016-03-23 23:17
Wiederherstellungspunkt Datum: 2016-03-29 14:41
Wiederherstellungspunkt Datum: 2016-03-31 17:11
Wiederherstellungspunkt Datum: 2016-04-02 10:52

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {default}
resumeobject            {cb6f8877-7a69-11e3-a4fa-d672ef612a8a}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {cb6f8877-7a69-11e3-a4fa-d672ef612a8a}
nx                      OptIn
bootlog                 No

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  ramdisk=[C:]\Recovery\cb6f8879-7a69-11e3-a4fa-d672ef612a8a\Winre.wim,{cb6f887a-7a69-11e3-a4fa-d672ef612a8a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\cb6f8879-7a69-11e3-a4fa-d672ef612a8a\Winre.wim,{cb6f887a-7a69-11e3-a4fa-d672ef612a8a}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {cb6f8877-7a69-11e3-a4fa-d672ef612a8a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {cb6f887a-7a69-11e3-a4fa-d672ef612a8a}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\cb6f8879-7a69-11e3-a4fa-d672ef612a8a\boot.sdi


==================== Speicherinformationen =========================== 

Prozentuale Nutzung des RAM: 11%
Installierter physikalischer RAM: 8076.76 MB
Verfügbarer physikalischer RAM: 7185.93 MB
Summe virtueller Speicher: 8074.96 MB
Verfügbarer virtueller Speicher: 7182.16 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:71.14 GB) NTFS
Drive d: (Gaming) (Fixed) (Total:2794.39 GB) (Free:2125.82 GB) NTFS
Drive e: (Entertainment) (Fixed) (Total:2794.39 GB) (Free:812.44 GB) NTFS
Drive h: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 8C56B66E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 8C56B67D)

Partition: GPT.

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 8C56B661)

Partition: GPT.

========================================================
Disk: 3 (Size: 3.8 GB) (Disk ID: 039329CC)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)


LastRegBack: 2016-03-29 21:21

==================== Ende von FRST.txt ============================
         
__________________


Alt 07.04.2016, 18:12   #3
burningice
/// Malwareteam
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden




Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
  • Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
  • Wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!
Los geht's

omg was hast du dir denn da alles runtergeladen...

Schritt: 1
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [] => [X]
HKU\Alison\...\Run: [ASRockXTU] => [X]
HKU\Alison\...\Run: [zASRockInstantBoot] => [X]
HKU\Alison\...\Run: [Microsoft� Windows�] => C:\Users\Alison\AppData\Local\Temp\svchos.exe <===== ACHTUNG
C:\Users\Alison\AppData\Local\Temp\svchos.exe
HKU\Alison\...\Winlogon: [Userinit] C:\Users\Alison\Desktop\    Jan Hegenberg  Games make my Day 2015.exe [58277349 2016-01-23] ()
HKU\Alison\...\Winlogon: [Shell] C:\Users\Alison\Desktop\    Jan Hegenberg  Games make my Day 2015.exe [58277349 2016-01-23] () <==== ACHTUNG
Startup: C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk [2016-04-03]
ShortcutTarget: ja.lnk -> C:\windows\system32\config\systemprofile\Desktop\    Jan Hegenberg  Games make my Day 2015.exe (Keine Datei)
S2 Update Browsebeyond; "C:\Program Files (x86)\Browsebeyond\updateBrowsebeyond.exe" [X]
S2 Util Browsebeyond; "C:\Program Files (x86)\Browsebeyond\bin\utilBrowsebeyond.exe" [X]
2016-04-03 10:13 - 2016-01-23 11:58 - 58277349 _____ C:\Users\Alison\Desktop\    Jan Hegenberg  Games make my Day 2015.exe
2016-04-03 10:13 - 2009-04-26 19:14 - 00000753 _____ C:\Users\Alison\Desktop\00 - Jan Hegenberg - SCHLACHTENLAERM(2008).nfo
2016-04-03 10:13 - 2008-08-06 00:33 - 00000000 ____D C:\Users\Alison\Desktop\Jan Hegenberg - Gamer sind Geil
2016-04-03 10:13 - 2008-08-06 00:14 - 00000000 ____D C:\Users\Alison\Desktop\Jan Hegenberg - Bam!Hegenberg
C:\Users\Alison\AppData\Local\Temp\_is9E5.exe
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Startet der PC wieder normal?
__________________
__________________

Alt 22.05.2016, 15:42   #4
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Hallo Rafael,
leider war ich ungeduldig & habe die Entsperrung mit dieser Anleitung selbst vorgenommen; hxxp://www.chip.de/news/GVU-Trojaner-entfernen-So-entsperren-Sie-Windows_54761623.html

Danach habe ich Windows neu installiert. Updates sowie Treiber sind alle vollständig.
Mein Rechner ist jetzt leider viel zu langsam, teilweise ist er schon mit 3 Browsertabs überfordert. Habe ich eventuell immernoch einen Virus/Trojaner auf dem Rechner?

Log File von Malwarebytes anbei;

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 22.05.2016
Suchlaufzeit: 13:25
Protokolldatei: malwarebytes_scan.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.22.02
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Alison

Suchlauftyp: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 853643
Abgelaufene Zeit: 2 Std., 23 Min., 37 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
PUP.Optional.Cgminer, D:\Filme\KLEINALISON-PC\Backup Set 2013-11-03 190008\Backup Files 2013-12-15 190009\Backup files 3.zip, , [d8121cbc8f0a7cba5cb15a535fa128d8], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
anbei noch der OTL Scan

Code:
ATTFilter
OTL logfile created on: 22.05.2016 16:31:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alison\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 62,33% Memory free
15,77 Gb Paging File | 12,93 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 158,91 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 798,77 Gb Free Space | 28,58% Space Free | Partition Type: NTFS
Drive E: | 2794,39 Gb Total Space | 2122,17 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
 
