| |
| |||||||
Log-Analyse und Auswertung: W32/Patched.UC - services.exe anscheinend infiziert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.07.2013, 01:13
| #1 |
| |  W32/Patched.UC - services.exe anscheinend infiziert. Hallo, normalerweise entferne ich die Probleme/Viren selbst, aber diesmal muss ich doch die Experten unter euch um Hilfe bitten! Anscheinend hatte ich bisjetzt nichts hartnäckiges eingefangen wie das hier: Ich habe einen Update für Windows manuell geladen da es Probleme bei dem automatischen gab, dabei aber die Risiken nicht bedacht und aus einer unsicheren Quelle geladen die mir sicher erschien. ( Diese Verbrecher  )Nach dem Doppelklick auf die exe hat sie sich selbst entfernt. Hab gleich verstanden das es sich um einen TR handelt, daraufhin einen Vollscan mit Avira durchlaufen lassen. Und siehe da, fund, services.exe ist infiziert. Hab etwas nachgeforscht, es handelt sich um einen ZeroAccess TR aka PWStealer. Ich habe keine großartige Versuche unternommen dieses zu entfernen da laut den Foren es relativ schwer ist, das viele raten das OS neu aufzusetzen. ( Ungerne ) Jedenfalls wäre ich euch sehr dankbar für eure Hilfe! Avira konnte ich die Ereginisse so wie beschrieben nicht exportieren, es passiert einfach nichts wenn ich da auf "Ereignis(se) exportieren" gehe, jedenfalls habe ich nur die Information zur hand durch Avira: - Echtzeitscanner Meldete: Code:
ATTFilter In der Datei 'C:\Users\Alex\Downloads\kb2272691.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
In der Datei 'C:\Windows\System32\services.exe'
wurde ein Virus oder unerwünschtes Programm 'W32/Patched.UC' [virus] gefunden.
In der Datei 'C:\Windows\assembly\GAC_64\Desktop.ini'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.
Die Datei 'C:\Windows\assembly\GAC_64\Desearch'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan].
Code:
ATTFilter Die Datei 'C:\Windows\Installer\{940057f2-a119-a5ba-2a81-5beb1dc2be41}\U\80000032.@'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan].
Die Datei 'C:\Windows\Installer\{940057f2-a119-a5ba-2a81-5beb1dc2be41}\U\80000064.@'
enthielt einen Virus oder unerwünschtes Programm 'TR/Sirefef.77312' [trojan].
n].
Malwarebytes: (Komischerweise fand es nichts) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.30.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Alex :: ALEX-PC [Administrator] Schutz: Aktiviert 01.07.2013 01:19:16 MBAM-log-2013-07-01 (01-53-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 414826 Laufzeit: 32 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2013 00:22:29 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,68% Memory free 7,92 Gb Paging File | 6,63 Gb Available in Paging File | 83,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,29 Gb Total Space | 800,63 Gb Free Space | 85,97% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.01 00:06:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Downloads\OTL.exe PRC - [2013.06.27 11:45:58 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 11:45:42 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.27 11:45:42 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.23 13:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.05 13:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.06.30 22:40:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.27 11:45:58 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 11:45:42 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.23 13:32:08 | 000,632,352 | ---- | M] (Disc Soft Ltd) [On_Demand | Running] -- C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Bus Service) SRV - [2013.05.22 18:47:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.26 14:39:59 | 000,029,696 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtscsibus.sys -- (dtscsibus) DRV:64bit: - [2013.05.08 19:49:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.05.08 19:49:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.05.08 19:49:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.05 13:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.05 13:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.05 13:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.08.12 00:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.30 21:24:40 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 15:02:34 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 7A 21 1E 13 4C CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{F4999599-089C-4EC5-9775-2500B3FAA8B3}: "URL" = hxxp://nova.rambler.ru/search?query={searchTerms}&utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 85.214.243.38:3128 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Rambler" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: vk%40sergeykolosov.mp:0.3.5.1pre FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: openwith%40darktrojan.net:5.3.1 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://nova.rambler.ru/search?utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01&query=" FF - prefs.js..network.proxy.http: "188.40.116.55" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.08 19:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2013.06.30 13:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\is9fj2c3.default\extensions [2013.06.29 16:04:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\is9fj2c3.default\extensions\ich@maltegoetz.de [2013.05.26 12:56:35 | 000,013,955 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\admin@proxy-listen.de.xpi [2013.06.20 06:49:00 | 000,001,980 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\garg_sms@yahoo.in.xpi [2013.05.05 00:10:28 | 000,660,146 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.06.19 12:33:46 | 000,091,162 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\openwith@darktrojan.net.xpi [2013.03.21 17:49:25 | 000,615,654 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\testpilot@labs.mozilla.com.xpi [2012.12.03 01:48:12 | 000,046,981 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\vk@sergeykolosov.mp.xpi [2013.06.30 13:52:11 | 000,344,740 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi [2013.06.22 10:03:05 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.06.05 06:18:15 | 000,030,759 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013.05.08 21:55:59 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.30 13:48:46 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.05.15 05:37:52 | 000,004,113 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\searchplugins\rambler.xml [2012.08.05 16:46:35 | 000,007,856 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\searchplugins\yandex.ru-164635.xml [2012.08.05 17:24:32 | 000,002,166 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\searchplugins\ybqs-yandex.xml [2013.05.22 18:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 18:47:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Docs = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.dll (C-Media Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Ultra Agent] C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe (Disc Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB0838B-D933-4FAA-9B1D-09C402867A4E}: DhcpNameServer = 62.117.1.25 89.16.129.25 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.30 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\backup [2013.06.30 14:21:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\assets_0002 [2013.06.30 13:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.30 13:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.30 13:23:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Google [2013.06.30 13:14:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Movies Extractor Scout [2013.06.30 01:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY [2013.06.27 13:16:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Battlefield_ChessBoard [2013.06.26 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Adobe [2013.06.25 19:38:56 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\gtk-2.0 [2013.06.25 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\.purple [2013.06.25 19:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin [2013.06.24 16:00:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Terrain [2013.06.24 15:55:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\stetic [2013.06.24 15:55:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8 [2013.06.24 15:55:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8 [2013.06.23 13:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.22 11:08:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\pictures [2013.06.22 08:51:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Unity [2013.06.22 08:50:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Apple Computer [2013.06.22 08:50:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Apple Computer [2013.06.22 08:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Unity [2013.06.22 08:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity [2013.06.22 08:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity [2013.06.22 00:32:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Unity [2013.06.21 13:59:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\TS3Client [2013.06.21 13:51:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.06.21 13:51:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\TeamSpeak 3 Client [2013.06.19 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Musik [2013.06.16 22:01:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\DragonNest [2013.06.16 21:59:22 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFusion [2013.06.16 21:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eFusion [2013.06.08 21:35:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\ePSXe180_Starter_Pack [2013.06.08 21:29:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\FF8 [2013.06.07 