kleinalison | 22.05.2016 15:42 | Hallo Rafael,
leider war ich ungeduldig & habe die Entsperrung mit dieser Anleitung selbst vorgenommen; hxxp://www.chip.de/news/GVU-Trojaner-entfernen-So-entsperren-Sie-Windows_54761623.html
Danach habe ich Windows neu installiert. Updates sowie Treiber sind alle vollständig.
Mein Rechner ist jetzt leider viel zu langsam, teilweise ist er schon mit 3 Browsertabs überfordert. Habe ich eventuell immernoch einen Virus/Trojaner auf dem Rechner?
Log File von Malwarebytes anbei; Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 22.05.2016
Suchlaufzeit: 13:25
Protokolldatei: malwarebytes_scan.txt
Administrator: Ja
Version: 2.2.1.1043
Malware-Datenbank: v2016.05.22.02
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Alison
Suchlauftyp: Benutzerdefinierter Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 853643
Abgelaufene Zeit: 2 Std., 23 Min., 37 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswerte: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Dateien: 1
PUP.Optional.Cgminer, D:\Filme\KLEINALISON-PC\Backup Set 2013-11-03 190008\Backup Files 2013-12-15 190009\Backup files 3.zip, , [d8121cbc8f0a7cba5cb15a535fa128d8],
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end) anbei noch der OTL Scan Code:
OTL logfile created on: 22.05.2016 16:31:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alison\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 62,33% Memory free
15,77 Gb Paging File | 12,93 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 158,91 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 798,77 Gb Free Space | 28,58% Space Free | Partition Type: NTFS
Drive E: | 2794,39 Gb Total Space | 2122,17 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
Computer Name: WHEATLEY | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2016.05.22 16:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alison\Downloads\otl.exe
PRC - [2016.05.15 12:04:42 | 000,250,008 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
PRC - [2016.05.11 16:11:56 | 000,387,944 | ---- | M] (Digital Wave Ltd.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
PRC - [2016.05.11 13:48:49 | 000,881,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016.05.10 01:26:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2016.05.02 08:02:13 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016.05.02 07:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016.04.22 08:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016.03.10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2016.02.26 08:28:22 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe
PRC - [2012.09.11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.09.11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.09.01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.08.21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.07.05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.12 10:52:44 | 001,763,328 | ---- | M] (Software Security System) -- C:\Programme\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe
PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
========== Modules (No Company Name) ==========
MOD - [2016.05.16 04:30:38 | 001,102,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8e120675c80a179c177d6d9b5345e792\System.ServiceModel.Web.ni.dll
MOD - [2016.05.16 04:29:56 | 002,937,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c56cbffc8423ff484bf3f80aae1d5c24\System.IdentityModel.ni.dll
MOD - [2016.05.16 04:29:54 | 019,426,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a459f8b69edabf287d593a2a08c5c8d6\System.ServiceModel.ni.dll
MOD - [2016.05.16 04:29:42 | 000,357,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c8f3123f91af41242da0c54f1c0279ae\IAStorUtil.ni.dll
MOD - [2016.05.16 03:47:16 | 012,945,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MOD - [2016.05.16 03:46:57 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MOD - [2016.05.16 03:46:47 | 007,518,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MOD - [2016.05.16 03:46:19 | 001,876,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\347ba862763b7e7c80bdef8764ae72dc\System.Xaml.ni.dll
MOD - [2016.05.16 03:38:42 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\b8e6683310da377555399bdaacc7701f\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2016.05.16 03:00:52 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MOD - [2016.05.16 03:00:51 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\e2ab3c1c7be8727fb1f36945861e780b\System.ServiceModel.Internals.ni.dll
MOD - [2016.05.16 03:00:51 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll
MOD - [2016.05.16 03:00:50 | 002,772,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ffbd00c458124054f2049e9a25a7cca8\System.Runtime.Serialization.ni.dll
MOD - [2016.05.16 03:00:49 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MOD - [2016.05.16 03:00:48 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MOD - [2016.05.11 13:48:37 | 017,565,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
MOD - [2016.05.11 13:48:25 | 001,738,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
MOD - [2016.05.11 13:48:13 | 000,086,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
MOD - [2016.05.02 08:02:09 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2016.04.19 23:10:58 | 000,020,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\e3544f4c4c0f4bac41f684da24a3483c\IAStorCommon.ni.dll
MOD - [2016.04.19 22:37:24 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
========== Services (SafeList) ==========