Computer Name: WHEATLEY | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016.05.22 16:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Downloads\otl.exe
PRC - [2016.05.15 12:04:42 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016.05.11 16:11:56 | 000,387,944 | ---- | M] (Digital Wave Ltd.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
PRC - [2016.05.11 13:48:49 | 000,881,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016.05.10 01:26:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2016.05.02 08:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016.05.02 07:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016.04.22 08:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016.03.10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
PRC - [2016.02.26 08:28:22 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe
PRC - [2012.09.11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.09.11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.09.01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.08.21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.07.05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.12 10:52:44 | 001,763,328 | ---- | M] (Software Security System) -- C:\Programme\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe
PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016.05.16 04:30:38 | 001,102,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8e120675c80a179c177d6d9b5345e792\System.ServiceModel.Web.ni.dll
MOD - [2016.05.16 04:29:56 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c56cbffc8423ff484bf3f80aae1d5c24\System.IdentityModel.ni.dll
MOD - [2016.05.16 04:29:54 | 019,426,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a459f8b69edabf287d593a2a08c5c8d6\System.ServiceModel.ni.dll
MOD - [2016.05.16 04:29:42 | 000,357,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c8f3123f91af41242da0c54f1c0279ae\IAStorUtil.ni.dll
MOD - [2016.05.16 03:47:16 | 012,945,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MOD - [2016.05.16 03:46:57 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MOD - [2016.05.16 03:46:47 | 007,518,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MOD - [2016.05.16 03:46:19 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\347ba862763b7e7c80bdef8764ae72dc\System.Xaml.ni.dll
MOD - [2016.05.16 03:38:42 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\b8e6683310da377555399bdaacc7701f\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2016.05.16 03:00:52 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MOD - [2016.05.16 03:00:51 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\e2ab3c1c7be8727fb1f36945861e780b\System.ServiceModel.Internals.ni.dll
MOD - [2016.05.16 03:00:51 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll
MOD - [2016.05.16 03:00:50 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ffbd00c458124054f2049e9a25a7cca8\System.Runtime.Serialization.ni.dll
MOD - [2016.05.16 03:00:49 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MOD - [2016.05.16 03:00:48 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MOD - [2016.05.11 13:48:37 | 017,565,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
MOD - [2016.05.11 13:48:25 | 001,738,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
MOD - [2016.05.11 13:48:13 | 000,086,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
MOD - [2016.05.02 08:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016.04.19 23:10:58 | 000,020,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\e3544f4c4c0f4bac41f684da24a3483c\IAStorCommon.ni.dll
MOD - [2016.04.19 22:37:24 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016.04.23 06:47:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015.07.23 02:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV - [2016.05.11 16:11:56 | 000,387,944 | ---- | M] (Digital Wave Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe -- (DigitalWave.Update.Service)
SRV - [2016.05.10 01:26:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2016.05.02 07:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016.05.02 07:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2016.05.02 07:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2016.05.02 07:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2016.04.30 02:10:40 | 000,835,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016.04.27 10:24:57 | 002,120,712 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- E:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2016.04.22 08:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.04.08 02:38:11 | 000,147,400 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.02.26 08:28:22 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe -- (NSBU)
SRV - [2015.11.05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.09.21 08:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.09.11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016.05.22 13:24:50 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016.05.22 12:36:24 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2016.04.18 20:17:40 | 000,111,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2016.04.14 07:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016.02.24 02:23:33 | 001,621,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\symefasi64.sys -- (SymEFASI)
DRV:64bit: - [2016.02.24 02:23:32 | 000,577,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\symnets.sys -- (SymNetS)
DRV:64bit: - [2016.02.24 02:23:07 | 000,295,664 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2016.02.24 02:22:50 | 000,928,504 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2015.12.08 21:53:16 | 000,243,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015.12.08 21:53:16 | 000,039,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015.12.08 21:53:10 | 000,376,200 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mt7612US.sys -- (mt7612US)
DRV:64bit: - [2015.10.02 22:20:19 | 000,205,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2015.07.11 03:06:30 | 000,050,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2015.07.11 03:06:03 | 000,173,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\ccsetx64.sys -- (ccSet_NSBU)
DRV:64bit: - [2014.10.03 15:35:54 | 000,454,416 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014.05.28 09:21:06 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.09.04 21:52:26 | 004,057,808 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2012.09.17 10:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.13 18:33:52 | 000,064,872 | ---- | M] (Texas Instruments Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umpusbvista.sys -- (umpusbvista)
DRV:64bit: - [2012.09.01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.09.01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.02 10:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.12 11:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.30 00:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.06 20:38:24 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\flashud.sys -- (int0800)
DRV - [2016.05.20 16:22:50 | 002,148,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160522.001\EX64.SYS -- (NAVEX15)
DRV - [2016.05.20 16:22:50 | 000,138,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160522.001\ENG64.SYS -- (NAVENG)
DRV - [2016.05.15 12:01:13 | 000,876,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20160520.001\IDSvia64.sys -- (IDSVia64)
DRV - [2016.05.15 12:00:07 | 000,497,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2016.05.15 12:00:07 | 000,156,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2016.05.02 07:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2016.04.14 09:47:40 | 001,766,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\BASHDefs\20160502.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.12.27 14:55:40 | 000,010,752 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2012.09.26 10:28:22 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2010.02.04 10:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = FC 0A BF 89 5E AF D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\COFFADDON\ [2016.04.19 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon\ [2016.04.19 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2016.04.18 16:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKCU..\Run: [ScreenSplitter] C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42F9ABC1-C0BB-49B6-B1DC-D86C207A5DCD}: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55a5c4d9-04ac-11e6-be2b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55a5c4d9-04ac-11e6-be2b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ASRSetup.exe
O33 - MountPoints2\{821ae4ce-04ae-11e6-a2d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{821ae4ce-04ae-11e6-a2d0-806e6f6e6963}\Shell\AutoRun\command - "" = explorer index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016.05.22 12:32:22 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Wayforward Technologies
[2016.05.22 12:18:40 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.05.22 12:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2016.05.22 12:18:08 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.05.22 12:18:08 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.05.22 12:18:08 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.05.22 12:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2016.05.22 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.05.20 16:11:35 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\MotionDSP
[2016.05.20 16:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2016.05.20 16:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vReveal
[2016.05.20 16:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vReveal 3
[2016.05.20 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\MotionDSP
[2016.05.20 16:05:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\NVIDIA
[2016.05.20 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Movavi
[2016.05.20 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\VideoEditor
[2016.05.20 16:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 11
[2016.05.20 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movavi Video Editor 11
[2016.05.20 16:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Movavi Video Editor 11
[2016.05.16 20:14:29 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Winamp
[2016.05.16 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2016.05.16 12:24:24 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\NPE
[2016.05.15 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2016.05.15 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCodecPack
[2016.05.15 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2016.05.15 11:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2016.05.15 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoft
[2016.04.28 19:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2016.04.27 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2016.04.27 10:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameRoyale
[2016.04.27 10:27:48 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Origin
[2016.04.27 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Origin
[2016.04.27 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\DOSBox
[2016.04.27 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Dolphin Emulator
[2016.04.27 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2016.04.27 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Electronic Arts
[2016.04.27 10:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2016.04.27 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\java
[2016.04.27 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\.minecraft
[2016.04.27 10:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016.04.27 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Sun
[2016.04.27 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Alison\.oracle_jre_usage
[2016.04.27 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2016.04.27 10:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2016.04.27 10:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2016.04.27 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\ScummVM
[2016.04.27 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Clonk Rage
[2016.04.27 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Ceville
[2016.04.27 10:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2016.04.27 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2016.04.26 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Artifex Mundi
[2016.04.24 19:40:39 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Tap It Games
[2016.04.24 16:05:07 | 000,000,000 | ---D | C] -- C:\Temp
[2016.04.24 16:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2016.04.24 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueColorFinder
[2016.04.24 16:02:47 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
[2016.04.24 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\Windows
[2016.04.24 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\TUSB
[2016.04.24 16:02:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\QuickPar
[2016.04.24 16:00:41 | 000,196,608 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGDeviceManager.dll
[2016.04.24 16:00:41 | 000,126,976 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGMonitorDDCCISDK.dll
[2016.04.24 16:00:41 | 000,098,304 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGProtocolEngine.dll
[2016.04.24 16:00:41 | 000,016,384 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGI2CDriver.sys
[2016.04.24 16:00:41 | 000,010,752 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGPII2CDriver.sys
[2016.04.24 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2016.04.24 16:00:13 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\WinRAR
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2016.04.24 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.04.24 15:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.04.24 15:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2016.04.24 15:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2016.04.24 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\savedgames
[2016.04.24 15:37:53 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\to the moon - freebird games
[2016.04.24 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\3909
[2016.04.24 15:37:46 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\doublefine
[2016.04.24 15:36:40 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Telltale Games
[2016.04.24 15:36:33 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Tropico 4
[2016.04.24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\TheLastDream
[2016.04.24 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Daedalic Entertainment
[2016.04.24 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\StardewValley
[2016.04.24 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\My Games
[2016.04.24 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Steam
[2016.04.24 15:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2016.04.22 17:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016.05.22 16:25:33 | 000,003,068 | ---- | M] () -- C:\Users\Alison\Desktop\malwarebytes_scan.xml
[2016.05.22 16:20:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.05.22 16:20:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.05.22 16:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.05.22 15:24:19 | 001,624,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.05.22 15:24:19 | 000,700,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016.05.22 15:24:19 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.05.22 15:24:19 | 000,150,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016.05.22 15:24:19 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.05.22 13:24:50 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.05.22 12:36:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.05.22 12:36:24 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2016.05.22 12:36:21 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016.05.22 12:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.05.22 12:36:02 | 2056,851,455 | -HS- | M] () -- C:\hiberfil.sys
[2016.05.22 12:32:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xinputhid_01011.Wdf
[2016.05.22 12:18:10 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.05.20 16:03:05 | 000,004,963 | ---- | M] () -- C:\ProgramData\rxsmznjf.zcp
[2016.05.20 16:03:05 | 000,000,016 | ---- | M] () -- C:\ProgramData\mntemp
[2016.05.16 11:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016.05.16 04:05:36 | 000,269,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.05.15 12:26:42 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.05.10 06:07:01 | 042,923,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.05.10 06:07:01 | 037,567,424 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.05.10 06:07:01 | 010,566,520 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.05.10 06:07:01 | 008,673,880 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.05.10 06:07:01 | 000,678,704 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.05.10 06:07:01 | 000,571,912 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.05.10 06:07:01 | 000,037,091 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016.05.10 06:07:01 | 000,000,592 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016.05.10 06:07:01 | 000,000,592 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.05.06 16:02:00 | 006,423,191 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016.05.04 04:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016.05.04 04:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.05.04 04:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.05.04 04:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.05.04 04:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.05.02 07:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2016.05.01 12:46:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016.04.28 19:58:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.04.24 16:03:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_umpusbvista_01009.Wdf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016.05.22 13:22:47 | 000,003,068 | ---- | C] () -- C:\Users\Alison\Desktop\malwarebytes_scan.xml
[2016.05.22 12:32:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xinputhid_01011.Wdf
[2016.05.22 12:18:10 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.05.20 16:03:05 | 000,004,963 | ---- | C] () -- C:\ProgramData\rxsmznjf.zcp
[2016.05.20 16:03:05 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2016.05.16 12:43:40 | 010,566,520 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.05.16 12:43:40 | 008,673,880 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.05.16 12:43:39 | 000,678,704 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.05.16 12:43:39 | 000,571,912 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.05.16 12:43:39 | 000,037,091 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2016.05.16 12:43:38 | 042,923,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.05.16 12:43:38 | 037,567,424 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.05.16 12:43:37 | 000,000,592 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016.05.16 12:43:37 | 000,000,592 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.05.04 04:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016.05.01 12:46:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016.04.28 19:58:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.04.24 16:03:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_umpusbvista_01009.Wdf
[2016.04.24 16:00:41 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2016.04.22 17:43:47 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.04.22 17:43:47 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.04.22 17:43:47 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.04.22 17:43:47 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.04.17 17:17:53 | 001,597,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016.04.17 17:08:15 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2016.04.17 17:08:15 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2016.04.17 17:08:15 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2016.03.16 23:30:22 | 000,128,792 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-5-1.dll
[2016.03.16 23:29:38 | 000,041,752 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-5-1.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.01.22 08:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.01.22 08:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016.04.27 10:23:31 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\.minecraft
[2016.04.24 15:37:47 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\3909
[2016.04.26 13:36:27 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Artifex Mundi
[2016.04.27 10:17:01 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Clonk Rage
[2016.04.24 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\doublefine
[2016.05.15 11:55:33 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoft
[2016.04.27 10:23:32 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\java
[2016.05.20 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\MotionDSP
[2016.04.18 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\NewsLeecher
[2016.04.27 10:34:18 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Origin
[2016.04.18 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Sahmon Games
[2016.04.27 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\ScummVM
[2016.04.27 11:10:15 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\StardewValley
[2016.04.24 19:40:39 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Tap It Games
[2016.04.24 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\TheLastDream
[2016.04.18 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Thunderbird
[2016.04.24 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\to the moon - freebird games
[2016.04.24 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Tropico 4
[2016.05.22 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Wayforward Technologies
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2016 16:31:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alison\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 62,33% Memory free
15,77 Gb Paging File | 12,93 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 158,91 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 798,77 Gb Free Space | 28,58% Space Free | Partition Type: NTFS
Drive E: | 2794,39 Gb Total Space | 2122,17 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
 