21:52:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Awesomium [2013.06.07 21:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios [2013.06.07 21:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios [2013.06.06 20:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive [2013.06.06 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Arma 3 Alpha Lite [2013.06.06 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite [2013.06.06 19:16:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\vlc [2013.06.06 19:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.06.06 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.06.02 23:09:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2013.06.02 12:49:35 | 000,000,000 | --SD | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.06.02 12:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.01 00:11:52 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.01 00:11:52 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.01 00:10:21 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.01 00:10:21 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.01 00:10:21 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.01 00:10:21 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.01 00:10:21 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.01 00:04:36 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.01 00:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.01 00:04:26 | 3191,734,272 | -HS- | M] () -- C:\hiberfil.sys [2013.07.01 00:03:30 | 000,000,020 | ---- | M] () -- C:\Users\Alex\defogger_reenable [2013.06.30 23:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.30 23:38:58 | 000,006,407 | ---- | M] () -- C:\Users\Alex\Desktop\Shutdown.lnk [2013.06.30 23:28:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.30 22:50:29 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013.06.28 21:11:21 | 000,000,218 | ---- | M] () -- C:\Users\Alex\AppData\Local\recently-used.xbel [2013.06.27 11:46:04 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.27 11:40:23 | 004,920,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.26 15:41:58 | 000,000,132 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.01 00:03:30 | 000,000,020 | ---- | C] () -- C:\Users\Alex\defogger_reenable [2013.06.30 22:50:58 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013.06.30 13:23:56 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.30 13:23:55 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.28 21:11:21 | 000,000,218 | ---- | C] () -- C:\Users\Alex\AppData\Local\recently-used.xbel [2013.06.25 19:30:31 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk [2013.06.19 19:29:39 | 000,000,132 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013.05.26 12:22:26 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2013.05.20 00:47:50 | 000,000,064 | -H-- | C] () -- C:\Users\Alex\AppData\Roaming\0c5fcba6367acf6a456348ce755852d9186331ff [2013.05.20 00:47:50 | 000,000,064 | -H-- | C] () -- C:\ProgramData\0c5fcba6367acf6a456348ce755852d9186331ff [2013.05.18 20:14:39 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.16 05:49:48 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.05.08 19:54:39 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll [2013.05.08 19:54:37 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl [2013.05.08 19:54:13 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini [2013.05.08 19:54:13 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg [2013.05.08 19:54:13 | 000,000,880 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi [2013.05.08 19:31:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== ZeroAccess Check ========== [2013.04.17 01:03:56 | 000,000,099 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\Net\FTP\L.pm [2013.04.17 01:03:59 | 000,004,735 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\bc\L.pl [2013.04.17 01:03:59 | 000,000,218 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\ccc\L.pl [2013.04.17 01:03:59 | 000,006,338 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\ea\N.pl [2013.04.17 01:04:00 | 000,004,294 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\gc_sc\L.pl [2013.04.17 01:04:00 | 000,000,907 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\gc_sc\N.pl [2013.04.17 01:04:00 | 000,000,242 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\hst\L.pl [2013.04.17 01:04:00 | 000,000,266 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1056988785-399575588-1307586569-1000\$R3VR83P\PortableGit_ca477551eeb4aea0e4ae9fcd3358bd96720bb5c8\lib\perl5\5.8.8\unicore\lib\jt\U.pl [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.07.01 00:04:28 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.07.01 00:04:28 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.30 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.minecraft [2013.06.30 21:57:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\.purple [2013.06.03 23:21:11 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Audacity [2013.06.07 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Awesomium [2013.05.26 14:40:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Ultra [2013.06.27 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FileZilla [2013.05.26 14:51:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\fltk.org [2013.05.31 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GitHub [2013.06.28 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8 [2013.06.30 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Movies Extractor Scout [2013.06.02 23:09:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2013.05.09 09:58:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Rambler [2013.05.10 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.06.24 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\stetic [2013.06.30 22:06:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TS3Client [2013.06.27 15:13:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unity [2013.06.30 23:40:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\ProgramData:CodeDrive 1 @Alternate Data Stream - 24 bytes -> C:\Windows:0BDD45F0F1CD9E6E < End of report > Extras hat es mir nicht ausgegeben, auch an dem ort wo es sein sollte war nur die eine .txt drin ( habe auch mit Extras anwählen versucht, es springt immer wieder zurück auf "Aus" ) Gmer.tx Log GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-01 00:44:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6 WDC_WD10EZEX-60ZF5A0 rev.80.00A80 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075291465 2 bytes [29, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000752914bb 2 bytes [29, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [508] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [592] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [872] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [984] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [444] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1152] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1348] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [2828] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [980] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1856] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:09) 0000000072bf0000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [460] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2010-11-21 03:24:00) 000007fefce00000
---- EOF - GMER 2.1 ----
Bei GMER gabs Zugriffsprobleme mit einem regelrechtem Spam der Fehlermeldung: Code:
ATTFilter C:\Windows\system32\config\system: Der Prozess kann
nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Es handelt sich um die ccuac.exe die in AntiVir Desktop Ordner ist. Code:
ATTFilter Auf das angegebene Gerät, bzw. den Pfad oder die Datei kann nicht zugegriffen
werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das
Element zugreifen zu können.
Bedanke mich jetzt schonmal für eure Zeit! Gute Nacht oder guten Morgen  EDIT: Ich habe ein Tool gefunden das KillZA.exe heißt ( war eine vertrauenswürdige Quelle ) und seitdem ist mein services.exe (anscheinend) wieder in ordnung, die Datei wurde wieder die alte und in Prozessen(Task Manager) ist die services.exe nun als Anwendungen für Dienste und Controller identifizierbar. Avira schlägt nicht mehr aus und die Dienste von Avira sind wieder vollständig aktiviert. ( Was vorhin nicht ging, da ZeroAccess ) Was würdet ihr mir nun empfehlen zu tun? Sicher ist es ja nicht, da ich nicht weiss wie es funktionierte. Sollte ich irgendwas noch analysieren und posten? Geändert von xelawebdev (01.07.2013 um 02:06 Uhr) |
|
01.07.2013, 07:10
| #2 |
| /// the machine /// TB-Ausbilder    | W32/Patched.UC - services.exe anscheinend infiziert. Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
01.07.2013, 10:39
| #3 |
| | W32/Patched.UC - services.exe anscheinend infiziert. Moin, danke für die Mühen, hier der Inhalt der Logdatei:
__________________Code:
ATTFilter 11:29:42.0834 3488 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:29:42.0834 3488 UEFI system
11:29:42.0978 3488 ============================================================
11:29:42.0978 3488 Current date / time: 2013/07/01 11:29:42.0978
11:29:42.0978 3488 SystemInfo:
11:29:42.0978 3488
11:29:42.0978 3488 OS Version: 6.1.7601 ServicePack: 1.0
11:29:42.0978 3488 Product type: Workstation
11:29:42.0978 3488 ComputerName: ALEX-PC
11:29:42.0978 3488 UserName: Alex
11:29:42.0978 3488 Windows directory: C:\Windows
11:29:42.0978 3488 System windows directory: C:\Windows
11:29:42.0978 3488 Running under WOW64
11:29:42.0978 3488 Processor architecture: Intel x64
11:29:42.0978 3488 Number of processors: 4
11:29:42.0978 3488 Page size: 0x1000
11:29:42.0978 3488 Boot type: Normal boot
11:29:42.0978 3488 ============================================================