SRV:64bit: - [2016.04.23 06:47:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015.07.23 02:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV - [2016.05.11 16:11:56 | 000,387,944 | ---- | M] (Digital Wave Ltd.) [Auto | Running] -- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe -- (DigitalWave.Update.Service)
SRV - [2016.05.10 01:26:00 | 000,426,040 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2016.05.02 07:59:20 | 001,881,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2016.05.02 07:58:46 | 001,165,368 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV - [2016.05.02 07:55:38 | 002,522,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2016.05.02 07:55:33 | 003,634,232 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2016.04.30 02:10:40 | 000,835,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016.04.27 10:24:57 | 002,120,712 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- E:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2016.04.22 08:56:22 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016.04.08 02:38:11 | 000,147,400 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.02.26 08:28:22 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe -- (NSBU)
SRV - [2015.11.05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.09.21 08:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.11 13:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.09.11 13:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.07.05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2016.05.22 13:24:50 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016.05.22 12:36:24 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2016.04.18 20:17:40 | 000,111,344 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2016.04.14 07:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016.02.24 02:23:33 | 001,621,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\symefasi64.sys -- (SymEFASI)
DRV:64bit: - [2016.02.24 02:23:32 | 000,577,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\symnets.sys -- (SymNetS)
DRV:64bit: - [2016.02.24 02:23:07 | 000,295,664 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2016.02.24 02:22:50 | 000,928,504 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2015.12.08 21:53:16 | 000,243,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2015.12.08 21:53:16 | 000,039,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2015.12.08 21:53:10 | 000,376,200 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mt7612US.sys -- (mt7612US)
DRV:64bit: - [2015.10.02 22:20:19 | 000,205,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2015.07.11 03:06:30 | 000,050,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2015.07.11 03:06:03 | 000,173,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSBUx64\1606000.08E\ccsetx64.sys -- (ccSet_NSBU)
DRV:64bit: - [2014.10.03 15:35:54 | 000,454,416 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014.05.28 09:21:06 | 000,044,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD.sys -- (ISCT)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.09.04 21:52:26 | 004,057,808 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ak27x64.sys -- (Ak27x64)
DRV:64bit: - [2012.09.17 10:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.13 18:33:52 | 000,064,872 | ---- | M] (Texas Instruments Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umpusbvista.sys -- (umpusbvista)
DRV:64bit: - [2012.09.01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.09.01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.02 10:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.12 11:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.30 00:04:58 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.06 20:38:24 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\flashud.sys -- (int0800)
DRV - [2016.05.20 16:22:50 | 002,148,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160522.001\EX64.SYS -- (NAVEX15)
DRV - [2016.05.20 16:22:50 | 000,138,456 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\VirusDefs\20160522.001\ENG64.SYS -- (NAVENG)
DRV - [2016.05.15 12:01:13 | 000,876,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20160520.001\IDSvia64.sys -- (IDSVia64)
DRV - [2016.05.15 12:00:07 | 000,497,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2016.05.15 12:00:07 | 000,156,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2016.05.02 07:55:28 | 000,028,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2016.04.14 09:47:40 | 001,766,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\BASHDefs\20160502.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.12.27 14:55:40 | 000,010,752 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2012.09.26 10:28:22 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2010.02.04 10:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = FC 0A BF 89 5E AF D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\COFFADDON\ [2016.04.19 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.2.15\coFFAddon\ [2016.04.19 04:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 45.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2016.04.18 16:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alison\AppData\Roaming\mozilla\Extensions
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKCU..\Run: [ScreenSplitter] C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42F9ABC1-C0BB-49B6-B1DC-D86C207A5DCD}: DhcpNameServer = 192.168.2.1
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55a5c4d9-04ac-11e6-be2b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55a5c4d9-04ac-11e6-be2b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ASRSetup.exe