Computer Name: WHEATLEY | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D07023E-BCD3-4C1F-8098-8D31955B8BAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1067F9EB-EF90-4089-82DB-E1A54F9B8395}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1098363A-C366-45BA-B5A3-1E58DD4DBA70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11A32BD5-F62B-43E9-86A8-D4DEEF994F20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{1701045D-5505-4400-A4C2-9A4462AEC1DD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{205538C1-40A7-4F49-8056-614F919AE0EE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2FC1D2BA-56BC-4283-9ADF-A6D6198C0B36}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe | 
"{31D5AF50-F8EF-479A-8115-43EFA97D9B0F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | 
"{3D44CBBE-1CED-46D0-BC2B-A51A9AC489EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{47EE064F-EDAD-42F8-8342-8AC4BC419AC2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4AF46C87-7E0D-4C7E-BC38-CB32231CBC6C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{553DBE44-EBDA-460D-8B15-0F615AF4A97E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{55BDB464-7E40-47E1-94D9-EFDF9EC86253}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{631DAADE-970B-4728-8F86-B288DDB1E99C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68618D76-2366-4310-AB97-74A16013ECA1}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | 
"{6C7F4ACC-597E-400B-8452-C25884ABD3E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71C45793-8878-41ED-8E0F-6740C94F63C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75C98120-875E-4D23-A2B0-5847C2DCE7FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A6035EE-3437-4AB6-AA97-D149A81C1ED6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BB7873F-69D9-4365-B1C5-633FDC20FEEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8CEC3C62-FA3C-468C-BFBC-1A6F4934E731}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{8F615C8B-B291-4EE5-A68F-5E9762DC3E3C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{92D822AE-6C63-4EE5-B456-A8484BDDB89E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A7BA1660-ED29-4260-A27C-29C0DB711109}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA31FBEB-2432-46F1-B497-500F3BF89A49}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C2A1FA61-515B-46A8-8C90-41472EB6E49F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C96731C5-AC00-442D-BBAC-DAADE03E81CA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CE8B6424-5ED5-41AE-BA7D-70E55EA0030F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EFF30D81-91B7-4442-A887-4263B9621271}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0302A7F5-821D-4DFC-B1F5-9EB71E1D3C24}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\don't starve together\bin\dontstarve_steam.exe | 
"{03B028BF-6E5F-4CD9-B4D5-E5976C7AB925}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\amnesia.exe | 
"{064911C4-2D60-4D82-B4B3-F8C481074D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{06692CEE-5125-4C26-BA91-0E0417C95C7C}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{0A3EA5CC-F9CB-4AD0-BDDE-2955294FF221}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\ducktales remastered\executable\ducktales.exe | 
"{0CD9F526-4F03-437B-A109-7DF4B1B8D3B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{111E360D-376B-423D-B586-0E2DD5FDE796}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{139DEB8C-A7FF-40B5-9FB5-1CFDCD81A16F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{13EC851B-CE61-4846-ABAC-52BFD94D1FE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1F1302BA-E20C-4D94-B8F1-0076EFDC8E28}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\game character hub\gamecharacterhub.exe | 
"{29633046-79DD-460A-B730-97A5DD88BB4D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dark arcana the carnival\darkarcana_thecarnival.exe | 
"{3BC90C1B-DE42-41A5-8635-0FCADE8E7B8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40B68381-379E-4292-847F-72F326E5003A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{44A58BB2-7AC0-431C-BF34-0B8A19E1190B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\don't starve together\bin\dontstarve_steam.exe | 
"{492446DB-E717-49C4-8AE3-F876868B0892}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\amnesia.exe | 
"{4E4AD17A-668D-445E-9FB8-AEBDBEBE8E98}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{5850704C-803E-48BA-AA12-FCF6B48C070F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{636155BB-37E9-4B78-8E1B-F192842D59C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A129139-5F6B-437F-8042-306F5A4AFC9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C6B026A-F77B-4F6C-82CB-2FD0B90F103B}" = protocol=17 | dir=in | app=e:\steam\bin\steamwebhelper.exe | 
"{70A45BCE-DCAD-49E0-8DBB-99266CD418A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{739AA5CC-35B7-4AEC-8E72-8EF30D6A8708}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{787677A1-0601-4907-8B64-E9F5A0446BBB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{7F2A43D4-F2DF-4529-A3D3-18A66108D78A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike source\hl2.exe | 
"{8696C641-2FFD-4DDA-901F-C2B09D779CC7}" = protocol=6 | dir=in | app=e:\steam\bin\steamwebhelper.exe | 
"{89FA0C19-4C24-471E-B985-CEC92753CB06}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dark arcana the carnival\darkarcana_thecarnival.exe | 
"{909AB35A-A5A7-407F-868B-61D0D1784596}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{95C44A90-7A4A-44E8-9F24-51A98007BCAE}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{A5A8D1D6-61A4-45AF-8904-29DD60AEA4BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC1DF24D-10C0-415C-AB16-FEF027664ACB}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\firewatch\firewatch.exe | 
"{AC586E62-82B1-4980-9B19-D5C9043FA56D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AD57C20B-8CEB-4F3D-AA59-666D67E3E79A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\game character hub\gamecharacterhub.exe | 
"{AEA7FFDE-317B-4093-A4D5-7C9CA81DD13F}" = protocol=6 | dir=out | app=system | 
"{B7EF106C-8EEF-4F3F-A273-9064DA86D6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{B93494B4-EA89-4D53-A44D-31F373F92177}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{BAA160D6-DF1F-48F1-9DBC-FF0CFDB99ADE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{BACA108D-07C2-4FF4-AD09-E80F4F807401}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BBFA0410-A265-4CE2-8DE7-C1C7BBF11E09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C8991E04-4610-49B2-BA15-E4E383249CD7}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike source\hl2.exe | 
"{CC2EB339-EF41-42AF-9094-0FEFE7DAC17D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5FDA596-FC1B-47F2-9C3F-BD01BA990B0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{DC7C5F33-E772-4FE4-80DE-B8CE3BA64FB0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\ducktales remastered\executable\ducktales.exe | 
"{DFD74E19-04F3-4B4E-8DCA-B9501BF0B774}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{E7944685-D8B3-4A1D-901F-B950C08E8E80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1614141-4994-44EC-9E38-D3730037FEB5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{F5238F5E-BD2C-4069-A33E-CB9816667286}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\firewatch\firewatch.exe | 
"{F66D506A-C8FE-42B7-B66E-BE09232EEFE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266CCC48-9AA1-404E-A1CB-558E8CC46F69}" = Windows OEM Preinstallation Kit
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.6.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AAC5C889-B75D-3368-BC63-CB660DE44C66}" = Microsoft .NET Framework 4.6.1 (DEU)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 364.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"Steam App 237630" = DuckTales Remastered
"Steam App 284730" = Dark Arcana: The Carnival
"Steam App 284870" = 9 Clues: The Secret of Serpent Creek
"VIRTU MVP_is1" = VIRTU MVP 2.1.111
"VulkanRT1.0.11.1" = Vulkan Run Time Libraries 1.0.11.1
"VulkanRT1.0.5.1" = Vulkan Run Time Libraries 1.0.5.1
"WinRAR archiver" = WinRAR 5.31 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F15DF4D-DCA2-4995-BD65-4A56322C180B}" = True Color Finder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4fd02573-5f12-4ae4-8027-c63f8e1115af}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824184103}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BED1C00F-3FC6-4380-AA86-7AF2D570C9EE}_is1" = Game Royale Version 1.1
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}" = GIGABYTE OC_GURU II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = TUSB3410
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"ElsterFormular" = ElsterFormular
"Free YouTube To MP3 Converter_is1" = Free YouTube To MP3 Converter
"Google Chrome" = Google Chrome
"InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}" = GIGABYTE OC_GURU II
"InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = Texas Instruments TUSB3410 drivers.
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.1.1043
"Movavi Video Editor 11" = Movavi Video Editor 11
"Mozilla Thunderbird 45.0 (x86 de)" = Mozilla Thunderbird 45.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewsLeecher_is1" = NewsLeecher version v7.0 Beta 14
"NSBU" = Norton Security Online mit Backup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QuickPar" = QuickPar 0.9
"Steam" = Steam
"VLC media player" = VLC media player
"vReveal 3" = vReveal 3
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2016 10:00:44 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 20.05.2016 10:02:28 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.05.2016 10:15:42 | Computer Name = Wheatley | Source = Application Hang | ID = 1002
Description = Programm vRevealG.exe, Version 3.2.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 62c    Startzeit: 
01d1b2a1838ffd5c    Endzeit: 529    Anwendungspfad: C:\Program Files (x86)\vReveal 3\vRevealG.exe

Berichts-ID:
 4616a03a-1e95-11e6-b895-010101010000  
 
Error - 21.05.2016 09:15:09 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 21.05.2016 09:16:51 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2016 05:25:11 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 22.05.2016 05:26:55 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2016 06:33:36 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DuckTales.exe, Version: 0.0.0.0, 
Zeitstempel: 0x52cb3004  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418,
 Zeitstempel: 0x5708a73e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033b1e  ID des fehlerhaften
 Prozesses: 0x1b38  Startzeit der fehlerhaften Anwendung: 0x01d1b4152c59b26b  Pfad der
 fehlerhaften Anwendung: E:\Steam\steamapps\common\DuckTales Remastered\Executable\DuckTales.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a32f1877-2008-11e6-b786-010101010000
 
Error - 22.05.2016 06:36:24 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 22.05.2016 06:37:50 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.04.2016 02:01:58 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
 Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - 
Intel(R) HD Graphics
 
Error - 22.04.2016 05:17:09 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
 WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA
 GeForce GTX 770
 
Error - 22.04.2016 05:17:26 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
 Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - 
Intel(R) HD Graphics
 
Error - 22.04.2016 05:17:39 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
 WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA
 GeForce GTX 770
 
Error - 22.04.2016 05:17:56 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
 Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - 
Intel(R) HD Graphics
 
Error - 27.04.2016 05:07:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 27.04.2016 05:07:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.05.2016 05:47:58 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.05.2016 05:47:58 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.05.2016 05:49:59 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Digital Wave Update Service" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         

Alt 22.05.2016, 15:43   #5
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



anbei noch der OTL Scan

Code:
ATTFilter
OTL logfile created on: 22.05.2016 16:31:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alison\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 62,33% Memory free
15,77 Gb Paging File | 12,93 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 158,91 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 798,77 Gb Free Space | 28,58% Space Free | Partition Type: NTFS
Drive E: | 2794,39 Gb Total Space | 2122,17 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
 