11:29:43.0618 3488 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:29:43.0619 3488 ============================================================
11:29:43.0619 3488 \Device\Harddisk0\DR0:
11:29:43.0620 3488 GPT partitions:
11:29:43.0643 3488 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {506F1C08-02D8-4466-B8C1-F5E1602AD918}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
11:29:43.0643 3488 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F034B33E-5CBA-455B-A379-0F9632B32177}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
11:29:43.0643 3488 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B1F8DB28-19B0-4CAC-BCF9-D4A291E0124B}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
11:29:43.0643 3488 MBR partitions:
11:29:43.0643 3488 ============================================================
11:29:43.0663 3488 C: <-> \Device\Harddisk0\DR0\Partition3
11:29:43.0663 3488 ============================================================
11:29:43.0663 3488 Initialize success
11:29:43.0663 3488 ============================================================
11:30:03.0847 2616 ============================================================
11:30:03.0847 2616 Scan started
11:30:03.0847 2616 Mode: Manual; SigCheck; TDLFS;
11:30:03.0847 2616 ============================================================
11:30:04.0809 2616 ================ Scan system memory ========================
11:30:04.0809 2616 System memory - ok
11:30:04.0809 2616 ================ Scan services =============================
11:30:04.0906 2616 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:30:05.0196 2616 1394ohci - ok
11:30:05.0216 2616 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:30:05.0231 2616 ACPI - ok
11:30:05.0234 2616 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:30:05.0276 2616 AcpiPmi - ok
11:30:05.0332 2616 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:30:05.0352 2616 AdobeARMservice - ok
11:30:05.0423 2616 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:30:05.0449 2616 AdobeFlashPlayerUpdateSvc - ok
11:30:05.0458 2616 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:30:05.0483 2616 adp94xx - ok
11:30:05.0489 2616 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:30:05.0504 2616 adpahci - ok
11:30:05.0508 2616 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:30:05.0519 2616 adpu320 - ok
11:30:05.0541 2616 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:30:05.0626 2616 AeLookupSvc - ok
11:30:05.0651 2616 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:30:05.0686 2616 AFD - ok
11:30:05.0701 2616 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:30:05.0711 2616 agp440 - ok
11:30:05.0719 2616 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:30:05.0747 2616 ALG - ok
11:30:05.0749 2616 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:30:05.0759 2616 aliide - ok
11:30:05.0762 2616 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:30:05.0771 2616 amdide - ok
11:30:05.0773 2616 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:30:05.0802 2616 AmdK8 - ok
11:30:05.0806 2616 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:30:05.0819 2616 AmdPPM - ok
11:30:05.0833 2616 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:30:05.0844 2616 amdsata - ok
11:30:05.0848 2616 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:30:05.0859 2616 amdsbs - ok
11:30:05.0868 2616 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:30:05.0877 2616 amdxata - ok
11:30:05.0928 2616 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:30:05.0944 2616 AntiVirSchedulerService - ok
11:30:05.0962 2616 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:30:05.0976 2616 AntiVirService - ok
11:30:05.0979 2616 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:30:06.0083 2616 AppID - ok
11:30:06.0096 2616 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:30:06.0139 2616 AppIDSvc - ok
11:30:06.0158 2616 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
11:30:06.0174 2616 Appinfo - ok
11:30:06.0178 2616 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:30:06.0188 2616 arc - ok
11:30:06.0191 2616 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:30:06.0201 2616 arcsas - ok
11:30:06.0257 2616 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:30:06.0314 2616 aspnet_state - ok
11:30:06.0324 2616 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:06.0372 2616 AsyncMac - ok
11:30:06.0374 2616 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:30:06.0382 2616 atapi - ok
11:30:06.0397 2616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:30:06.0454 2616 AudioEndpointBuilder - ok
11:30:06.0472 2616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:30:06.0496 2616 AudioSrv - ok
11:30:06.0506 2616 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:30:06.0574 2616 avgntflt - ok
11:30:06.0594 2616 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:30:06.0607 2616 avipbb - ok
11:30:06.0617 2616 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:30:06.0626 2616 avkmgr - ok
11:30:06.0664 2616 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
11:30:06.0688 2616 AxAutoMntSrv - ok
11:30:06.0699 2616 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:30:06.0756 2616 AxInstSV - ok
11:30:06.0788 2616 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:30:06.0836 2616 b06bdrv - ok
11:30:06.0848 2616 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:30:06.0884 2616 b57nd60a - ok
11:30:06.0902 2616 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:30:06.0928 2616 BDESVC - ok
11:30:06.0941 2616 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:30:06.0973 2616 Beep - ok
11:30:07.0003 2616 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:30:07.0044 2616 BFE - ok
11:30:07.0071 2616 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:30:07.0136 2616 BITS - ok
11:30:07.0157 2616 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:30:07.0174 2616 blbdrive - ok
11:30:07.0188 2616 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:30:07.0206 2616 bowser - ok
11:30:07.0207 2616 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:30:07.0233 2616 BrFiltLo - ok
11:30:07.0236 2616 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:30:07.0246 2616 BrFiltUp - ok
11:30:07.0262 2616 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:30:07.0279 2616 Browser - ok
11:30:07.0283 2616 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:30:07.0321 2616 Brserid - ok
11:30:07.0324 2616 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:30:07.0352 2616 BrSerWdm - ok
11:30:07.0354 2616 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:30:07.0369 2616 BrUsbMdm - ok
11:30:07.0372 2616 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:30:07.0388 2616 BrUsbSer - ok
11:30:07.0391 2616 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:30:07.0416 2616 BTHMODEM - ok
11:30:07.0429 2616 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:30:07.0454 2616 bthserv - ok
11:30:07.0461 2616 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:30:07.0492 2616 cdfs - ok
11:30:07.0494 2616 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:30:07.0507 2616 cdrom - ok
11:30:07.0517 2616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:30:07.0541 2616 CertPropSvc - ok
11:30:07.0546 2616 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:30:07.0558 2616 circlass - ok
11:30:07.0573 2616 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:30:07.0588 2616 CLFS - ok
11:30:07.0641 2616 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:07.0659 2616 clr_optimization_v2.0.50727_32 - ok
11:30:07.0682 2616 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:30:07.0696 2616 clr_optimization_v2.0.50727_64 - ok
11:30:07.0744 2616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:30:07.0832 2616 clr_optimization_v4.0.30319_32 - ok
11:30:07.0848 2616 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:30:07.0867 2616 clr_optimization_v4.0.30319_64 - ok
11:30:07.0869 2616 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:30:07.0892 2616 CmBatt - ok
11:30:07.0894 2616 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:30:07.0906 2616 cmdide - ok
11:30:07.0937 2616 [ 8F4BE02699ED644E89C7818D965B30A3 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
11:30:07.0993 2616 cmuda3 - ok
11:30:08.0018 2616 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:30:08.0067 2616 CNG - ok
11:30:08.0069 2616 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:30:08.0082 2616 Compbatt - ok
11:30:08.0097 2616 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:30:08.0122 2616 CompositeBus - ok
11:30:08.0123 2616 COMSysApp - ok
11:30:08.0127 2616 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:30:08.0137 2616 crcdisk - ok
11:30:08.0173 2616 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:30:08.0224 2616 CryptSvc - ok
11:30:08.0249 2616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:30:08.0291 2616 DcomLaunch - ok
11:30:08.0303 2616 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:30:08.0332 2616 defragsvc - ok
11:30:08.0342 2616 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:30:08.0372 2616 DfsC - ok
11:30:08.0389 2616 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:30:08.0414 2616 Dhcp - ok
11:30:08.0453 2616 [ 52D547C0847999D2C3B9EDB721CCA2A0 ] Disc Soft Bus Service C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
11:30:08.0476 2616 Disc Soft Bus Service - ok
11:30:08.0478 2616 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:30:08.0512 2616 discache - ok
11:30:08.0514 2616 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:30:08.0524 2616 Disk - ok
11:30:08.0548 2616 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:30:08.0582 2616 Dnscache - ok
11:30:08.0601 2616 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:30:08.0641 2616 dot3svc - ok
11:30:08.0654 2616 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:30:08.0692 2616 DPS - ok