O33 - MountPoints2\{821ae4ce-04ae-11e6-a2d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{821ae4ce-04ae-11e6-a2d0-806e6f6e6963}\Shell\AutoRun\command - "" = explorer index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2016.05.22 12:32:22 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Wayforward Technologies
[2016.05.22 12:18:40 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.05.22 12:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016.05.22 12:18:08 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.05.22 12:18:08 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.05.22 12:18:08 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.05.22 12:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016.05.22 12:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.05.20 16:11:35 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\MotionDSP
[2016.05.20 16:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2016.05.20 16:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vReveal
[2016.05.20 16:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vReveal 3
[2016.05.20 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\MotionDSP
[2016.05.20 16:05:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\NVIDIA
[2016.05.20 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Movavi
[2016.05.20 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\VideoEditor
[2016.05.20 16:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 11
[2016.05.20 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movavi Video Editor 11
[2016.05.20 16:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Movavi Video Editor 11
[2016.05.16 20:14:29 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Winamp
[2016.05.16 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2016.05.16 12:24:24 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\NPE
[2016.05.15 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2016.05.15 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCodecPack
[2016.05.15 11:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2016.05.15 11:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2016.05.15 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoft
[2016.04.28 19:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2016.04.27 10:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2016.04.27 10:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameRoyale
[2016.04.27 10:27:48 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Origin
[2016.04.27 10:27:12 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Origin
[2016.04.27 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\DOSBox
[2016.04.27 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Dolphin Emulator
[2016.04.27 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2016.04.27 10:24:08 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Electronic Arts
[2016.04.27 10:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2016.04.27 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\java
[2016.04.27 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\.minecraft
[2016.04.27 10:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016.04.27 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Sun
[2016.04.27 10:23:10 | 000,000,000 | ---D | C] -- C:\Users\Alison\.oracle_jre_usage
[2016.04.27 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2016.04.27 10:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2016.04.27 10:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2016.04.27 10:18:44 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\ScummVM
[2016.04.27 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Clonk Rage
[2016.04.27 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Ceville
[2016.04.27 10:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2016.04.27 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2016.04.26 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Artifex Mundi
[2016.04.24 19:40:39 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Tap It Games
[2016.04.24 16:05:07 | 000,000,000 | ---D | C] -- C:\Temp
[2016.04.24 16:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2016.04.24 16:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueColorFinder
[2016.04.24 16:02:47 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
[2016.04.24 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\Windows
[2016.04.24 16:02:38 | 000,000,000 | ---D | C] -- C:\Windows\TUSB
[2016.04.24 16:02:01 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\QuickPar
[2016.04.24 16:00:41 | 000,196,608 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGDeviceManager.dll
[2016.04.24 16:00:41 | 000,126,976 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGMonitorDDCCISDK.dll
[2016.04.24 16:00:41 | 000,098,304 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGProtocolEngine.dll
[2016.04.24 16:00:41 | 000,016,384 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGI2CDriver.sys
[2016.04.24 16:00:41 | 000,010,752 | ---- | C] (LG Soft India) -- C:\Windows\SysWow64\LGPII2CDriver.sys
[2016.04.24 16:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2016.04.24 16:00:13 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\WinRAR
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2016.04.24 15:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2016.04.24 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.04.24 15:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2016.04.24 15:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2016.04.24 15:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2016.04.24 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\savedgames