Computer Name: WHEATLEY | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016.05.22 16:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Downloads\otl.exe
PRC - [2016.05.15 12:04:42 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016.05.11 16:11:56 | 000,387,944 | ---- | M] (Digital Wave Ltd.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
PRC - [2016.05.11 13:48:49 | 000,881,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016.05.10 01:26:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2016.05.02 08:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016.05.02 07:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016.04.22 08:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016.03.10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
PRC - [2016.02.26 08:28:22 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe
PRC - [2012.09.11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.09.11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.09.01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.08.21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.07.05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.12 10:52:44 | 001,763,328 | ---- | M] (Software Security System) -- C:\Programme\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe
PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016.05.16 04:30:38 | 001,102,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8e120675c80a179c177d6d9b5345e792\System.ServiceModel.Web.ni.dll
MOD - [2016.05.16 04:29:56 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c56cbffc8423ff484bf3f80aae1d5c24\System.IdentityModel.ni.dll
MOD - [2016.05.16 04:29:54 | 019,426,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a459f8b69edabf287d593a2a08c5c8d6\System.ServiceModel.ni.dll
MOD - [2016.05.16 04:29:42 | 000,357,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c8f3123f91af41242da0c54f1c0279ae\IAStorUtil.ni.dll
MOD - [2016.05.16 03:47:16 | 012,945,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MOD - [2016.05.16 03:46:57 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MOD - [2016.05.16 03:46:47 | 007,518,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MOD - [2016.05.16 03:46:19 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\347ba862763b7e7c80bdef8764ae72dc\System.Xaml.ni.dll
MOD - [2016.05.16 03:38:42 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\b8e6683310da377555399bdaacc7701f\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2016.05.16 03:00:52 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MOD - [2016.05.16 03:00:51 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\e2ab3c1c7be8727fb1f36945861e780b\System.ServiceModel.Internals.ni.dll
MOD - [2016.05.16 03:00:51 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll
MOD - [2016.05.16 03:00:50 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ffbd00c458124054f2049e9a25a7cca8\System.Runtime.Serialization.ni.dll
MOD - [2016.05.16 03:00:49 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MOD - [2016.05.16 03:00:48 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MOD - [2016.05.11 13:48:37 | 017,565,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
MOD - [2016.05.11 13:48:25 | 001,738,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
MOD - [2016.05.11 13:48:13 | 000,086,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
MOD - [2016.05.02 08:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016.04.19 23:10:58 | 000,020,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\e3544f4c4c0f4bac41f684da24a3483c\IAStorCommon.ni.dll
MOD - [2016.04.19 22:37:24 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016.04.23 06:47:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015.07.23 02:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV - [2016.05.11 16:11:56 | 000,387,944 | ---- | M] (Digital Wave Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe -- (DigitalWave.Update.Service)
SRV - [2016.05.10 01:26:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2016.05.02 07:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016.05.02 07:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2016.05.02 07:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2016.05.02 07:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2016.04.30 02:10:40 | 000,835,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016.04.27 10:24:57 | 002,120,712 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- E:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2016.04.22 08:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.04.08 02:38:11 | 000,147,400 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.02.26 08:28:22 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe -- (NSBU)
SRV - [2015.11.05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.09.21 08:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.09.11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016.05.22 13:24:50 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016.05.22 12:36:24 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2016.04.18 20:17:40 | 000,111,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2016.04.14 07:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016.02.24 02:23:33 | 001,621,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\symefasi64.sys -- (SymEFASI)
DRV:64bit: - [2016.02.24 02:23:32 | 000,577,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\symnets.sys -- (SymNetS)
DRV:64bit: - [2016.02.24 02:23:07 | 000,295,664 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2016.02.24 02:22:50 | 000,928,504 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2015.12.08 21:53:16 | 000,243,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015.12.08 21:53:16 | 000,039,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015.12.08 21:53:10 | 000,376,200 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mt7612US.sys -- (mt7612US)
DRV:64bit: - [2015.10.02 22:20:19 | 000,205,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2015.07.11 03:06:30 | 000,050,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2015.07.11 03:06:03 | 000,173,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\ccsetx64.sys -- (ccSet_NSBU)
DRV:64bit: - [2014.10.03 15:35:54 | 000,454,416 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014.05.28 09:21:06 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.09.04 21:52:26 | 004,057,808 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2012.09.17 10:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.13 18:33:52 | 000,064,872 | ---- | M] (Texas Instruments Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umpusbvista.sys -- (umpusbvista)
DRV:64bit: - [2012.09.01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.09.01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.02 10:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.12 11:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.30 00:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.06 20:38:24 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\flashud.sys -- (int0800)
DRV - [2016.05.20 16:22:50 | 002,148,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160522.001\EX64.SYS -- (NAVEX15)
DRV - [2016.05.20 16:22:50 | 000,138,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160522.001\ENG64.SYS -- (NAVENG)
DRV - [2016.05.15 12:01:13 | 000,876,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20160520.001\IDSvia64.sys -- (IDSVia64)
DRV - [2016.05.15 12:00:07 | 000,497,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2016.05.15 12:00:07 | 000,156,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2016.05.02 07:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2016.04.14 09:47:40 | 001,766,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\BASHDefs\20160502.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.12.27 14:55:40 | 000,010,752 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2012.09.26 10:28:22 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2010.02.04 10:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = FC 0A BF 89 5E AF D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\COFFADDON\ [2016.04.19 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon\ [2016.04.19 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2016.04.18 16:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKCU..\Run: [ScreenSplitter] C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42F9ABC1-C0BB-49B6-B1DC-D86C207A5DCD}: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55a5c4d9-04ac-11e6-be2b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55a5c4d9-04ac-11e6-be2b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ASRSetup.exe
O33 - MountPoints2\{821ae4ce-04ae-11e6-a2d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{821ae4ce-04ae-11e6-a2d0-806e6f6e6963}\Shell\AutoRun\command - "" = explorer index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016.05.22 12:32:22 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Wayforward Technologies
[2016.05.22 12:18:40 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.05.22 12:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2016.05.22 12:18:08 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.05.22 12:18:08 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.05.22 12:18:08 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.05.22 12:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2016.05.22 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.05.20 16:11:35 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\MotionDSP
[2016.05.20 16:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2016.05.20 16:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vReveal
[2016.05.20 16:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vReveal 3
[2016.05.20 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\MotionDSP
[2016.05.20 16:05:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\NVIDIA
[2016.05.20 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Movavi
[2016.05.20 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\VideoEditor
[2016.05.20 16:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 11
[2016.05.20 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movavi Video Editor 11
[2016.05.20 16:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Movavi Video Editor 11
[2016.05.16 20:14:29 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Winamp
[2016.05.16 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2016.05.16 12:24:24 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\NPE
[2016.05.15 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2016.05.15 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCodecPack
[2016.05.15 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2016.05.15 11:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2016.05.15 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoft
[2016.04.28 19:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2016.04.27 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2016.04.27 10:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameRoyale
[2016.04.27 10:27:48 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Origin
[2016.04.27 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Origin
[2016.04.27 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\DOSBox
[2016.04.27 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Dolphin Emulator
[2016.04.27 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2016.04.27 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Electronic Arts
[2016.04.27 10:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2016.04.27 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\java
[2016.04.27 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\.minecraft
[2016.04.27 10:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016.04.27 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Sun
[2016.04.27 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Alison\.oracle_jre_usage
[2016.04.27 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2016.04.27 10:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2016.04.27 10:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2016.04.27 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\ScummVM
[2016.04.27 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Clonk Rage
[2016.04.27 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Ceville
[2016.04.27 10:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2016.04.27 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2016.04.26 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Artifex Mundi
[2016.04.24 19:40:39 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Tap It Games
[2016.04.24 16:05:07 | 000,000,000 | ---D | C] -- C:\Temp
[2016.04.24 16:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2016.04.24 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueColorFinder
[2016.04.24 16:02:47 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
[2016.04.24 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\Windows
[2016.04.24 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\TUSB
[2016.04.24 16:02:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\QuickPar
[2016.04.24 16:00:41 | 000,196,608 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGDeviceManager.dll
[2016.04.24 16:00:41 | 000,126,976 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGMonitorDDCCISDK.dll
[2016.04.24 16:00:41 | 000,098,304 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGProtocolEngine.dll
[2016.04.24 16:00:41 | 000,016,384 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGI2CDriver.sys
[2016.04.24 16:00:41 | 000,010,752 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGPII2CDriver.sys
[2016.04.24 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2016.04.24 16:00:13 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\WinRAR
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2016.04.24 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.04.24 15:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.04.24 15:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2016.04.24 15:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2016.04.24 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\savedgames
[2016.04.24 15:37:53 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\to the moon - freebird games
[2016.04.24 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\3909
[2016.04.24 15:37:46 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\doublefine
[2016.04.24 15:36:40 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Telltale Games
[2016.04.24 15:36:33 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Tropico 4
[2016.04.24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\TheLastDream
[2016.04.24 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Daedalic Entertainment
[2016.04.24 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\StardewValley
[2016.04.24 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\My Games
[2016.04.24 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Steam
[2016.04.24 15:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2016.04.22 17:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016.05.22 16:25:33 | 000,003,068 | ---- | M] () -- C:\Users\Alison\Desktop\malwarebytes_scan.xml
[2016.05.22 16:20:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.05.22 16:20:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.05.22 16:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.05.22 15:24:19 | 001,624,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.05.22 15:24:19 | 000,700,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016.05.22 15:24:19 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.05.22 15:24:19 | 000,150,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016.05.22 15:24:19 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.05.22 13:24:50 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.05.22 12:36:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.05.22 12:36:24 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2016.05.22 12:36:21 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016.05.22 12:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.05.22 12:36:02 | 2056,851,455 | -HS- | M] () -- C:\hiberfil.sys
[2016.05.22 12:32:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xinputhid_01011.Wdf
[2016.05.22 12:18:10 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.05.20 16:03:05 | 000,004,963 | ---- | M] () -- C:\ProgramData\rxsmznjf.zcp
[2016.05.20 16:03:05 | 000,000,016 | ---- | M] () -- C:\ProgramData\mntemp
[2016.05.16 11:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016.05.16 04:05:36 | 000,269,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.05.15 12:26:42 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.05.10 06:07:01 | 042,923,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.05.10 06:07:01 | 037,567,424 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.05.10 06:07:01 | 010,566,520 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.05.10 06:07:01 | 008,673,880 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.05.10 06:07:01 | 000,678,704 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.05.10 06:07:01 | 000,571,912 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.05.10 06:07:01 | 000,037,091 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016.05.10 06:07:01 | 000,000,592 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016.05.10 06:07:01 | 000,000,592 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.05.06 16:02:00 | 006,423,191 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016.05.04 04:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016.05.04 04:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.05.04 04:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.05.04 04:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.05.04 04:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.05.02 07:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2016.05.01 12:46:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016.04.28 19:58:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.04.24 16:03:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_umpusbvista_01009.Wdf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016.05.22 13:22:47 | 000,003,068 | ---- | C] () -- C:\Users\Alison\Desktop\malwarebytes_scan.xml
[2016.05.22 12:32:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xinputhid_01011.Wdf
[2016.05.22 12:18:10 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2016.05.20 16:03:05 | 000,004,963 | ---- | C] () -- C:\ProgramData\rxsmznjf.zcp
[2016.05.20 16:03:05 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2016.05.16 12:43:40 | 010,566,520 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.05.16 12:43:40 | 008,673,880 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.05.16 12:43:39 | 000,678,704 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.05.16 12:43:39 | 000,571,912 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.05.16 12:43:39 | 000,037,091 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2016.05.16 12:43:38 | 042,923,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.05.16 12:43:38 | 037,567,424 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.05.16 12:43:37 | 000,000,592 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016.05.16 12:43:37 | 000,000,592 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.05.04 04:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016.05.01 12:46:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016.04.28 19:58:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.04.24 16:03:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_umpusbvista_01009.Wdf
[2016.04.24 16:00:41 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2016.04.22 17:43:47 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.04.22 17:43:47 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.04.22 17:43:47 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.04.22 17:43:47 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.04.17 17:17:53 | 001,597,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016.04.17 17:08:15 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2016.04.17 17:08:15 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2016.04.17 17:08:15 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2016.03.16 23:30:22 | 000,128,792 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-5-1.dll
[2016.03.16 23:29:38 | 000,041,752 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-5-1.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.01.22 08:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.01.22 08:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016.04.27 10:23:31 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\.minecraft
[2016.04.24 15:37:47 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\3909
[2016.04.26 13:36:27 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Artifex Mundi
[2016.04.27 10:17:01 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Clonk Rage
[2016.04.24 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\doublefine
[2016.05.15 11:55:33 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoft
[2016.04.27 10:23:32 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\java
[2016.05.20 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\MotionDSP
[2016.04.18 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\NewsLeecher
[2016.04.27 10:34:18 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Origin
[2016.04.18 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Sahmon Games
[2016.04.27 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\ScummVM
[2016.04.27 11:10:15 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\StardewValley
[2016.04.24 19:40:39 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Tap It Games
[2016.04.24 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\TheLastDream
[2016.04.18 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Thunderbird
[2016.04.24 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\to the moon - freebird games
[2016.04.24 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Tropico 4
[2016.05.22 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Wayforward Technologies
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2016 16:31:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alison\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 62,33% Memory free
15,77 Gb Paging File | 12,93 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 158,91 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 798,77 Gb Free Space | 28,58% Space Free | Partition Type: NTFS
Drive E: | 2794,39 Gb Total Space | 2122,17 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
 