11:30:08.0714 2616 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:30:08.0732 2616 drmkaud - ok
11:30:08.0754 2616 [ C9914A74045A6D23DB7252FA3985DE25 ] dtscsibus C:\Windows\system32\DRIVERS\dtscsibus.sys
11:30:08.0762 2616 dtscsibus - ok
11:30:08.0789 2616 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:30:08.0822 2616 DXGKrnl - ok
11:30:08.0851 2616 EagleX64 - ok
11:30:08.0861 2616 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:30:08.0906 2616 EapHost - ok
11:30:08.0947 2616 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:30:09.0036 2616 ebdrv - ok
11:30:09.0052 2616 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:30:09.0077 2616 EFS - ok
11:30:09.0124 2616 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:30:09.0183 2616 ehRecvr - ok
11:30:09.0198 2616 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:30:09.0219 2616 ehSched - ok
11:30:09.0242 2616 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:30:09.0258 2616 elxstor - ok
11:30:09.0276 2616 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:30:09.0293 2616 ErrDev - ok
11:30:09.0309 2616 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:30:09.0344 2616 EventSystem - ok
11:30:09.0348 2616 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:30:09.0374 2616 exfat - ok
11:30:09.0378 2616 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:30:09.0403 2616 fastfat - ok
11:30:09.0421 2616 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:30:09.0448 2616 Fax - ok
11:30:09.0451 2616 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:30:09.0461 2616 fdc - ok
11:30:09.0477 2616 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:30:09.0499 2616 fdPHost - ok
11:30:09.0511 2616 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:30:09.0542 2616 FDResPub - ok
11:30:09.0544 2616 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:30:09.0554 2616 FileInfo - ok
11:30:09.0557 2616 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:30:09.0587 2616 Filetrace - ok
11:30:09.0588 2616 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:30:09.0599 2616 flpydisk - ok
11:30:09.0603 2616 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:30:09.0617 2616 FltMgr - ok
11:30:09.0642 2616 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
11:30:09.0698 2616 FontCache - ok
11:30:09.0739 2616 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:30:09.0756 2616 FontCache3.0.0.0 - ok
11:30:09.0759 2616 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:30:09.0774 2616 FsDepends - ok
11:30:09.0789 2616 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:30:09.0801 2616 Fs_Rec - ok
11:30:09.0823 2616 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:30:09.0846 2616 fvevol - ok
11:30:09.0859 2616 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:30:09.0872 2616 gagp30kx - ok
11:30:09.0877 2616 gdrv - ok
11:30:09.0894 2616 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:30:09.0957 2616 gpsvc - ok
11:30:10.0002 2616 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:30:10.0013 2616 gupdate - ok
11:30:10.0017 2616 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:30:10.0026 2616 gupdatem - ok
11:30:10.0038 2616 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:30:10.0063 2616 hcw85cir - ok
11:30:10.0087 2616 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:30:10.0133 2616 HdAudAddService - ok
11:30:10.0147 2616 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:30:10.0172 2616 HDAudBus - ok
11:30:10.0176 2616 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:30:10.0195 2616 HidBatt - ok
11:30:10.0200 2616 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:30:10.0221 2616 HidBth - ok
11:30:10.0223 2616 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:30:10.0240 2616 HidIr - ok
11:30:10.0248 2616 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:30:10.0283 2616 hidserv - ok
11:30:10.0296 2616 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:30:10.0306 2616 HidUsb - ok
11:30:10.0312 2616 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:30:10.0347 2616 hkmsvc - ok
11:30:10.0357 2616 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:30:10.0381 2616 HomeGroupListener - ok
11:30:10.0397 2616 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:30:10.0415 2616 HomeGroupProvider - ok
11:30:10.0417 2616 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:30:10.0427 2616 HpSAMD - ok
11:30:10.0435 2616 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:30:10.0475 2616 HTTP - ok
11:30:10.0476 2616 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:30:10.0485 2616 hwpolicy - ok
11:30:10.0487 2616 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:30:10.0500 2616 i8042prt - ok
11:30:10.0510 2616 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:30:10.0525 2616 iaStorV - ok
11:30:10.0556 2616 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:30:10.0605 2616 idsvc - ok
11:30:10.0607 2616 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:30:10.0620 2616 iirsp - ok
11:30:10.0637 2616 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:30:10.0683 2616 IKEEXT - ok
11:30:10.0686 2616 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:30:10.0695 2616 intelide - ok
11:30:10.0697 2616 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:30:10.0708 2616 intelppm - ok
11:30:10.0716 2616 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:30:10.0740 2616 IPBusEnum - ok
11:30:10.0747 2616 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:30:10.0771 2616 IpFilterDriver - ok
11:30:10.0810 2616 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:30:10.0861 2616 iphlpsvc - ok
11:30:10.0865 2616 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:30:10.0891 2616 IPMIDRV - ok
11:30:10.0896 2616 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:30:10.0936 2616 IPNAT - ok
11:30:10.0938 2616 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:30:10.0960 2616 IRENUM - ok
11:30:10.0962 2616 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:30:10.0971 2616 isapnp - ok
11:30:10.0983 2616 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:30:10.0997 2616 iScsiPrt - ok
11:30:11.0021 2616 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
11:30:11.0028 2616 iusb3hcs - ok
11:30:11.0040 2616 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
11:30:11.0052 2616 iusb3hub - ok
11:30:11.0077 2616 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
11:30:11.0093 2616 iusb3xhc - ok
11:30:11.0096 2616 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:30:11.0105 2616 kbdclass - ok
11:30:11.0107 2616 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:30:11.0127 2616 kbdhid - ok
11:30:11.0135 2616 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:30:11.0142 2616 KeyIso - ok
11:30:11.0151 2616 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:30:11.0161 2616 KSecDD - ok
11:30:11.0171 2616 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:30:11.0183 2616 KSecPkg - ok
11:30:11.0186 2616 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:30:11.0208 2616 ksthunk - ok
11:30:11.0231 2616 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:30:11.0261 2616 KtmRm - ok
11:30:11.0293 2616 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
11:30:11.0302 2616 L1C - ok
11:30:11.0323 2616 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:30:11.0377 2616 LanmanServer - ok
11:30:11.0392 2616 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:30:11.0417 2616 LanmanWorkstation - ok
11:30:11.0438 2616 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:30:11.0470 2616 lltdio - ok
11:30:11.0486 2616 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:30:11.0520 2616 lltdsvc - ok
11:30:11.0528 2616 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:30:11.0556 2616 lmhosts - ok
11:30:11.0565 2616 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:30:11.0576 2616 LSI_FC - ok
11:30:11.0578 2616 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:30:11.0588 2616 LSI_SAS - ok
11:30:11.0591 2616 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:30:11.0601 2616 LSI_SAS2 - ok
11:30:11.0605 2616 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:30:11.0615 2616 LSI_SCSI - ok
11:30:11.0617 2616 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:30:11.0650 2616 luafv - ok
11:30:11.0673 2616 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:30:11.0682 2616 MBAMProtector - ok
11:30:11.0707 2616 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:30:11.0722 2616 MBAMScheduler - ok
11:30:11.0742 2616 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:30:11.0757 2616 MBAMService - ok
11:30:11.0790 2616 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:30:11.0813 2616 Mcx2Svc - ok
11:30:11.0817 2616 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:30:11.0830 2616 megasas - ok
11:30:11.0833 2616 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:30:11.0848 2616 MegaSR - ok
11:30:11.0868 2616 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:30:11.0877 2616 MEIx64 - ok
11:30:11.0883 2616 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:30:11.0908 2616 MMCSS - ok
11:30:11.0917 2616 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:30:11.0947 2616 Modem - ok
11:30:11.0950 2616 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:30:11.0968 2616 monitor - ok
11:30:11.0977 2616 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:30:11.0986 2616 mouclass - ok
11:30:11.0988 2616 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:30:12.0003 2616 mouhid - ok
11:30:12.0007 2616 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:30:12.0017 2616 mountmgr - ok
11:30:12.0040 2616 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:30:12.0051 2616 MozillaMaintenance - ok
11:30:12.0055 2616 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:30:12.0067 2616 mpio - ok
11:30:12.0070 2616 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:30:12.0093 2616 mpsdrv - ok