[2016.04.24 15:37:53 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\to the moon - freebird games
[2016.04.24 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\3909
[2016.04.24 15:37:46 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\doublefine
[2016.04.24 15:36:40 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\Telltale Games
[2016.04.24 15:36:33 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\Tropico 4
[2016.04.24 15:36:04 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\TheLastDream
[2016.04.24 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Daedalic Entertainment
[2016.04.24 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Roaming\StardewValley
[2016.04.24 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Alison\Documents\My Games
[2016.04.24 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Alison\AppData\Local\Steam
[2016.04.24 15:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2016.04.22 17:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2016.05.22 16:25:33 | 000,003,068 | ---- | M] () -- C:\Users\Alison\Desktop\malwarebytes_scan.xml
[2016.05.22 16:20:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.05.22 16:20:17 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.05.22 16:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016.05.22 15:24:19 | 001,624,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.05.22 15:24:19 | 000,700,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2016.05.22 15:24:19 | 000,655,292 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.05.22 15:24:19 | 000,150,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2016.05.22 15:24:19 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.05.22 13:24:50 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.05.22 12:36:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016.05.22 12:36:24 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2016.05.22 12:36:21 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2016.05.22 12:36:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.05.22 12:36:02 | 2056,851,455 | -HS- | M] () -- C:\hiberfil.sys
[2016.05.22 12:32:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xinputhid_01011.Wdf
[2016.05.22 12:18:10 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016.05.20 16:03:05 | 000,004,963 | ---- | M] () -- C:\ProgramData\rxsmznjf.zcp
[2016.05.20 16:03:05 | 000,000,016 | ---- | M] () -- C:\ProgramData\mntemp
[2016.05.16 11:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2016.05.16 04:05:36 | 000,269,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016.05.15 12:26:42 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016.05.10 06:07:01 | 042,923,576 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.05.10 06:07:01 | 037,567,424 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.05.10 06:07:01 | 010,566,520 | ---- | M] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.05.10 06:07:01 | 008,673,880 | ---- | M] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.05.10 06:07:01 | 000,678,704 | ---- | M] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.05.10 06:07:01 | 000,571,912 | ---- | M] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.05.10 06:07:01 | 000,037,091 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2016.05.10 06:07:01 | 000,000,592 | ---- | M] () -- C:\Windows\SysNative\nv-vk64.json
[2016.05.10 06:07:01 | 000,000,592 | ---- | M] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.05.06 16:02:00 | 006,423,191 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2016.05.04 04:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016.05.04 04:23:30 | 000,129,824 | ---- | M] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.05.04 04:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:58 | 000,040,224 | ---- | M] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.05.04 04:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:42 | 000,130,848 | ---- | M] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.05.04 04:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:10 | 000,045,344 | ---- | M] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.05.02 07:38:42 | 000,112,032 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll
[2016.05.01 12:46:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016.04.28 19:58:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.04.24 16:03:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_umpusbvista_01009.Wdf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2016.05.22 13:22:47 | 000,003,068 | ---- | C] () -- C:\Users\Alison\Desktop\malwarebytes_scan.xml
[2016.05.22 12:32:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xinputhid_01011.Wdf
[2016.05.22 12:18:10 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016.05.20 16:03:05 | 000,004,963 | ---- | C] () -- C:\ProgramData\rxsmznjf.zcp
[2016.05.20 16:03:05 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2016.05.16 12:43:40 | 010,566,520 | ---- | C] () -- C:\Windows\SysNative\nvptxJitCompiler.dll
[2016.05.16 12:43:40 | 008,673,880 | ---- | C] () -- C:\Windows\SysWow64\nvptxJitCompiler.dll
[2016.05.16 12:43:39 | 000,678,704 | ---- | C] () -- C:\Windows\SysNative\nvfatbinaryLoader.dll
[2016.05.16 12:43:39 | 000,571,912 | ---- | C] () -- C:\Windows\SysWow64\nvfatbinaryLoader.dll