Computer Name: WHEATLEY | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D07023E-BCD3-4C1F-8098-8D31955B8BAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1067F9EB-EF90-4089-82DB-E1A54F9B8395}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1098363A-C366-45BA-B5A3-1E58DD4DBA70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11A32BD5-F62B-43E9-86A8-D4DEEF994F20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{1701045D-5505-4400-A4C2-9A4462AEC1DD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{205538C1-40A7-4F49-8056-614F919AE0EE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2FC1D2BA-56BC-4283-9ADF-A6D6198C0B36}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe | 
"{31D5AF50-F8EF-479A-8115-43EFA97D9B0F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | 
"{3D44CBBE-1CED-46D0-BC2B-A51A9AC489EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{47EE064F-EDAD-42F8-8342-8AC4BC419AC2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4AF46C87-7E0D-4C7E-BC38-CB32231CBC6C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{553DBE44-EBDA-460D-8B15-0F615AF4A97E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{55BDB464-7E40-47E1-94D9-EFDF9EC86253}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{631DAADE-970B-4728-8F86-B288DDB1E99C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68618D76-2366-4310-AB97-74A16013ECA1}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | 
"{6C7F4ACC-597E-400B-8452-C25884ABD3E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71C45793-8878-41ED-8E0F-6740C94F63C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75C98120-875E-4D23-A2B0-5847C2DCE7FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A6035EE-3437-4AB6-AA97-D149A81C1ED6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BB7873F-69D9-4365-B1C5-633FDC20FEEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8CEC3C62-FA3C-468C-BFBC-1A6F4934E731}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{8F615C8B-B291-4EE5-A68F-5E9762DC3E3C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{92D822AE-6C63-4EE5-B456-A8484BDDB89E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A7BA1660-ED29-4260-A27C-29C0DB711109}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA31FBEB-2432-46F1-B497-500F3BF89A49}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C2A1FA61-515B-46A8-8C90-41472EB6E49F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C96731C5-AC00-442D-BBAC-DAADE03E81CA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CE8B6424-5ED5-41AE-BA7D-70E55EA0030F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EFF30D81-91B7-4442-A887-4263B9621271}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0302A7F5-821D-4DFC-B1F5-9EB71E1D3C24}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\don't starve together\bin\dontstarve_steam.exe | 
"{03B028BF-6E5F-4CD9-B4D5-E5976C7AB925}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\amnesia.exe | 
"{064911C4-2D60-4D82-B4B3-F8C481074D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{06692CEE-5125-4C26-BA91-0E0417C95C7C}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{0A3EA5CC-F9CB-4AD0-BDDE-2955294FF221}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\ducktales remastered\executable\ducktales.exe | 
"{0CD9F526-4F03-437B-A109-7DF4B1B8D3B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{111E360D-376B-423D-B586-0E2DD5FDE796}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{139DEB8C-A7FF-40B5-9FB5-1CFDCD81A16F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{13EC851B-CE61-4846-ABAC-52BFD94D1FE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1F1302BA-E20C-4D94-B8F1-0076EFDC8E28}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\game character hub\gamecharacterhub.exe | 
"{29633046-79DD-460A-B730-97A5DD88BB4D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dark arcana the carnival\darkarcana_thecarnival.exe | 
"{3BC90C1B-DE42-41A5-8635-0FCADE8E7B8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40B68381-379E-4292-847F-72F326E5003A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{44A58BB2-7AC0-431C-BF34-0B8A19E1190B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\don't starve together\bin\dontstarve_steam.exe | 
"{492446DB-E717-49C4-8AE3-F876868B0892}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\amnesia.exe | 
"{4E4AD17A-668D-445E-9FB8-AEBDBEBE8E98}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{5850704C-803E-48BA-AA12-FCF6B48C070F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{636155BB-37E9-4B78-8E1B-F192842D59C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A129139-5F6B-437F-8042-306F5A4AFC9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C6B026A-F77B-4F6C-82CB-2FD0B90F103B}" = protocol=17 | dir=in | app=e:\steam\bin\steamwebhelper.exe | 
"{70A45BCE-DCAD-49E0-8DBB-99266CD418A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{739AA5CC-35B7-4AEC-8E72-8EF30D6A8708}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{787677A1-0601-4907-8B64-E9F5A0446BBB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{7F2A43D4-F2DF-4529-A3D3-18A66108D78A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike source\hl2.exe | 
"{8696C641-2FFD-4DDA-901F-C2B09D779CC7}" = protocol=6 | dir=in | app=e:\steam\bin\steamwebhelper.exe | 
"{89FA0C19-4C24-471E-B985-CEC92753CB06}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dark arcana the carnival\darkarcana_thecarnival.exe | 
"{909AB35A-A5A7-407F-868B-61D0D1784596}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{95C44A90-7A4A-44E8-9F24-51A98007BCAE}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{A5A8D1D6-61A4-45AF-8904-29DD60AEA4BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC1DF24D-10C0-415C-AB16-FEF027664ACB}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\firewatch\firewatch.exe | 
"{AC586E62-82B1-4980-9B19-D5C9043FA56D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AD57C20B-8CEB-4F3D-AA59-666D67E3E79A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\game character hub\gamecharacterhub.exe | 
"{AEA7FFDE-317B-4093-A4D5-7C9CA81DD13F}" = protocol=6 | dir=out | app=system | 
"{B7EF106C-8EEF-4F3F-A273-9064DA86D6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{B93494B4-EA89-4D53-A44D-31F373F92177}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{BAA160D6-DF1F-48F1-9DBC-FF0CFDB99ADE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{BACA108D-07C2-4FF4-AD09-E80F4F807401}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BBFA0410-A265-4CE2-8DE7-C1C7BBF11E09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C8991E04-4610-49B2-BA15-E4E383249CD7}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike source\hl2.exe | 
"{CC2EB339-EF41-42AF-9094-0FEFE7DAC17D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5FDA596-FC1B-47F2-9C3F-BD01BA990B0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{DC7C5F33-E772-4FE4-80DE-B8CE3BA64FB0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\ducktales remastered\executable\ducktales.exe | 
"{DFD74E19-04F3-4B4E-8DCA-B9501BF0B774}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{E7944685-D8B3-4A1D-901F-B950C08E8E80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1614141-4994-44EC-9E38-D3730037FEB5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life 2 deathmatch\hl2.exe | 
"{F5238F5E-BD2C-4069-A33E-CB9816667286}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\firewatch\firewatch.exe | 
"{F66D506A-C8FE-42B7-B66E-BE09232EEFE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266CCC48-9AA1-404E-A1CB-558E8CC46F69}" = Windows OEM Preinstallation Kit
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.6.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AAC5C889-B75D-3368-BC63-CB660DE44C66}" = Microsoft .NET Framework 4.6.1 (DEU)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 364.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"Steam App 237630" = DuckTales Remastered
"Steam App 284730" = Dark Arcana: The Carnival
"Steam App 284870" = 9 Clues: The Secret of Serpent Creek
"VIRTU MVP_is1" = VIRTU MVP 2.1.111
"VulkanRT1.0.11.1" = Vulkan Run Time Libraries 1.0.11.1
"VulkanRT1.0.5.1" = Vulkan Run Time Libraries 1.0.5.1
"WinRAR archiver" = WinRAR 5.31 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F15DF4D-DCA2-4995-BD65-4A56322C180B}" = True Color Finder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4fd02573-5f12-4ae4-8027-c63f8e1115af}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824184103}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BED1C00F-3FC6-4380-AA86-7AF2D570C9EE}_is1" = Game Royale Version 1.1
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}" = GIGABYTE OC_GURU II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = TUSB3410
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"ElsterFormular" = ElsterFormular
"Free YouTube To MP3 Converter_is1" = Free YouTube To MP3 Converter
"Google Chrome" = Google Chrome
"InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}" = GIGABYTE OC_GURU II
"InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = Texas Instruments TUSB3410 drivers.
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.1.1043
"Movavi Video Editor 11" = Movavi Video Editor 11
"Mozilla Thunderbird 45.0 (x86 de)" = Mozilla Thunderbird 45.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewsLeecher_is1" = NewsLeecher version v7.0 Beta 14
"NSBU" = Norton Security Online mit Backup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QuickPar" = QuickPar 0.9
"Steam" = Steam
"VLC media player" = VLC media player
"vReveal 3" = vReveal 3
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2016 10:00:44 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 20.05.2016 10:02:28 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.05.2016 10:15:42 | Computer Name = Wheatley | Source = Application Hang | ID = 1002
Description = Programm vRevealG.exe, Version 3.2.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 62c    Startzeit: 
01d1b2a1838ffd5c    Endzeit: 529    Anwendungspfad: C:\Program Files (x86)\vReveal 3\vRevealG.exe