11:30:12.0140 2616 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:30:12.0223 2616 MpsSvc - ok
11:30:12.0226 2616 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:30:12.0245 2616 MRxDAV - ok
11:30:12.0256 2616 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:30:12.0283 2616 mrxsmb - ok
11:30:12.0302 2616 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:30:12.0315 2616 mrxsmb10 - ok
11:30:12.0321 2616 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:30:12.0332 2616 mrxsmb20 - ok
11:30:12.0335 2616 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:30:12.0343 2616 msahci - ok
11:30:12.0346 2616 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:30:12.0357 2616 msdsm - ok
11:30:12.0371 2616 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:30:12.0383 2616 MSDTC - ok
11:30:12.0396 2616 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:30:12.0426 2616 Msfs - ok
11:30:12.0438 2616 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:30:12.0461 2616 mshidkmdf - ok
11:30:12.0462 2616 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:30:12.0471 2616 msisadrv - ok
11:30:12.0496 2616 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:30:12.0521 2616 MSiSCSI - ok
11:30:12.0522 2616 msiserver - ok
11:30:12.0541 2616 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:30:12.0578 2616 MSKSSRV - ok
11:30:12.0586 2616 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:30:12.0618 2616 MSPCLOCK - ok
11:30:12.0621 2616 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:30:12.0642 2616 MSPQM - ok
11:30:12.0646 2616 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:30:12.0660 2616 MsRPC - ok
11:30:12.0663 2616 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:30:12.0670 2616 mssmbios - ok
11:30:12.0671 2616 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:30:12.0692 2616 MSTEE - ok
11:30:12.0695 2616 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:30:12.0703 2616 MTConfig - ok
11:30:12.0706 2616 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:30:12.0716 2616 Mup - ok
11:30:12.0730 2616 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:30:12.0762 2616 napagent - ok
11:30:12.0785 2616 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:30:12.0802 2616 NativeWifiP - ok
11:30:12.0830 2616 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:30:12.0847 2616 NDIS - ok
11:30:12.0856 2616 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:30:12.0880 2616 NdisCap - ok
11:30:12.0887 2616 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:30:12.0908 2616 NdisTapi - ok
11:30:12.0911 2616 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:30:12.0935 2616 Ndisuio - ok
11:30:12.0937 2616 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:30:12.0982 2616 NdisWan - ok
11:30:12.0985 2616 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:30:13.0006 2616 NDProxy - ok
11:30:13.0008 2616 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:30:13.0037 2616 NetBIOS - ok
11:30:13.0041 2616 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:30:13.0066 2616 NetBT - ok
11:30:13.0076 2616 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:30:13.0083 2616 Netlogon - ok
11:30:13.0092 2616 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:30:13.0122 2616 Netman - ok
11:30:13.0150 2616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:13.0182 2616 NetMsmqActivator - ok
11:30:13.0186 2616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:13.0198 2616 NetPipeActivator - ok
11:30:13.0215 2616 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:30:13.0255 2616 netprofm - ok
11:30:13.0257 2616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:13.0263 2616 NetTcpActivator - ok
11:30:13.0266 2616 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:13.0271 2616 NetTcpPortSharing - ok
11:30:13.0282 2616 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:30:13.0291 2616 nfrd960 - ok
11:30:13.0300 2616 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:30:13.0315 2616 NlaSvc - ok
11:30:13.0382 2616 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
11:30:13.0397 2616 NPF - ok
11:30:13.0401 2616 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:30:13.0432 2616 Npfs - ok
11:30:13.0453 2616 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:30:13.0476 2616 nsi - ok
11:30:13.0478 2616 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:30:13.0507 2616 nsiproxy - ok
11:30:13.0541 2616 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:30:13.0587 2616 Ntfs - ok
11:30:13.0598 2616 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:30:13.0623 2616 Null - ok
11:30:13.0648 2616 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:30:13.0665 2616 NVHDA - ok
11:30:13.0812 2616 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:30:13.0922 2616 nvlddmkm - ok
11:30:13.0936 2616 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:30:13.0947 2616 nvraid - ok
11:30:13.0951 2616 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:30:13.0961 2616 nvstor - ok
11:30:13.0990 2616 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:30:14.0021 2616 nvsvc - ok
11:30:14.0067 2616 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:30:14.0095 2616 nvUpdatusService - ok
11:30:14.0116 2616 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:30:14.0126 2616 nv_agp - ok
11:30:14.0128 2616 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:30:14.0146 2616 ohci1394 - ok
11:30:14.0162 2616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:30:14.0183 2616 p2pimsvc - ok
11:30:14.0195 2616 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:30:14.0210 2616 p2psvc - ok
11:30:14.0231 2616 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:30:14.0247 2616 Parport - ok
11:30:14.0263 2616 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:30:14.0273 2616 partmgr - ok
11:30:14.0281 2616 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:30:14.0300 2616 PcaSvc - ok
11:30:14.0302 2616 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:30:14.0315 2616 pci - ok
11:30:14.0317 2616 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:30:14.0325 2616 pciide - ok
11:30:14.0335 2616 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:30:14.0347 2616 pcmcia - ok
11:30:14.0350 2616 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:30:14.0358 2616 pcw - ok
11:30:14.0365 2616 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:30:14.0408 2616 PEAUTH - ok
11:30:14.0442 2616 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:30:14.0461 2616 PerfHost - ok
11:30:14.0483 2616 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:30:14.0532 2616 pla - ok
11:30:14.0557 2616 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:30:14.0588 2616 PlugPlay - ok
11:30:14.0602 2616 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:30:14.0618 2616 PNRPAutoReg - ok
11:30:14.0622 2616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:30:14.0631 2616 PNRPsvc - ok
11:30:14.0651 2616 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:30:14.0687 2616 PolicyAgent - ok
11:30:14.0718 2616 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:30:14.0745 2616 Power - ok
11:30:14.0763 2616 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:30:14.0787 2616 PptpMiniport - ok
11:30:14.0790 2616 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:30:14.0808 2616 Processor - ok
11:30:14.0827 2616 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:30:14.0860 2616 ProfSvc - ok
11:30:14.0868 2616 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:30:14.0875 2616 ProtectedStorage - ok
11:30:14.0881 2616 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:30:14.0911 2616 Psched - ok
11:30:14.0940 2616 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:30:14.0970 2616 ql2300 - ok
11:30:14.0973 2616 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:30:14.0985 2616 ql40xx - ok
11:30:14.0996 2616 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:30:15.0015 2616 QWAVE - ok
11:30:15.0017 2616 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:30:15.0030 2616 QWAVEdrv - ok
11:30:15.0041 2616 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:30:15.0063 2616 RasAcd - ok
11:30:15.0077 2616 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:30:15.0102 2616 RasAgileVpn - ok
11:30:15.0113 2616 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:30:15.0138 2616 RasAuto - ok
11:30:15.0142 2616 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:15.0168 2616 Rasl2tp - ok
11:30:15.0188 2616 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:30:15.0217 2616 RasMan - ok
11:30:15.0220 2616 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:15.0243 2616 RasPppoe - ok
11:30:15.0247 2616 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:30:15.0271 2616 RasSstp - ok
11:30:15.0275 2616 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:30:15.0310 2616 rdbss - ok
11:30:15.0312 2616 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:30:15.0322 2616 rdpbus - ok
11:30:15.0331 2616 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:15.0352 2616 RDPCDD - ok
11:30:15.0355 2616 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:30:15.0385 2616 RDPENCDD - ok
11:30:15.0387 2616 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:30:15.0408 2616 RDPREFMP - ok
11:30:15.0421 2616 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:30:15.0437 2616 RDPWD - ok
11:30:15.0441 2616 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:30:15.0453 2616 rdyboost - ok
11:30:15.0461 2616 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:30:15.0485 2616 RemoteAccess - ok
11:30:15.0503 2616 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:30:15.0540 2616 RemoteRegistry - ok
11:30:15.0566 2616 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
11:30:15.0582 2616 rpcapd - ok
11:30:15.0598 2616 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:30:15.0636 2616 RpcEptMapper - ok
