wildwildwest | 13.07.2013 10:55 | Hallo
anbei die Logs:
AdwCleaner Logfile: Code:
# AdwCleaner v2.305 - Datei am 13/07/2013 um 11:41:42 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : MARS - MARS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MARS\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\jetpack
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\MARS\AppData\Roaming\yourfiledownloader
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16447
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={91D53F2E-E6BA-11E1-8A82-00252222B6C7} --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\prefs.js
C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
*************************
AdwCleaner[S1].txt - [5913 octets] - [13/07/2013 11:41:42]
########## EOF - C:\AdwCleaner[S1].txt - [5973 octets] ########## --- --- --- Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Ultimate x64
Ran by MARS on 13.07.2013 at 11:47:50,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\SMToolbar.cToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\SMToolbar.cToolbarHost
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\MARS\appdata\locallow\datamngr"
~~~ FireFox
Emptied folder: C:\Users\MARS\AppData\Roaming\mozilla\firefox\profiles\hgdg5jfp.default\minidumps [51 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 11:52:09,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Und hier der FRST Log
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by MARS (administrator) on 13-07-2013 11:57:05
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oleg N. Scherbakov) C:\Users\MARS\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SunJavaUpdateSched] - "c:\Program Files\Java\jre6\bin\jusched.exe" [170496 2012-07-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [MouseDriver] - TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKCU\...\Run: [EADM] - "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-15] (Electronic Arts)
HKCU\...\Run: [icq] - C:\Users\MARS\AppData\Roaming\ICQM\icq.exe -CU [26599784 2013-01-31] (ICQ)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Command Processor: "C:\Users\MARS\AppData\Local\Temp\gpyrleuucudrcwyuw.exe" <======= ATTENTION
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [688128 2011-07-06] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWBMOUSE] - C:\Program Files (x86)\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe [429568 2001-03-26] ()
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
==================== Internet (Whitelisted) ====================
ProxyServer: 94.200.77.244:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://onet.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: multimediatec.de
FF NetworkProxy: "backup.ftp", "72.64.146.136"
FF NetworkProxy: "backup.ftp_port", 43
FF NetworkProxy: "backup.socks", "72.64.146.136"
FF NetworkProxy: "backup.socks_port", 43
FF NetworkProxy: "backup.ssl", "72.64.146.136"
FF NetworkProxy: "backup.ssl_port", 43
FF NetworkProxy: "ftp", "173.213.96.229"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "173.213.96.229"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "173.213.96.229"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "173.213.96.229"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\MARS\AppData\Roaming\Mozilla\Firefox\Profiles\hgdg5jfp.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137256 2013-05-24] ()
R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [58088 2013-05-24] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [58088 2013-05-24] (Advanced Micro Devices)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130712.001\IDSvia64.sys [513184 2013-05-24] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\ENG64.SYS [126040 2013-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130712.016\EX64.SYS [2098776 2013-05-27] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-13 11:52 - 2013-07-13 11:52 - 00001513 _____ C:\Users\MARS\Desktop\JRT.txt
2013-07-13 11:47 - 2013-07-13 11:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:46 - 2013-07-13 11:46 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\MARS\Desktop\JRT.exe
2013-07-13 11:46 - 2013-07-13 11:46 - 00006026 _____ C:\Users\MARS\Desktop\AdwCleaner[S1].txt
2013-07-13 11:41 - 2013-07-13 11:41 - 00006026 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:29 - 2013-07-13 11:29 - 00662345 _____ C:\Users\MARS\Desktop\adwcleaner.exe