Berichts-ID:
 4616a03a-1e95-11e6-b895-010101010000  
 
Error - 21.05.2016 09:15:09 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 21.05.2016 09:16:51 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2016 05:25:11 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 22.05.2016 05:26:55 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.05.2016 06:33:36 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DuckTales.exe, Version: 0.0.0.0, 
Zeitstempel: 0x52cb3004  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418,
 Zeitstempel: 0x5708a73e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033b1e  ID des fehlerhaften
 Prozesses: 0x1b38  Startzeit der fehlerhaften Anwendung: 0x01d1b4152c59b26b  Pfad der
 fehlerhaften Anwendung: E:\Steam\steamapps\common\DuckTales Remastered\Executable\DuckTales.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a32f1877-2008-11e6-b786-010101010000
 
Error - 22.05.2016 06:36:24 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description = 
 
Error - 22.05.2016 06:37:50 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.04.2016 02:01:58 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
 Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - 
Intel(R) HD Graphics
 
Error - 22.04.2016 05:17:09 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
 WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA
 GeForce GTX 770
 
Error - 22.04.2016 05:17:26 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
 Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - 
Intel(R) HD Graphics
 
Error - 22.04.2016 05:17:39 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
 WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA
 GeForce GTX 770
 
Error - 22.04.2016 05:17:56 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
 Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - 
Intel(R) HD Graphics
 
Error - 27.04.2016 05:07:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 27.04.2016 05:07:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.05.2016 05:47:58 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.05.2016 05:47:58 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.05.2016 05:49:59 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Digital Wave Update Service" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         


Alt 04.07.2016, 18:18   #6
burningice
/// Malwareteam
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Zitat:
Zitat von kleinalison
Hallo Rafael,

könntest du dir das nochmal anschauen? Danke!
http://www.trojaner-board.de/177471-...vorhanden.html

na dann ..

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden

Alt 27.07.2016, 18:41   #7
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
durchgeführt von Alison (Administrator) auf WHEATLEY (27-07-2016 19:39:27)
Gestartet von C:\Users\Alison\Downloads
Geladene Profile: Alison (Verfügbare Profile: Alison)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Users\Alison\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3006240 2012-03-12] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4006051089-2459173955-4128091374-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4006051089-2459173955-4128091374-1000\...\Run: [ScreenSplitter] => C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe
HKU\S-1-5-21-4006051089-2459173955-4128091374-1000\...\MountPoints2: {55a5c4d9-04ac-11e6-be2b-806e6f6e6963} - F:\ASRSetup.exe
HKU\S-1-5-21-4006051089-2459173955-4128091374-1000\...\MountPoints2: {821ae4ce-04ae-11e6-a2d0-806e6f6e6963} - explorer index.html
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{42F9ABC1-C0BB-49B6-B1DC-D86C207A5DCD}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4006051089-2459173955-4128091374-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-27] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-27] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon [2016-04-19]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon

Chrome: 
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Google Mail) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-04-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-04-18] (Adobe Systems) [Datei ist nicht signiert]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [387944 2016-05-11] (Digital Wave Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2122248 2016-07-03] (Electronic Arts)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [4057808 2013-09-04] (Qualcomm Atheros, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-13] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-15] (Symantec Corporation)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20160615.001\IDSvia64.sys [876248 2016-05-26] (Symantec Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-03-06] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-28] ()
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2012-09-26] (LG Soft India) [Datei ist nicht signiert]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [10752 2012-12-27] (LG Soft India) [Datei ist nicht signiert]
R3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160616.002\ENG64.SYS [138456 2016-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160616.002\EX64.SYS [2148056 2016-05-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-04-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
R3 umpusbvista; C:\Windows\System32\DRIVERS\umpusbvista.sys [64872 2012-09-13] (Texas Instruments Inc)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-07-27] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-07-27 19:39 - 2016-07-27 19:39 - 00000000 ____D C:\Users\Alison\Downloads\FRST-OlderVersion
2016-07-25 20:34 - 2016-07-27 19:39 - 00018559 _____ C:\Users\Alison\Downloads\FRST.txt
2016-07-25 20:34 - 2016-07-27 19:39 - 00000000 ____D C:\FRST
2016-07-25 20:33 - 2016-07-27 19:39 - 02394112 _____ (Farbar) C:\Users\Alison\Downloads\FRST64.exe
2016-07-03 17:35 - 2016-07-03 17:35 - 00262144 _____ C:\Windows\Minidump\070316-14882-01.dmp
2016-07-03 17:21 - 2016-07-27 19:38 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-07-27 19:39 - 2016-04-17 21:18 - 00000000 _RSHD C:\ProgramData\Key-Base
2016-07-27 19:39 - 2016-04-17 17:06 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 19:38 - 2016-04-17 21:57 - 00000000 ____D C:\Windows\Minidump
2016-07-27 19:38 - 2016-04-17 21:56 - 807068700 _____ C:\Windows\MEMORY.DMP
2016-07-27 19:38 - 2016-04-17 21:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-27 19:38 - 2016-04-17 17:13 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2016-07-27 19:38 - 2016-04-17 17:11 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-07-27 19:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-25 20:37 - 2016-04-27 10:24 - 00000000 ____D C:\ProgramData\Origin
2016-07-25 20:32 - 2016-04-17 17:54 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Adobe
2016-07-20 14:59 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-20 14:59 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 17:41 - 2011-04-12 09:43 - 00700454 _____ C:\Windows\system32\perfh007.dat
2016-07-03 17:41 - 2011-04-12 09:43 - 00150092 _____ C:\Windows\system32\perfc007.dat
2016-07-03 17:41 - 2009-07-14 07:13 - 01624034 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-03 17:11 - 2016-04-17 17:06 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-02 13:01 - 2016-04-18 17:10 - 00000000 ____D C:\Windows\system32\Drivers\NSBUx64
2016-07-02 12:51 - 2016-04-17 17:06 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-02 12:51 - 2016-04-17 17:06 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-04-27 10:14 - 2016-04-27 10:16 - 0000002 _____ () C:\Users\Alison\AppData\Roaming\ceville_console_history.txt
2016-05-20 16:03 - 2016-05-20 16:03 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-20 16:03 - 2016-05-20 16:03 - 0004963 _____ () C:\ProgramData\rxsmznjf.zcp

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-22 16:18

==================== Ende von FRST.txt ============================
         
Additon

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016
durchgeführt von Alison (2016-07-27 19:39:42)
Gestartet von C:\Users\Alison\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-04-17 14:58:32)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4006051089-2459173955-4128091374-500 - Administrator - Disabled)
Alison (S-1-5-21-4006051089-2459173955-4128091374-1000 - Administrator - Enabled) => C:\Users\Alison
Gast (S-1-5-21-4006051089-2459173955-4128091374-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4006051089-2459173955-4128091374-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Norton Security Online mit Backup (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Online mit Backup (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Online mit Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