11:30:15.0650 2616 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:30:15.0671 2616 RpcLocator - ok
11:30:15.0681 2616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:30:15.0706 2616 RpcSs - ok
11:30:15.0708 2616 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:30:15.0732 2616 rspndr - ok
11:30:15.0742 2616 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:30:15.0750 2616 SamSs - ok
11:30:15.0752 2616 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:30:15.0762 2616 sbp2port - ok
11:30:15.0770 2616 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:30:15.0795 2616 SCardSvr - ok
11:30:15.0797 2616 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:30:15.0825 2616 scfilter - ok
11:30:15.0840 2616 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:30:15.0902 2616 Schedule - ok
11:30:15.0916 2616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:30:15.0936 2616 SCPolicySvc - ok
11:30:15.0943 2616 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:30:15.0967 2616 SDRSVC - ok
11:30:15.0968 2616 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:30:16.0002 2616 secdrv - ok
11:30:16.0005 2616 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:30:16.0027 2616 seclogon - ok
11:30:16.0041 2616 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:30:16.0067 2616 SENS - ok
11:30:16.0070 2616 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:30:16.0096 2616 SensrSvc - ok
11:30:16.0097 2616 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:30:16.0107 2616 Serenum - ok
11:30:16.0120 2616 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:30:16.0131 2616 Serial - ok
11:30:16.0141 2616 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:30:16.0155 2616 sermouse - ok
11:30:16.0163 2616 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:30:16.0196 2616 SessionEnv - ok
11:30:16.0198 2616 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:30:16.0210 2616 sffdisk - ok
11:30:16.0211 2616 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:30:16.0227 2616 sffp_mmc - ok
11:30:16.0230 2616 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:30:16.0240 2616 sffp_sd - ok
11:30:16.0242 2616 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:30:16.0257 2616 sfloppy - ok
11:30:16.0283 2616 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:30:16.0316 2616 SharedAccess - ok
11:30:16.0327 2616 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:30:16.0356 2616 ShellHWDetection - ok
11:30:16.0366 2616 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:30:16.0375 2616 SiSRaid2 - ok
11:30:16.0377 2616 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:30:16.0387 2616 SiSRaid4 - ok
11:30:16.0410 2616 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:30:16.0442 2616 SkypeUpdate - ok
11:30:16.0446 2616 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:30:16.0480 2616 Smb - ok
11:30:16.0493 2616 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:30:16.0508 2616 SNMPTRAP - ok
11:30:16.0510 2616 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:30:16.0518 2616 spldr - ok
11:30:16.0542 2616 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:30:16.0563 2616 Spooler - ok
11:30:16.0617 2616 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:30:16.0683 2616 sppsvc - ok
11:30:16.0687 2616 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:30:16.0711 2616 sppuinotify - ok
11:30:16.0725 2616 sptd - ok
11:30:16.0751 2616 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:30:16.0783 2616 srv - ok
11:30:16.0790 2616 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:30:16.0812 2616 srv2 - ok
11:30:16.0821 2616 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:30:16.0832 2616 srvnet - ok
11:30:16.0842 2616 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:30:16.0868 2616 SSDPSRV - ok
11:30:16.0880 2616 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:30:16.0901 2616 SstpSvc - ok
11:30:16.0947 2616 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
11:30:16.0967 2616 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
11:30:16.0967 2616 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
11:30:16.0988 2616 Steam Client Service - ok
11:30:17.0016 2616 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:30:17.0043 2616 Stereo Service - ok
11:30:17.0046 2616 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:30:17.0055 2616 stexstor - ok
11:30:17.0082 2616 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:30:17.0108 2616 stisvc - ok
11:30:17.0111 2616 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:30:17.0120 2616 swenum - ok
11:30:17.0182 2616 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:30:17.0225 2616 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:30:17.0225 2616 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:30:17.0240 2616 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:30:17.0273 2616 swprv - ok
11:30:17.0296 2616 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:30:17.0342 2616 SysMain - ok
11:30:17.0352 2616 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:30:17.0367 2616 TabletInputService - ok
11:30:17.0371 2616 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:30:17.0408 2616 TapiSrv - ok
11:30:17.0417 2616 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:30:17.0441 2616 TBS - ok
11:30:17.0483 2616 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:30:17.0537 2616 Tcpip - ok
11:30:17.0595 2616 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:30:17.0626 2616 TCPIP6 - ok
11:30:17.0648 2616 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:30:17.0658 2616 tcpipreg - ok
11:30:17.0670 2616 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:30:17.0695 2616 TDPIPE - ok
11:30:17.0712 2616 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:30:17.0722 2616 TDTCP - ok
11:30:17.0741 2616 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:30:17.0765 2616 tdx - ok
11:30:17.0767 2616 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:30:17.0777 2616 TermDD - ok
11:30:17.0793 2616 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:30:17.0833 2616 TermService - ok
11:30:17.0843 2616 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:30:17.0857 2616 Themes - ok
11:30:17.0866 2616 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:30:17.0886 2616 THREADORDER - ok
11:30:17.0896 2616 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:30:17.0931 2616 TrkWks - ok
11:30:17.0978 2616 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:30:18.0015 2616 TrustedInstaller - ok
11:30:18.0018 2616 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:18.0052 2616 tssecsrv - ok
11:30:18.0065 2616 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:30:18.0077 2616 TsUsbFlt - ok
11:30:18.0080 2616 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:30:18.0088 2616 TsUsbGD - ok
11:30:18.0106 2616 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:30:18.0135 2616 tunnel - ok
11:30:18.0137 2616 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:30:18.0147 2616 uagp35 - ok
11:30:18.0152 2616 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:30:18.0182 2616 udfs - ok
11:30:18.0195 2616 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:30:18.0211 2616 UI0Detect - ok
11:30:18.0230 2616 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:30:18.0240 2616 uliagpkx - ok
11:30:18.0241 2616 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:30:18.0255 2616 umbus - ok
11:30:18.0256 2616 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:30:18.0266 2616 UmPass - ok
11:30:18.0276 2616 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:30:18.0312 2616 upnphost - ok
11:30:18.0331 2616 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:30:18.0350 2616 usbaudio - ok
11:30:18.0366 2616 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:30:18.0403 2616 usbccgp - ok
11:30:18.0408 2616 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:30:18.0430 2616 usbcir - ok
11:30:18.0440 2616 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:30:18.0463 2616 usbehci - ok
11:30:18.0478 2616 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:30:18.0502 2616 usbhub - ok
11:30:18.0508 2616 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:30:18.0520 2616 usbohci - ok
11:30:18.0527 2616 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:30:18.0546 2616 usbprint - ok
11:30:18.0566 2616 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:30:18.0578 2616 usbscan - ok
11:30:18.0591 2616 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:18.0611 2616 USBSTOR - ok
11:30:18.0620 2616 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:30:18.0640 2616 usbuhci - ok
11:30:18.0647 2616 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:30:18.0678 2616 UxSms - ok
11:30:18.0685 2616 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:30:18.0692 2616 VaultSvc - ok
11:30:18.0693 2616 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:30:18.0702 2616 vdrvroot - ok
11:30:18.0712 2616 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:30:18.0742 2616 vds - ok
11:30:18.0745 2616 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:18.0756 2616 vga - ok
11:30:18.0757 2616 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:30:18.0780 2616 VgaSave - ok
11:30:18.0783 2616 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:30:18.0796 2616 vhdmp - ok
11:30:18.0798 2616 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:30:18.0807 2616 viaide - ok
11:30:18.0810 2616 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:30:18.0818 2616 volmgr - ok
11:30:18.0823 2616 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:30:18.0838 2616 volmgrx - ok
11:30:18.0842 2616 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:30:18.0856 2616 volsnap - ok
11:30:18.0867 2616 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:30:18.0878 2616 vsmraid - ok
11:30:18.0898 2616 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:30:18.0948 2616 VSS - ok