2013-07-13 10:35 - 2013-07-13 10:35 - 02386912 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.5.0_all.ipk
2013-07-12 20:01 - 2013-07-12 20:01 - 00000000 ____D C:\FRST
2013-07-12 19:43 - 2013-07-12 20:01 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-12 13:29 - 2013-07-12 13:29 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.csv
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Roaming\IsolatedStorage
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Local\_
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-07-12 13:28 - 2013-07-12 13:28 - 18741360 _____ (Solvusoft Corporation ) C:\Users\MARS\Downloads\FileViewPro_2013.exe
2013-07-12 13:16 - 2013-07-12 13:16 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.txt.csv
2013-07-11 12:39 - 2013-07-11 12:39 - 00016381 _____ C:\Users\MARS\Desktop\Reparatur-10.07.13.xlsx
2013-07-11 11:25 - 2013-07-11 11:25 - 17938198 _____ C:\Users\MARS\Desktop\MaaxTV Poster TR A5-01.tif
2013-07-11 11:19 - 2013-07-11 11:19 - 17939216 _____ C:\Users\MARS\Desktop\MaaxTV Poster AR A5-01.tif
2013-07-09 10:13 - 2013-07-09 10:13 - 00002067 _____ C:\Users\Public\Desktop\AMD OverDrive.lnk
2013-07-09 10:10 - 2013-07-09 10:11 - 31829816 _____ (Advanced Micro Devices, Inc. ) C:\Users\MARS\Downloads\aod_setup_4.2.6.exe
2013-07-08 17:49 - 2013-07-08 17:49 - 02143832 _____ C:\Users\MARS\Downloads\instsf449(1).exe
2013-07-08 17:40 - 2013-07-09 10:41 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-08 17:40 - 2013-07-08 17:40 - 00001007 _____ C:\Users\MARS\Desktop\SpeedFan.lnk
2013-07-08 17:40 - 2013-07-08 17:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-07-08 17:40 - 2013-07-08 17:40 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-07-08 17:39 - 2013-07-08 17:39 - 02143832 _____ C:\Users\MARS\Downloads\instsf449.exe
2013-07-08 12:05 - 2013-07-08 12:12 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_2x1_richter_030713
2013-07-08 12:05 - 2013-07-08 12:05 - 00201522 _____ C:\Users\MARS\Downloads\E2_HD_settings_11x1_richter_030713.zip
2013-07-08 12:04 - 2013-07-08 12:04 - 00098233 _____ C:\Users\MARS\Downloads\E2_HD_settings_2x1_richter_030713.zip
2013-07-08 11:45 - 2013-07-08 11:45 - 13081608 _____ (Microsoft Corporation) C:\Users\MARS\Downloads\Silverlight_x64(3).exe
2013-07-08 11:16 - 2013-07-08 11:16 - 05556306 _____ (Jared Breland ) C:\Users\MARS\Downloads\uniextract161.exe
2013-07-08 11:16 - 2013-07-08 11:16 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2013-07-03 15:26 - 2013-07-03 15:26 - 00019109 _____ C:\Users\MARS\Desktop\channels_list.xlsx
2013-07-03 13:53 - 2013-07-03 13:54 - 61211632 _____ C:\Users\MARS\Downloads\dreambox-image-dm800se-20130619.nfi
2013-07-03 11:04 - 2013-07-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 16:49 - 2013-06-01 15:05 - 103720384 _____ C:\Users\MARS\Downloads\newnigma2-unstable-dm8000-01_06_2013.nfi
2013-07-02 16:42 - 2013-07-02 17:10 - 00000000 ____D C:\Users\MARS\Desktop\slawek
2013-06-27 11:16 - 2013-06-27 11:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-06-27 11:10 - 2013-06-27 11:10 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-27 10:17 - 2013-06-27 10:18 - 00000000 ____D C:\Users\MARS\Documents\2012 Steuern REs
2013-06-26 10:14 - 2013-06-26 10:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 10:13 - 2013-06-26 10:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-25 18:06 - 2013-06-25 18:06 - 00000000 ____D C:\Users\MARS\Desktop\gucio
2013-06-25 17:21 - 2013-06-25 17:21 - 02379444 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.4.0_all.ipk
2013-06-21 11:32 - 2013-06-21 11:33 - 00000000 ____D C:\Users\MARS\Desktop\MP 1.6
2013-06-21 11:14 - 2013-06-21 11:14 - 02214432 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.3.0_all(2).ipk
2013-06-18 14:06 - 2013-06-18 14:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag_210313.xlsx
2013-06-18 14:01 - 2013-06-18 14:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag 190313.xlsx
2013-06-17 11:58 - 2013-06-17 11:58 - 00000000 ____D C:\Users\MARS\Desktop\oscam
2013-06-15 15:53 - 2013-06-15 15:53 - 03820480 _____ C:\Users\MARS\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 11:29 - 2013-06-15 11:29 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\MARS\Downloads\OriginThinSetup(1).exe