[2016.05.16 12:43:39 | 000,037,091 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2016.05.16 12:43:38 | 042,923,576 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2016.05.16 12:43:38 | 037,567,424 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll
[2016.05.16 12:43:37 | 000,000,592 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json
[2016.05.16 12:43:37 | 000,000,592 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json
[2016.05.04 04:23:30 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:58 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016.05.04 04:22:42 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1-1-0-11-1.dll
[2016.05.04 04:22:10 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo-1-1-0-11-1.exe
[2016.05.01 12:46:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2016.04.28 19:58:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2016.04.24 16:03:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_umpusbvista_01009.Wdf
[2016.04.24 16:00:41 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2016.04.22 17:43:47 | 000,130,848 | ---- | C] () -- C:\Windows\SysNative\vulkan-1.dll
[2016.04.22 17:43:47 | 000,129,824 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016.04.22 17:43:47 | 000,045,344 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo.exe
[2016.04.22 17:43:47 | 000,040,224 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016.04.17 17:17:53 | 001,597,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016.04.17 17:08:15 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2016.04.17 17:08:15 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2016.04.17 17:08:15 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2016.03.16 23:30:22 | 000,128,792 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-5-1.dll
[2016.03.16 23:29:38 | 000,041,752 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-5-1.exe
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016.01.22 08:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016.01.22 08:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2016.04.27 10:23:31 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\.minecraft
[2016.04.24 15:37:47 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\3909
[2016.04.26 13:36:27 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Artifex Mundi
[2016.04.27 10:17:01 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Clonk Rage
[2016.04.24 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\doublefine
[2016.05.15 11:55:33 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\DVDVideoSoft
[2016.04.27 10:23:32 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\java
[2016.05.20 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\MotionDSP
[2016.04.18 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\NewsLeecher
[2016.04.27 10:34:18 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Origin
[2016.04.18 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Sahmon Games
[2016.04.27 10:19:41 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\ScummVM
[2016.04.27 11:10:15 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\StardewValley
[2016.04.24 19:40:39 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Tap It Games
[2016.04.24 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\TheLastDream
[2016.04.18 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Thunderbird
[2016.04.24 15:37:55 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\to the moon - freebird games
[2016.04.24 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Tropico 4
[2016.05.22 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Wayforward Technologies
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3
< End of report > Code:
OTL Extras logfile created on: 22.05.2016 16:31:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alison\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18314)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 62,33% Memory free
15,77 Gb Paging File | 12,93 Gb Available in Paging File | 81,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 158,91 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 798,77 Gb Free Space | 28,58% Space Free | Partition Type: NTFS
Drive E: | 2794,39 Gb Total Space | 2122,17 Gb Free Space | 75,94% Space Free | Partition Type: NTFS
Computer Name: WHEATLEY | User Name: Alison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D07023E-BCD3-4C1F-8098-8D31955B8BAC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1067F9EB-EF90-4089-82DB-E1A54F9B8395}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1098363A-C366-45BA-B5A3-1E58DD4DBA70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11A32BD5-F62B-43E9-86A8-D4DEEF994F20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1701045D-5505-4400-A4C2-9A4462AEC1DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{205538C1-40A7-4F49-8056-614F919AE0EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{2FC1D2BA-56BC-4283-9ADF-A6D6198C0B36}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{31D5AF50-F8EF-479A-8115-43EFA97D9B0F}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{3D44CBBE-1CED-46D0-BC2B-A51A9AC489EB}" = rport=138 | protocol=17 | dir=out | app=system |
"{47EE064F-EDAD-42F8-8342-8AC4BC419AC2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4AF46C87-7E0D-4C7E-BC38-CB32231CBC6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{553DBE44-EBDA-460D-8B15-0F615AF4A97E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{55BDB464-7E40-47E1-94D9-EFDF9EC86253}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{631DAADE-970B-4728-8F86-B288DDB1E99C}" = rport=137 | protocol=17 | dir=out | app=system |