9 Clues: The Secret of Serpent Creek (HKLM\...\Steam App 284870) (Version:  - Tap It Games)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Back to the Future: Ep 1 - It's About Time (HKLM\...\Steam App 31290) (Version:  - Telltale Games)
Back to the Future: Ep 2 - Get Tannen! (HKLM\...\Steam App 94500) (Version:  - Telltale Games)
Back to the Future: Ep 3 - Citizen Brown (HKLM\...\Steam App 94510) (Version:  - Telltale Games)
Back to the Future: Ep 4 - Double Visions (HKLM\...\Steam App 94520) (Version:  - Telltale Games)
Back to the Future: Ep 5 - OUTATIME (HKLM\...\Steam App 94530) (Version:  - Telltale Games)
Dark Arcana: The Carnival (HKLM\...\Steam App 284730) (Version:  - Artifex Mundi)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DuckTales Remastered (HKLM\...\Steam App 237630) (Version:  - WayForward)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.10.511 - Digital Wave Ltd)
Game Royale Version 1.1 (HKLM-x32\...\{BED1C00F-3FC6-4380-AA86-7AF2D570C9EE}_is1) (Version: 1.1 - btf GmbH)
Ghostbusters: The Video Game (HKLM\...\Steam App 9870) (Version:  - Terminal Reality)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.47.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.99.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.47.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE OC_GURU II (x32 Version: 1.99.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Green Moon (HKLM\...\Steam App 359260) (Version:  - Absolutist Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.4.1 - Movavi)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.0.5973 - Mozilla)
Mozilla Thunderbird 45.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 de)) (Version: 45.1.0 - Mozilla)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
NewsLeecher version v7.0 Beta 14 (HKLM-x32\...\NewsLeecher_is1) (Version: v7.0 Beta 14 - )
Norton Security Online mit Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Texas Instruments TUSB3410 drivers. (HKLM-x32\...\InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}) (Version: 6.5.9019.1 - Texas Instruments Inc.)
True Color Finder (HKLM-x32\...\{3F15DF4D-DCA2-4995-BD65-4A56322C180B}) (Version: 2.7.8 - LG Electronics Inc.)
TUSB3410 (x32 Version: 6.5.9019.1 - Texas Instruments Inc.) Hidden
VIRTU MVP 2.1.111 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.111 - Lucidlogix Technologies LTD)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
vReveal 3 (HKLM-x32\...\vReveal 3) (Version:  - MotionDSP)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows OEM Preinstallation Kit (HKLM\...\{266CCC48-9AA1-404E-A1CB-558E8CC46F69}) (Version: 2.0.0.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {2C7CFF28-0BEB-4E8E-8DA9-0B58AD6F1EBF} - \Start Driver Reviver Schedule -> Keine Datei <==== ACHTUNG
Task: {4B1BB7C9-8496-4EC1-A8A6-F9D6E67C5594} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {4CEECF66-97D5-49D7-8533-141854A609E6} - System32\Tasks\GIGABYTE OC GURU => C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU IIOC_GURU.exe
Task: {73E27E0D-12D7-4D4D-BE05-0B40B1386E2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {8359ADAB-A02E-47C1-91A8-F23A5D69EAED} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online mit Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {89358684-6172-437A-A928-A5B9ECC73C3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {98F95D96-EDE3-4E04-8913-40A1857EDEE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-17] (Google Inc.)
Task: {9A4FFD25-4C15-41A2-BECF-2F53BA5CCAA5} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {A64677F3-DD71-4266-A18F-2B5151C74B8A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {B6FCCD4F-1A34-4C92-B71B-44B8B7FDD501} - System32\Tasks\{427FC429-C234-4347-9CF7-4433CA3EA5F5} => pcalua.exe -a "F:\display\DRIVERS\Sensor_driver\ColorMunki-Photo and Design\colormunki_driver_1.0.1\DriverInstallerUtility.exe" -d "F:\display\DRIVERS\Sensor_driver\ColorMunki-Photo and Design\colormunki_driver_1.0.1"
Task: {C0ADC9B2-CE79-4889-BBF1-ACDD50862D69} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E050FD31-0B0E-4332-8EAA-7CB8BD31755E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {F8AA16EF-90A6-4C0A-8810-6EBCDA4ADC15} - \Start Driver Reviver Update -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-04-17 21:09 - 2016-05-10 01:40 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2016-04-17 22:05 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-17 22:05 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-17 22:05 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-17 22:05 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-17 22:05 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-17 22:05 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-17 22:05 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-17 22:05 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-17 17:08 - 2012-09-17 10:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-04-17 17:13 - 2012-03-12 11:15 - 03006240 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
2016-04-17 17:13 - 2012-03-12 11:14 - 00138528 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll
2016-04-17 22:05 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-17 22:05 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-15 11:49 - 2016-05-11 16:11 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-05-15 11:49 - 2016-05-11 16:11 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-05-15 11:49 - 2016-05-11 16:11 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 11:37 - 2012-04-16 11:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2012-04-16 11:42 - 2012-04-16 11:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2012-04-16 11:41 - 2012-04-16 11:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 11:56 - 2012-04-16 11:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 11:38 - 2012-04-16 11:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2016-04-17 21:23 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:890CC2F3 [127]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4006051089-2459173955-4128091374-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{55BDB464-7E40-47E1-94D9-EFDF9EC86253}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{553DBE44-EBDA-460D-8B15-0F615AF4A97E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{68618D76-2366-4310-AB97-74A16013ECA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{31D5AF50-F8EF-479A-8115-43EFA97D9B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2FC1D2BA-56BC-4283-9ADF-A6D6198C0B36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EFF30D81-91B7-4442-A887-4263B9621271}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8CEC3C62-FA3C-468C-BFBC-1A6F4934E731}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06692CEE-5125-4C26-BA91-0E0417C95C7C}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{B93494B4-EA89-4D53-A44D-31F373F92177}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{8696C641-2FFD-4DDA-901F-C2B09D779CC7}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{6C6B026A-F77B-4F6C-82CB-2FD0B90F103B}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{40B68381-379E-4292-847F-72F326E5003A}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{787677A1-0601-4907-8B64-E9F5A0446BBB}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{03B028BF-6E5F-4CD9-B4D5-E5976C7AB925}] => (Allow) E:\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{492446DB-E717-49C4-8AE3-F876868B0892}] => (Allow) E:\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{BAA160D6-DF1F-48F1-9DBC-FF0CFDB99ADE}] => (Allow) E:\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{DFD74E19-04F3-4B4E-8DCA-B9501BF0B774}] => (Allow) E:\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{89FA0C19-4C24-471E-B985-CEC92753CB06}] => (Allow) E:\Steam\SteamApps\common\Dark Arcana The Carnival\DarkArcana_TheCarnival.exe
FirewallRules: [{29633046-79DD-460A-B730-97A5DD88BB4D}] => (Allow) E:\Steam\SteamApps\common\Dark Arcana The Carnival\DarkArcana_TheCarnival.exe
FirewallRules: [{7F2A43D4-F2DF-4529-A3D3-18A66108D78A}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C8991E04-4610-49B2-BA15-E4E383249CD7}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F1614141-4994-44EC-9E38-D3730037FEB5}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{4E4AD17A-668D-445E-9FB8-AEBDBEBE8E98}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{D5FDA596-FC1B-47F2-9C3F-BD01BA990B0B}] => (Allow) E:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BACA108D-07C2-4FF4-AD09-E80F4F807401}] => (Allow) E:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1F1302BA-E20C-4D94-B8F1-0076EFDC8E28}] => (Allow) E:\Steam\SteamApps\common\Game Character Hub\GameCharacterHub.exe
FirewallRules: [{AD57C20B-8CEB-4F3D-AA59-666D67E3E79A}] => (Allow) E:\Steam\SteamApps\common\Game Character Hub\GameCharacterHub.exe
FirewallRules: [{95C44A90-7A4A-44E8-9F24-51A98007BCAE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B7EF106C-8EEF-4F3F-A273-9064DA86D6DC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{AC1DF24D-10C0-415C-AB16-FEF027664ACB}] => (Allow) E:\Steam\SteamApps\common\Firewatch\Firewatch.exe
FirewallRules: [{F5238F5E-BD2C-4069-A33E-CB9816667286}] => (Allow) E:\Steam\SteamApps\common\Firewatch\Firewatch.exe
FirewallRules: [{DC7C5F33-E772-4FE4-80DE-B8CE3BA64FB0}] => (Allow) E:\Steam\SteamApps\common\DuckTales Remastered\executable\DuckTales.exe
FirewallRules: [{0A3EA5CC-F9CB-4AD0-BDDE-2955294FF221}] => (Allow) E:\Steam\SteamApps\common\DuckTales Remastered\executable\DuckTales.exe
FirewallRules: [{4BB35398-7FC7-4800-B0F2-99A27F192459}] => (Allow) E:\Steam\SteamApps\common\Green Moon\GreenMoon.exe
FirewallRules: [{0248AC5A-DEFD-48B5-A9EB-5C17DE7E6C7C}] => (Allow) E:\Steam\SteamApps\common\Green Moon\GreenMoon.exe
FirewallRules: [{B73FA0C7-FA16-446E-B385-8BBF40BC8C44}] => (Allow) E:\Steam\SteamApps\common\Ghostbusters\ghost_w32.exe
FirewallRules: [{704D1EB3-642E-4951-A9F9-1282EEEB8A45}] => (Allow) E:\Steam\SteamApps\common\Ghostbusters\ghost_w32.exe
FirewallRules: [{65D9CC17-8DCD-4A1C-8CA1-C64BCF518188}] => (Allow) E:\Steam\SteamApps\common\Back to the Future 105\BackToTheFuture105.exe
FirewallRules: [{D85CF1F3-317B-4B85-B2BA-C2236D03A7D1}] => (Allow) E:\Steam\SteamApps\common\Back to the Future 105\BackToTheFuture105.exe
FirewallRules: [{36F572D0-AC4E-4414-868B-324611EEB228}] => (Allow) E:\Steam\SteamApps\common\Back to the Future 104\BackToTheFuture104.exe
FirewallRules: [{03FB08A3-2B67-4013-A89D-28100AD78442}] => (Allow) E:\Steam\SteamApps\common\Back to the Future 104\BackToTheFuture104.exe
FirewallRules: [{6FCA32D7-0633-4B80-93FF-665A1914D1C1}] => (Allow) E:\Steam\SteamApps\common\Back to the Future 103\BackToTheFuture103.exe
FirewallRules: [{42F80529-7F0B-4BD9-A0B7-D0F64E962DE8}] => (Allow) E:\Steam\SteamApps\common\Back to the Future 103\BackToTheFuture103.exe
FirewallRules: [{6CEA6E14-C653-418D-B1A5-6D67FC36FABC}] => (Allow) E:\Steam\SteamApps\common\Back to the Future Ep 2\BackToTheFuture102.exe
FirewallRules: [{84D61D32-5983-4795-B760-C430102F997C}] => (Allow) E:\Steam\SteamApps\common\Back to the Future Ep 2\BackToTheFuture102.exe
FirewallRules: [{F0557F40-96BA-4CE9-B740-2165525FBA8D}] => (Allow) E:\Steam\SteamApps\common\Back to the Future Ep 1\BackToTheFuture101.exe
FirewallRules: [{995370F3-1E84-400B-9F53-1D7BC8BFE61C}] => (Allow) E:\Steam\SteamApps\common\Back to the Future Ep 1\BackToTheFuture101.exe
FirewallRules: [{35BF3C3C-20E0-42F0-9FB5-129BE01E683E}] => (Allow) E:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A1BAC7FE-E388-437E-845A-8F907AE6C57B}] => (Allow) E:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D462153C-06B8-4606-BA9A-89023833FFC1}] => (Allow) E:\Steam\SteamApps\common\Edna and Harvey Harvey's New Eyes\harvey.exe
FirewallRules: [{EE5DB4EF-05EF-4A12-BB20-6AEADA1F1DCC}] => (Allow) E:\Steam\SteamApps\common\Edna and Harvey Harvey's New Eyes\harvey.exe
FirewallRules: [{D7283870-07F3-4450-B802-3AFDDA29B4B2}] => (Allow) E:\Steam\SteamApps\common\Edna and Harvey Harvey's New Eyes\VisionaireConfigurationTool.exe
FirewallRules: [{F2C7BCCB-8489-4F51-8B01-4755411DFE96}] => (Allow) E:\Steam\SteamApps\common\Edna and Harvey Harvey's New Eyes\VisionaireConfigurationTool.exe
FirewallRules: [{4138CFDE-3075-4A8E-A5EA-9CF7F2D6909F}] => (Allow) E:\Steam\SteamApps\common\Skyborn\Game.exe
FirewallRules: [{5C24749E-D7BE-4DF9-B261-11DC2124DE91}] => (Allow) E:\Steam\SteamApps\common\Skyborn\Game.exe
FirewallRules: [{30B70817-29B9-4F12-B06C-F90664982363}] => (Allow) E:\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{204958A1-B0E7-4AF8-A588-2DD694F9E626}] => (Allow) E:\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{BE63C495-4D71-40A7-ADE8-EC97F90C7CE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