==================== One Month Modified Files and Folders =======
2013-07-13 11:56 - 2013-06-12 13:53 - 00000000 ____D C:\Users\MARS\AppData\Local\CrashDumps
2013-07-13 11:56 - 2012-07-16 19:36 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Skype
2013-07-13 11:52 - 2013-07-13 11:52 - 00001513 _____ C:\Users\MARS\Desktop\JRT.txt
2013-07-13 11:50 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:50 - 2009-07-14 06:45 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 11:47 - 2013-07-13 11:47 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 11:46 - 2013-07-13 11:46 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\MARS\Desktop\JRT.exe
2013-07-13 11:46 - 2013-07-13 11:46 - 00006026 _____ C:\Users\MARS\Desktop\AdwCleaner[S1].txt
2013-07-13 11:46 - 2012-07-16 17:14 - 01982767 ____N C:\Windows\WindowsUpdate.log
2013-07-13 11:43 - 2012-07-16 18:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-13 11:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 11:41 - 2013-07-13 11:41 - 00006026 _____ C:\AdwCleaner[S1].txt
2013-07-13 11:41 - 2012-07-16 18:43 - 00000000 ____D C:\Users\MARS\Documents\Outlook-Dateien
2013-07-13 11:41 - 2012-07-16 17:46 - 00000000 ____D C:\ProgramData\Lexware
2013-07-13 11:39 - 2013-03-25 18:37 - 00000000 ____D C:\Users\MARS\Documents\bar-re-SW
2013-07-13 11:38 - 2012-07-16 17:18 - 00000000 ____D C:\Users\MARS
2013-07-13 11:37 - 2012-09-13 12:58 - 00000121 _____ C:\Users\Public\LMDebug.log
2013-07-13 11:29 - 2013-07-13 11:29 - 00662345 _____ C:\Users\MARS\Desktop\adwcleaner.exe
2013-07-13 11:13 - 2012-07-17 10:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 10:35 - 2013-07-13 10:35 - 02386912 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.5.0_all.ipk
2013-07-12 20:01 - 2013-07-12 20:01 - 00000000 ____D C:\FRST
2013-07-12 20:01 - 2013-07-12 19:43 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-07-12 19:36 - 2011-04-12 09:43 - 00714408 _____ C:\Windows\system32\perfh007.dat
2013-07-12 19:36 - 2011-04-12 09:43 - 00154276 _____ C:\Windows\system32\perfc007.dat
2013-07-12 19:36 - 2009-07-14 07:13 - 01654424 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 13:29 - 2013-07-12 13:29 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.csv
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Roaming\IsolatedStorage
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\Users\MARS\AppData\Local\_
2013-07-12 13:29 - 2013-07-12 13:29 - 00000000 ____D C:\ProgramData\IsolatedStorage
2013-07-12 13:28 - 2013-07-12 13:28 - 18741360 _____ (Solvusoft Corporation ) C:\Users\MARS\Downloads\FileViewPro_2013.exe
2013-07-12 13:16 - 2013-07-12 13:16 - 00051666 _____ C:\Users\MARS\Downloads\Idealo.txt.csv
2013-07-11 15:50 - 2012-07-16 20:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-11 15:50 - 2012-07-16 20:26 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-11 15:46 - 2012-07-16 20:26 - 00281520 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-11 12:39 - 2013-07-11 12:39 - 00016381 _____ C:\Users\MARS\Desktop\Reparatur-10.07.13.xlsx
2013-07-11 11:25 - 2013-07-11 11:25 - 17938198 _____ C:\Users\MARS\Desktop\MaaxTV Poster TR A5-01.tif
2013-07-11 11:19 - 2013-07-11 11:19 - 17939216 _____ C:\Users\MARS\Desktop\MaaxTV Poster AR A5-01.tif
2013-07-10 19:38 - 2012-07-17 10:25 - 00000000 ____D C:\Users\MARS\AppData\Local\Adobe
2013-07-09 10:41 - 2013-07-08 17:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-07-09 10:13 - 2013-07-09 10:13 - 00002067 _____ C:\Users\Public\Desktop\AMD OverDrive.lnk
2013-07-09 10:11 - 2013-07-09 10:10 - 31829816 _____ (Advanced Micro Devices, Inc. ) C:\Users\MARS\Downloads\aod_setup_4.2.6.exe
2013-07-09 10:11 - 2012-09-14 11:10 - 00000000 ____D C:\Users\MARS\AppData\Local\Downloaded Installations
2013-07-08 17:49 - 2013-07-08 17:49 - 02143832 _____ C:\Users\MARS\Downloads\instsf449(1).exe
2013-07-08 17:40 - 2013-07-08 17:40 - 00001007 _____ C:\Users\MARS\Desktop\SpeedFan.lnk
2013-07-08 17:40 - 2013-07-08 17:40 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2013-07-08 17:40 - 2013-07-08 17:40 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-07-08 17:39 - 2013-07-08 17:39 - 02143832 _____ C:\Users\MARS\Downloads\instsf449.exe
2013-07-08 13:05 - 2013-02-14 12:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-08 13:05 - 2013-02-14 12:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-08 12:12 - 2013-07-08 12:05 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_2x1_richter_030713