"{68618D76-2366-4310-AB97-74A16013ECA1}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{6C7F4ACC-597E-400B-8452-C25884ABD3E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71C45793-8878-41ED-8E0F-6740C94F63C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75C98120-875E-4D23-A2B0-5847C2DCE7FF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A6035EE-3437-4AB6-AA97-D149A81C1ED6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BB7873F-69D9-4365-B1C5-633FDC20FEEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CEC3C62-FA3C-468C-BFBC-1A6F4934E731}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8F615C8B-B291-4EE5-A68F-5E9762DC3E3C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92D822AE-6C63-4EE5-B456-A8484BDDB89E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7BA1660-ED29-4260-A27C-29C0DB711109}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA31FBEB-2432-46F1-B497-500F3BF89A49}" = rport=445 | protocol=6 | dir=out | app=system |
"{C2A1FA61-515B-46A8-8C90-41472EB6E49F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C96731C5-AC00-442D-BBAC-DAADE03E81CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{CE8B6424-5ED5-41AE-BA7D-70E55EA0030F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFF30D81-91B7-4442-A887-4263B9621271}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0302A7F5-821D-4DFC-B1F5-9EB71E1D3C24}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\don't starve together\bin\dontstarve_steam.exe |
"{03B028BF-6E5F-4CD9-B4D5-E5976C7AB925}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\amnesia.exe |
"{064911C4-2D60-4D82-B4B3-F8C481074D66}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06692CEE-5125-4C26-BA91-0E0417C95C7C}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{0A3EA5CC-F9CB-4AD0-BDDE-2955294FF221}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\ducktales remastered\executable\ducktales.exe |
"{0CD9F526-4F03-437B-A109-7DF4B1B8D3B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{111E360D-376B-423D-B586-0E2DD5FDE796}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{139DEB8C-A7FF-40B5-9FB5-1CFDCD81A16F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{13EC851B-CE61-4846-ABAC-52BFD94D1FE9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F1302BA-E20C-4D94-B8F1-0076EFDC8E28}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\game character hub\gamecharacterhub.exe |
"{29633046-79DD-460A-B730-97A5DD88BB4D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dark arcana the carnival\darkarcana_thecarnival.exe |
"{3BC90C1B-DE42-41A5-8635-0FCADE8E7B8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40B68381-379E-4292-847F-72F326E5003A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{44A58BB2-7AC0-431C-BF34-0B8A19E1190B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\don't starve together\bin\dontstarve_steam.exe |
"{492446DB-E717-49C4-8AE3-F876868B0892}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\amnesia.exe |
"{4E4AD17A-668D-445E-9FB8-AEBDBEBE8E98}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{5850704C-803E-48BA-AA12-FCF6B48C070F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{636155BB-37E9-4B78-8E1B-F192842D59C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A129139-5F6B-437F-8042-306F5A4AFC9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C6B026A-F77B-4F6C-82CB-2FD0B90F103B}" = protocol=17 | dir=in | app=e:\steam\bin\steamwebhelper.exe |
"{70A45BCE-DCAD-49E0-8DBB-99266CD418A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{739AA5CC-35B7-4AEC-8E72-8EF30D6A8708}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{787677A1-0601-4907-8B64-E9F5A0446BBB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{7F2A43D4-F2DF-4529-A3D3-18A66108D78A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike source\hl2.exe |
"{8696C641-2FFD-4DDA-901F-C2B09D779CC7}" = protocol=6 | dir=in | app=e:\steam\bin\steamwebhelper.exe |
"{89FA0C19-4C24-471E-B985-CEC92753CB06}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dark arcana the carnival\darkarcana_thecarnival.exe |
"{909AB35A-A5A7-407F-868B-61D0D1784596}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95C44A90-7A4A-44E8-9F24-51A98007BCAE}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{A5A8D1D6-61A4-45AF-8904-29DD60AEA4BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC1DF24D-10C0-415C-AB16-FEF027664ACB}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\firewatch\firewatch.exe |
"{AC586E62-82B1-4980-9B19-D5C9043FA56D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD57C20B-8CEB-4F3D-AA59-666D67E3E79A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\game character hub\gamecharacterhub.exe |
"{AEA7FFDE-317B-4093-A4D5-7C9CA81DD13F}" = protocol=6 | dir=out | app=system |
"{B7EF106C-8EEF-4F3F-A273-9064DA86D6DC}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{B93494B4-EA89-4D53-A44D-31F373F92177}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{BAA160D6-DF1F-48F1-9DBC-FF0CFDB99ADE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{BACA108D-07C2-4FF4-AD09-E80F4F807401}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BBFA0410-A265-4CE2-8DE7-C1C7BBF11E09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8991E04-4610-49B2-BA15-E4E383249CD7}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike source\hl2.exe |
"{CC2EB339-EF41-42AF-9094-0FEFE7DAC17D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5FDA596-FC1B-47F2-9C3F-BD01BA990B0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DC7C5F33-E772-4FE4-80DE-B8CE3BA64FB0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\ducktales remastered\executable\ducktales.exe |