20-05-2016 16:05:49 Windows Update
22-05-2016 22:19:31 DirectX wurde installiert
22-05-2016 22:27:02 DirectX wurde installiert
26-05-2016 15:44:32 Windows Update
31-05-2016 19:07:07 Windows Update
31-05-2016 19:18:46 Windows Update
06-06-2016 12:14:52 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/27/2016 07:38:59 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/25/2016 08:32:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 08:30:28 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/20/2016 03:01:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2016 03:00:14 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/20/2016 02:58:13 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/03/2016 05:36:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2016 05:35:15 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (07/03/2016 05:21:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2016 05:21:07 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


Systemfehler:
=============
Error: (07/27/2016 07:38:58 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000124 (0x0000000000000000, 0xfffffa80091f4028, 0x00000000b2000000, 0x0000000081000402)C:\Windows\MEMORY.DMP

Error: (07/27/2016 07:38:58 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description: 

Error: (07/27/2016 07:38:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎07.‎2016 um 20:37:06 unerwartet heruntergefahren.

Error: (07/20/2016 03:02:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde mit folgendem Fehler beendet: 
%%-2147467243 = Die Klasse wurde so konfiguriert, dass sie unter einer anderen Sicherheitskennung als der Aufrufer ausgeführt werden kann.


Error: (07/20/2016 03:02:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
%%-2147416365

Error: (07/20/2016 02:58:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000124 (0x0000000000000000, 0xfffffa800920b028, 0x00000000b2000000, 0x0000000081000402)C:\Windows\MEMORY.DMP

Error: (07/20/2016 02:58:13 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description: 

Error: (07/20/2016 02:58:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎07.‎2016 um 17:51:04 unerwartet heruntergefahren.

Error: (07/03/2016 05:35:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000124 (0x0000000000000000, 0xfffffa8007600028, 0x00000000b2000000, 0x0000000081000402)C:\Windows\MEMORY.DMP070316-14882-01

Error: (07/03/2016 05:35:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎07.‎2016 um 17:26:28 unerwartet heruntergefahren.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3340 CPU @ 3.10GHz
Prozentuale Nutzung des RAM: 16%
Installierter physikalischer RAM: 8076.76 MB
Verfügbarer physikalischer RAM: 6715.01 MB
Summe virtueller Speicher: 16151.7 MB
Verfügbarer virtueller Speicher: 14724.56 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:153.91 GB) NTFS
Drive d: (Entertainment) (Fixed) (Total:2794.39 GB) (Free:790.9 GB) NTFS
Drive e: (Gaming) (Fixed) (Total:2794.39 GB) (Free:2107.24 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 8C56B67D)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 880EB7D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 8C56B661)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 28.07.2016, 15:56   #8
burningice
/// Malwareteam
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Was genau erwartest du jetzt, was wir hier machen, wenn du jetzt (wieder) nach fast einem Monat antwortest?

Möchtest du einen schnellen Check von deinem PC, hast du konkret ein Problem mit dem PC, ... ?
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 28.07.2016, 18:36   #9
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Hallo,
ich habe nur das gemacht, was du mir geschrieben hast. Ich weiß ja nicht was du mit dem ausgewertetem Code alles machen kannst.
Seit ich den letzten Eintrag verfasst habe, habe ich keine Änderungen an meinem PC vorgenommen. Eben weil er nicht mehr funktioniert.
Nachdem ich selbstständig die Entsperrung durchgeführt habe, hat alles funktioniert. Zumindest für eine Weile. Er wurde immer langsamer und langsamer. Es war teilweise unmöglich mehr als 3 Fenster gleichzeitig offen zu haben. Das ist mein aktuelles Problem. Wie oben am 22.05.2016, 16:42 geschrieben.

Geändert von kleinalison (28.07.2016 um 19:15 Uhr)

Alt 31.07.2016, 16:19   #10
burningice
/// Malwareteam
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 27.08.2016, 16:16   #11
kleinalison
 
GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Standard

GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden



Hallo,
hab den Fehler gefunden. Mein CPU bzw der Lüfter war nicht richtig montiert, dementsprechend heiß ist der PC gelaufen und hat die Leistung runtergeschraubt.
Danke für deine Hilfe mit dem Virus!

Antwort

Themen zu GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden
.dll, adobe, bluestacks, defender, desktop, dll, explorer, file, geforce, home, log, log file, nvidia, realtek, registry, rundll, scan, secur, software, symantec, system, temp, trojaner, usb, windows, yahoo



Ähnliche Themen: GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden


  1. BKA Trojaner ohne abgesicherten Modus und ohne Repararurinstallation
    Plagegeister aller Art und deren Bekämpfung - 27.10.2014 (3)
  2. GVU Trojaner löschen ohne abgesicherten Modus
    Log-Analyse und Auswertung - 11.08.2014 (1)
  3. GVU Trojaner ohne Abgesicherten Modus
    Log-Analyse und Auswertung - 20.04.2014 (9)
  4. GVU Trojaner Windows XP - abgesicherter Modus nicht möglich - windowsunlocker ohne Erfolg
    Log-Analyse und Auswertung - 01.11.2013 (26)
  5. Windows 8.1 schwarzer Bildschirm ohne Cursor. Startet nur noch im Debug-Modus
    Alles rund um Windows - 25.10.2013 (0)
  6. BKA-Trojaner ohne abgesicherten Modus
    Log-Analyse und Auswertung - 18.10.2013 (4)
  7. GVU Trojaner Windows XP - abgesicherter Modus nicht moeglich - windowsunlocker ohne Erfolg
    Log-Analyse und Auswertung - 14.10.2013 (5)
  8. Win7: GVU Trojaner, Abgesicherter Modus sowie Booten von USB und CD nicht möglich, FRST Logfile vorhanden
    Log-Analyse und Auswertung - 29.08.2013 (21)
  9. BKA-Trojaner Windows XP Professional (ohne Abgesicherten Modus)
    Log-Analyse und Auswertung - 29.08.2013 (44)
  10. GVU Trojaner - abgesicherter Modus nicht möglich - OTL Ergebnis vorhanden
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (4)
  11. GVU TROJANER (abgesichert Modus ohne Funktion) OTLPE
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (19)
  12. Trojaner, weißer Bildschirm, auch abgesicherter Modus (OTL Logfile bereits vorhanden)
    Log-Analyse und Auswertung - 18.08.2012 (9)
  13. Ukash Trojaner ohne abgesicherten modus
    Log-Analyse und Auswertung - 05.08.2012 (2)
  14. Verschlüsselungs-Trojaner ohne Abgesicherter Modus
    Log-Analyse und Auswertung - 08.06.2012 (1)
  15. Ukash Trojaner - ohne abgesicherter Modus
    Log-Analyse und Auswertung - 07.06.2012 (4)
  16. BKA / GUV Trojaner - benötige fix file (OTL.txt vorhanden)
    Log-Analyse und Auswertung - 25.05.2012 (3)
  17. File: \Boot\BCD Fehlerbehebung ohne Windows CD
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (10)

Zum Thema GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden - Hallo, habe seit heute Morgen einen "GVU Trojaner" auf dem Rechner. Es kommt ein Sperrbildschirm (ich soll zahlen zum entsperren), ich komme auch nicht in den abgesicherten Modus. LOG File - GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden...
Archiv
Du betrachtest: GVU Trojaner / Windows 7 ohne abgesichertern Modus / LOG File vorhanden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.