2013-07-08 12:08 - 2013-01-19 11:41 - 00000000 ____D C:\Users\MARS\Desktop\N Box - BSLA BSKA
2013-07-08 12:05 - 2013-07-08 12:05 - 00201522 _____ C:\Users\MARS\Downloads\E2_HD_settings_11x1_richter_030713.zip
2013-07-08 12:04 - 2013-07-08 12:04 - 00098233 _____ C:\Users\MARS\Downloads\E2_HD_settings_2x1_richter_030713.zip
2013-07-08 11:45 - 2013-07-08 11:45 - 13081608 _____ (Microsoft Corporation) C:\Users\MARS\Downloads\Silverlight_x64(3).exe
2013-07-08 11:16 - 2013-07-08 11:16 - 05556306 _____ (Jared Breland ) C:\Users\MARS\Downloads\uniextract161.exe
2013-07-08 11:16 - 2013-07-08 11:16 - 00000000 ____D C:\Program Files (x86)\Universal Extractor
2013-07-08 10:12 - 2012-07-16 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 15:03 - 2012-09-22 11:57 - 00000000 ___SD C:\Users\MARS\Documents\Meine Websites
2013-07-03 15:26 - 2013-07-03 15:26 - 00019109 _____ C:\Users\MARS\Desktop\channels_list.xlsx
2013-07-03 13:54 - 2013-07-03 13:53 - 61211632 _____ C:\Users\MARS\Downloads\dreambox-image-dm800se-20130619.nfi
2013-07-03 11:04 - 2013-07-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 17:10 - 2013-07-02 16:42 - 00000000 ____D C:\Users\MARS\Desktop\slawek
2013-07-02 16:38 - 2013-05-31 13:59 - 00000000 ____D C:\Users\MARS\Desktop\E2_HD_settings_st_richter_300513
2013-07-02 11:50 - 2013-02-18 11:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-02 11:50 - 2012-07-16 19:35 - 00000000 ____D C:\ProgramData\Skype
2013-06-27 11:16 - 2013-06-27 11:16 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security CBE
2013-06-27 11:11 - 2013-05-27 10:23 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-06-27 11:10 - 2013-06-27 11:10 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-06-27 11:10 - 2013-05-27 10:24 - 00002545 _____ C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
2013-06-27 10:18 - 2013-06-27 10:17 - 00000000 ____D C:\Users\MARS\Documents\2012 Steuern REs
2013-06-26 10:13 - 2013-06-26 10:14 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 10:13 - 2013-06-26 10:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 10:13 - 2013-04-19 12:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 10:13 - 2013-04-19 12:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 10:13 - 2012-07-19 15:35 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-26 10:13 - 2012-07-19 15:35 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-26 10:13 - 2012-07-16 17:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 18:06 - 2013-06-25 18:06 - 00000000 ____D C:\Users\MARS\Desktop\gucio
2013-06-25 17:33 - 2013-05-14 16:18 - 00000000 ____D C:\Users\MARS\Desktop\MyPremiumEntertainment
2013-06-25 17:21 - 2013-06-25 17:21 - 02379444 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.4.0_all.ipk
2013-06-21 11:49 - 2012-08-01 14:34 - 00000000 ____D C:\Users\MARS\Desktop\DM Zahlung
2013-06-21 11:33 - 2013-06-21 11:32 - 00000000 ____D C:\Users\MARS\Desktop\MP 1.6
2013-06-21 11:14 - 2013-06-21 11:14 - 02214432 _____ C:\Users\MARS\Downloads\enigma2-plugin-extensions-mediaportal_4.3.0_all(2).ipk
2013-06-19 17:16 - 2013-05-27 10:24 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-06-19 17:16 - 2013-05-27 10:24 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-06-18 14:06 - 2013-06-18 14:06 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag_210313.xlsx
2013-06-18 14:06 - 2013-06-18 14:01 - 00000165 ____H C:\Users\MARS\Desktop\~$Reparatur-Auftrag 190313.xlsx
2013-06-17 11:58 - 2013-06-17 11:58 - 00000000 ____D C:\Users\MARS\Desktop\oscam
2013-06-15 15:54 - 2012-07-16 20:29 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-15 15:53 - 2013-06-15 15:53 - 03820480 _____ C:\Users\MARS\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-15 11:32 - 2012-07-16 18:51 - 00000000 ____D C:\Users\MARS\AppData\Local\Origin
2013-06-15 11:32 - 2012-07-16 18:51 - 00000000 ____D C:\ProgramData\Origin
2013-06-15 11:32 - 2012-07-16 18:50 - 00000000 ____D C:\Users\MARS\AppData\Roaming\Origin
2013-06-15 11:29 - 2013-06-15 11:29 - 16959688 _____ (Electronic Arts, Inc.) C:\Users\MARS\Downloads\OriginThinSetup(1).exe
2013-06-13 10:22 - 2013-06-07 12:04 - 00000000 ____D C:\Users\MARS\Desktop\Newsletter
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 00:19
==================== End Of Log ============================ --- --- ---
--- --- --- |