"{DFD74E19-04F3-4B4E-8DCA-B9501BF0B774}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{E7944685-D8B3-4A1D-901F-B950C08E8E80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1614141-4994-44EC-9E38-D3730037FEB5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{F5238F5E-BD2C-4069-A33E-CB9816667286}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\firewatch\firewatch.exe |
"{F66D506A-C8FE-42B7-B66E-BE09232EEFE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{266CCC48-9AA1-404E-A1CB-558E8CC46F69}" = Windows OEM Preinstallation Kit
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.6.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AAC5C889-B75D-3368-BC63-CB660DE44C66}" = Microsoft .NET Framework 4.6.1 (DEU)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 365.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 364.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.34.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"Steam App 237630" = DuckTales Remastered
"Steam App 284730" = Dark Arcana: The Carnival
"Steam App 284870" = 9 Clues: The Secret of Serpent Creek
"VIRTU MVP_is1" = VIRTU MVP 2.1.111
"VulkanRT1.0.11.1" = Vulkan Run Time Libraries 1.0.11.1
"VulkanRT1.0.5.1" = Vulkan Run Time Libraries 1.0.5.1
"WinRAR archiver" = WinRAR 5.31 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F15DF4D-DCA2-4995-BD65-4A56322C180B}" = True Color Finder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4fd02573-5f12-4ae4-8027-c63f8e1115af}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0804-1033-1959-001824184103}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BED1C00F-3FC6-4380-AA86-7AF2D570C9EE}_is1" = Game Royale Version 1.1
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}" = GIGABYTE OC_GURU II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = TUSB3410
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"ElsterFormular" = ElsterFormular
"Free YouTube To MP3 Converter_is1" = Free YouTube To MP3 Converter
"Google Chrome" = Google Chrome
"InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}" = GIGABYTE OC_GURU II
"InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}" = Texas Instruments TUSB3410 drivers.
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.2.1.1043
"Movavi Video Editor 11" = Movavi Video Editor 11
"Mozilla Thunderbird 45.0 (x86 de)" = Mozilla Thunderbird 45.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewsLeecher_is1" = NewsLeecher version v7.0 Beta 14
"NSBU" = Norton Security Online mit Backup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"QuickPar" = QuickPar 0.9
"Steam" = Steam
"VLC media player" = VLC media player
"vReveal 3" = vReveal 3
"Winamp" = Winamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2016 10:00:44 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description =
Error - 20.05.2016 10:02:28 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description =
Error - 20.05.2016 10:15:42 | Computer Name = Wheatley | Source = Application Hang | ID = 1002
Description = Programm vRevealG.exe, Version 3.2.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 62c Startzeit:
01d1b2a1838ffd5c Endzeit: 529 Anwendungspfad: C:\Program Files (x86)\vReveal 3\vRevealG.exe
Berichts-ID:
4616a03a-1e95-11e6-b895-010101010000
Error - 21.05.2016 09:15:09 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description =
Error - 21.05.2016 09:16:51 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description =
Error - 22.05.2016 05:25:11 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description =
Error - 22.05.2016 05:26:55 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description =
Error - 22.05.2016 06:33:36 | Computer Name = Wheatley | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DuckTales.exe, Version: 0.0.0.0,
Zeitstempel: 0x52cb3004 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418,
Zeitstempel: 0x5708a73e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00033b1e ID des fehlerhaften
Prozesses: 0x1b38 Startzeit der fehlerhaften Anwendung: 0x01d1b4152c59b26b Pfad der
fehlerhaften Anwendung: E:\Steam\steamapps\common\DuckTales Remastered\Executable\DuckTales.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a32f1877-2008-11e6-b786-010101010000
Error - 22.05.2016 06:36:24 | Computer Name = Wheatley | Source = ISCT Agent | ID = 1003
Description =
Error - 22.05.2016 06:37:50 | Computer Name = Wheatley | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 20.04.2016 02:01:58 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 -
Intel(R) HD Graphics
Error - 22.04.2016 05:17:09 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA
GeForce GTX 770
Error - 22.04.2016 05:17:26 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 -
Intel(R) HD Graphics
Error - 22.04.2016 05:17:39 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter
WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA
GeForce GTX 770
Error - 22.04.2016 05:17:56 | Computer Name = Wheatley | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Graphics Adapter WDDM1.0,
Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 -
Intel(R) HD Graphics
Error - 27.04.2016 05:07:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 27.04.2016 05:07:42 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.05.2016 05:47:58 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 15.05.2016 05:47:58 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.05.2016 05:49:59 | Computer Name = Wheatley | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Digital Wave Update Service" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report > |