11:30:18.0951 2616 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:30:18.0972 2616 vwifibus - ok
11:30:19.0005 2616 [ 7959EA6EADC1AAF7FB40678F0BAB4C0E ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
11:30:19.0031 2616 VX1000 - ok
11:30:19.0042 2616 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:30:19.0072 2616 W32Time - ok
11:30:19.0086 2616 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:30:19.0097 2616 WacomPen - ok
11:30:19.0100 2616 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:30:19.0128 2616 WANARP - ok
11:30:19.0131 2616 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:30:19.0151 2616 Wanarpv6 - ok
11:30:19.0172 2616 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:30:19.0216 2616 wbengine - ok
11:30:19.0226 2616 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:30:19.0242 2616 WbioSrvc - ok
11:30:19.0247 2616 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:30:19.0271 2616 wcncsvc - ok
11:30:19.0276 2616 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:30:19.0296 2616 WcsPlugInService - ok
11:30:19.0298 2616 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:30:19.0307 2616 Wd - ok
11:30:19.0328 2616 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:30:19.0362 2616 Wdf01000 - ok
11:30:19.0368 2616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:30:19.0437 2616 WdiServiceHost - ok
11:30:19.0441 2616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:30:19.0458 2616 WdiSystemHost - ok
11:30:19.0468 2616 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:30:19.0496 2616 WebClient - ok
11:30:19.0500 2616 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:30:19.0535 2616 Wecsvc - ok
11:30:19.0538 2616 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:30:19.0562 2616 wercplsupport - ok
11:30:19.0583 2616 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:30:19.0608 2616 WerSvc - ok
11:30:19.0611 2616 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:30:19.0632 2616 WfpLwf - ok
11:30:19.0635 2616 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:30:19.0643 2616 WIMMount - ok
11:30:19.0655 2616 WinDefend - ok
11:30:19.0657 2616 WinHttpAutoProxySvc - ok
11:30:19.0685 2616 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:30:19.0712 2616 Winmgmt - ok
11:30:19.0740 2616 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:30:19.0841 2616 WinRM - ok
11:30:19.0871 2616 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:30:19.0888 2616 WinUsb - ok
11:30:19.0908 2616 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:30:19.0941 2616 Wlansvc - ok
11:30:19.0943 2616 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:30:19.0952 2616 WmiAcpi - ok
11:30:19.0965 2616 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:30:19.0983 2616 wmiApSrv - ok
11:30:19.0993 2616 WMPNetworkSvc - ok
11:30:19.0998 2616 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:30:20.0007 2616 WPCSvc - ok
11:30:20.0015 2616 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:30:20.0028 2616 WPDBusEnum - ok
11:30:20.0031 2616 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:30:20.0052 2616 ws2ifsl - ok
11:30:20.0066 2616 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:30:20.0085 2616 wscsvc - ok
11:30:20.0087 2616 WSearch - ok
11:30:20.0128 2616 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:30:20.0178 2616 wuauserv - ok
11:30:20.0203 2616 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:30:20.0231 2616 WudfPf - ok
11:30:20.0243 2616 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:20.0270 2616 WUDFRd - ok
11:30:20.0286 2616 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:30:20.0312 2616 wudfsvc - ok
11:30:20.0328 2616 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
11:30:20.0352 2616 WwanSvc - ok
11:30:20.0371 2616 xhunter1 - ok
11:30:20.0373 2616 ================ Scan global ===============================
11:30:20.0391 2616 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:30:20.0412 2616 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:30:20.0446 2616 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:30:20.0461 2616 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:30:20.0475 2616 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:30:20.0483 2616 [Global] - ok
11:30:20.0483 2616 ================ Scan MBR ==================================
11:30:20.0507 2616 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:30:20.0582 2616 \Device\Harddisk0\DR0 - ok
11:30:20.0582 2616 ================ Scan VBR ==================================
11:30:20.0612 2616 [ 1C0F01C57DFA00EFC872C46E30491687 ] \Device\Harddisk0\DR0\Partition1
11:30:20.0612 2616 \Device\Harddisk0\DR0\Partition1 - ok
11:30:20.0622 2616 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
11:30:20.0622 2616 \Device\Harddisk0\DR0\Partition2 - ok
11:30:20.0631 2616 [ 2B13A64C3454288F2BBF982B8B8BACF0 ] \Device\Harddisk0\DR0\Partition3
11:30:20.0632 2616 \Device\Harddisk0\DR0\Partition3 - ok
11:30:20.0633 2616 ============================================================
11:30:20.0633 2616 Scan finished
11:30:20.0633 2616 ============================================================
11:30:20.0641 2804 Detected object count: 2
11:30:20.0641 2804 Actual detected object count: 2
11:35:35.0734 2804 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:35.0734 2804 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:35.0735 2804 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:35.0735 2804 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.07.2013, 12:53
| #4 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC - services.exe anscheinend infiziert. Hi, Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 13:29
| #5 |
| | W32/Patched.UC - services.exe anscheinend infiziert. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Alex (administrator) on 01-07-2013 13:56:24
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd [8151040 2009-09-07] (C-Media Corporation)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun [3123744 2013-05-23] (Disc Soft Ltd)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 85.214.243.38:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {F4999599-089C-4EC5-9775-2500B3FAA8B3} URL = hxxp://nova.rambler.ru/search?query={searchTerms}&utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default
FF SearchEngine: Rambler
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://nova.rambler.ru/search?utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01&query=
FF NetworkProxy: "http", "188.40.116.55"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\ich@maltegoetz.de
FF Extension: admin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: garg_sms - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\garg_sms@yahoo.in.xpi
FF Extension: jid0-UVAeBCfd34Kk5usS8A1CBiobvM8 - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
FF Extension: openwith - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\openwith@darktrojan.net.xpi
FF Extension: testpilot - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: vk - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\vk@sergeykolosov.mp.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-05-23] (Disc Soft Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-08] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-05-26] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-26] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 13:56 - 2013-07-01 13:56 - 00000000 ____D C:\FRST
2013-07-01 13:55 - 2013-07-01 13:55 - 01933758 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-07-01 02:59 - 2013-07-01 02:59 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-07-01 02:59 - 2013-07-01 02:59 - 00000000 ____D C:\Support
2013-07-01 02:56 - 2013-07-01 02:56 - 00360914 ____A C:\Users\Alex\Downloads\KillZA.zip
2013-07-01 01:15 - 2013-07-01 01:15 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 01:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 00:30 - 2013-07-01 00:30 - 00377856 ____A C:\Users\Alex\Downloads\gmer_2.1.19163.exe
2013-07-01 00:06 - 2013-07-01 00:06 - 00602112 ____A (OldTimer Tools) C:\Users\Alex\Downloads\OTL.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00050477 ____A C:\Users\Alex\Downloads\Defogger.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00000580 ____A C:\Users\Alex\Downloads\defogger_disable.log
2013-07-01 00:03 - 2013-07-01 00:03 - 00000020 ____A C:\Users\Alex\defogger_reenable
2013-06-30 23:41 - 2013-07-01 11:44 - 00000000 ____D C:\Users\Alex\Desktop\backup
2013-06-30 22:50 - 2013-06-30 22:50 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-06-30 14:21 - 2013-06-30 14:21 - 00000000 ____D C:\Users\Alex\Documents\assets_0002
2013-06-30 13:23 - 2013-07-01 13:28 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 13:23 - 2013-07-01 13:28 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 13:23 - 2013-06-30 13:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2013-06-30 13:23 - 2013-06-30 13:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 13:14 - 2013-06-30 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Movies Extractor Scout
2013-06-30 01:09 - 2013-06-30 01:09 - 00000000 ____D C:\Users\Alex\Downloads\Ultimate Symbol
2013-06-30 01:04 - 2013-06-30 01:18 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-28 21:11 - 2013-06-28 21:11 - 00000218 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-06-28 18:42 - 2013-06-28 18:42 - 00000000 ____D C:\Users\Alex\Downloads\3 - Introduction to Unity 3D API
2013-06-27 13:16 - 2013-06-30 20:16 - 00000000 ____D C:\Users\Alex\Documents\Battlefield_ChessBoard
2013-06-26 15:39 - 2013-06-26 15:39 - 00000000 ____D C:\Users\Alex\Documents\Adobe
2013-06-25 19:38 - 2013-06-25 22:17 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
2013-06-25 19:30 - 2013-06-30 21:57 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.purple
2013-06-25 19:30 - 2013-06-25 19:30 - 00000000 ____D C:\Program Files (x86)\Pidgin
2013-06-24 20:03 - 2013-06-24 20:04 - 00000000 ____D C:\Users\Alex\Downloads\Unity 3.5 Assets Materials and Terrain
2013-06-24 19:57 - 2013-06-24 19:58 - 00000000 ____D C:\Users\Alex\Downloads\Introduction.to.C.sharp.in.Unity.3.5
2013-06-24 16:00 - 2013-06-27 13:16 - 00000000 ___AD C:\Users\Alex\Documents\Terrain
2013-06-24 15:55 - 2013-06-28 21:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\stetic
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8
2013-06-23 13:09 - 2013-06-23 13:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 12:48 - 2013-06-22 12:49 - 00000000 ____D C:\Users\Alex\Downloads\User Interface Design
2013-06-22 08:51 - 2013-06-27 15:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2013-06-22 08:50 - 2013-06-30 18:04 - 00000000 ____D C:\ProgramData\Unity
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2013-06-22 08:47 - 2013-06-22 08:49 - 00000000 ____D C:\Program Files (x86)\Unity
2013-06-22 00:32 - 2013-06-23 09:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2013-06-21 13:59 - 2013-06-30 22:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-06-21 13:51 - 2013-06-21 13:51 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3 Client
2013-06-19 19:29 - 2013-06-26 15:41 - 00000132 ____A C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-19 13:17 - 2013-06-30 23:43 - 00000000 ____D C:\Users\Alex\Desktop\Musik
2013-06-16 21:58 - 2013-06-30 23:49 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-06-16 21:05 - 2013-06-16 21:06 - 00000000 ____D C:\Users\Alex\Downloads\Designing Futuristic Menus in Illustrator_2013
2013-06-15 14:36 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 14:36 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 14:36 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 14:36 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 14:36 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 06:56 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 06:56 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 06:56 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 06:56 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 06:56 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 06:56 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 05:51 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 05:51 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 05:51 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 05:51 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 05:51 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 05:51 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 05:51 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 05:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 05:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 05:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 05:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 05:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 05:51 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 05:51 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 05:51 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 05:51 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ePSXe180_Starter_Pack
2013-06-08 21:29 - 2013-06-09 15:00 - 00000000 ____D C:\Users\Alex\Desktop\FF8
2013-06-07 21:52 - 2013-06-30 23:48 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-06-07 21:52 - 2013-06-30 23:48 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-06-07 21:52 - 2013-06-07 21:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Awesomium
2013-06-07 16:36 - 2013-06-07 16:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-06 20:28 - 2013-06-06 20:34 - 00000000 ____D C:\Users\Alex\Documents\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-06 19:16 - 2013-06-30 18:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-06-06 19:16 - 2013-06-06 19:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-02 23:09 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OpenOffice.org
2013-06-02 12:49 - 2013-06-02 12:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
==================== One Month Modified Files and Folders =======
2013-07-01 13:56 - 2013-07-01 13:56 - 00000000 ____D C:\FRST
2013-07-01 13:55 - 2013-07-01 13:55 - 01933758 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-07-01 13:55 - 2013-05-08 19:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-01 13:50 - 2013-05-08 19:58 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 13:48 - 2013-05-10 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-01 13:28 - 2013-06-30 13:23 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 13:28 - 2013-06-30 13:23 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 11:44 - 2013-06-30 23:41 - 00000000 ____D C:\Users\Alex\Desktop\backup
2013-07-01 11:34 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 11:34 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 11:31 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-07-01 11:31 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-07-01 11:31 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 11:27 - 2013-05-25 08:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 11:27 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 11:27 - 2009-07-14 06:51 - 00034347 ____A C:\Windows\setupact.log
2013-07-01 03:28 - 2013-05-08 19:25 - 02010228 ____A C:\Windows\WindowsUpdate.log
2013-07-01 03:06 - 2013-05-18 20:14 - 01589442 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-01 02:59 - 2013-07-01 02:59 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-07-01 02:59 - 2013-07-01 02:59 - 00000000 ____D C:\Support
2013-07-01 02:59 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 02:56 - 2013-07-01 02:56 - 00360914 ____A C:\Users\Alex\Downloads\KillZA.zip
2013-07-01 01:15 - 2013-07-01 01:15 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 00:30 - 2013-07-01 00:30 - 00377856 ____A C:\Users\Alex\Downloads\gmer_2.1.19163.exe
2013-07-01 00:06 - 2013-07-01 00:06 - 00602112 ____A (OldTimer Tools) C:\Users\Alex\Downloads\OTL.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00050477 ____A C:\Users\Alex\Downloads\Defogger.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00000580 ____A C:\Users\Alex\Downloads\defogger_disable.log
2013-07-01 00:03 - 2013-07-01 00:03 - 00000020 ____A C:\Users\Alex\defogger_reenable
2013-07-01 00:03 - 2013-05-08 19:25 - 00000000 ____D C:\users\Alex
2013-06-30 23:49 - 2013-06-16 21:58 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-06-30 23:48 - 2013-06-07 21:52 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-06-30 23:48 - 2013-06-07 21:52 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-06-30 23:48 - 2013-05-08 19:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-30 23:43 - 2013-06-19 13:17 - 00000000 ____D C:\Users\Alex\Desktop\Musik
2013-06-30 23:40 - 2013-05-09 09:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2013-06-30 23:38 - 2013-05-22 23:00 - 00006407 ____A C:\Users\Alex\Desktop\Shutdown.lnk
2013-06-30 23:38 - 2013-05-18 20:16 - 00000000 ____D C:\Users\Alex\Documents\My Games
2013-06-30 23:37 - 2013-05-22 23:02 - 00000000 ____D C:\Users\Alex\Desktop\Illustrator
2013-06-30 22:51 - 2010-11-21 05:47 - 00011312 ____A C:\Windows\PFRO.log
2013-06-30 22:50 - 2013-06-30 22:50 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-06-30 22:39 - 2013-05-08 19:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-30 22:39 - 2013-05-08 19:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-30 22:06 - 2013-06-21 13:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-06-30 21:57 - 2013-06-25 19:30 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.purple
2013-06-30 20:16 - 2013-06-27 13:16 - 00000000 ____D C:\Users\Alex\Documents\Battlefield_ChessBoard
2013-06-30 18:04 - 2013-06-22 08:50 - 00000000 ____D C:\ProgramData\Unity
2013-06-30 18:00 - 2013-06-06 19:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-06-30 14:21 - 2013-06-30 14:21 - 00000000 ____D C:\Users\Alex\Documents\assets_0002
2013-06-30 13:24 - 2013-06-30 13:23 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2013-06-30 13:24 - 2013-06-30 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 13:14 - 2013-06-30 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Movies Extractor Scout
2013-06-30 13:03 - 2013-05-08 19:26 - 00000000 ____D C:\Users\Alex\AppData\Local\VirtualStore
2013-06-30 01:18 - 2013-06-30 01:04 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-30 01:09 - 2013-06-30 01:09 - 00000000 ____D C:\Users\Alex\Downloads\Ultimate Symbol
2013-06-28 21:11 - 2013-06-28 21:11 - 00000218 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-06-28 21:04 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-28 18:42 - 2013-06-28 18:42 - 00000000 ____D C:\Users\Alex\Downloads\3 - Introduction to Unity 3D API
2013-06-27 21:07 - 2013-05-14 16:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FileZilla
2013-06-27 15:13 - 2013-06-22 08:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2013-06-27 13:16 - 2013-06-24 16:00 - 00000000 ___AD C:\Users\Alex\Documents\Terrain
2013-06-27 11:46 - 2013-05-09 08:23 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-27 11:40 - 2009-07-14 06:45 - 04920928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-26 15:41 - 2013-06-19 19:29 - 00000132 ____A C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-26 15:39 - 2013-06-26 15:39 - 00000000 ____D C:\Users\Alex\Documents\Adobe
2013-06-26 15:39 - 2013-05-08 19:58 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2013-06-26 14:36 - 2013-05-08 21:28 - 00065992 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-25 22:17 - 2013-06-25 19:38 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
2013-06-25 19:30 - 2013-06-25 19:30 - 00000000 ____D C:\Program Files (x86)\Pidgin
2013-06-24 20:04 - 2013-06-24 20:03 - 00000000 ____D C:\Users\Alex\Downloads\Unity 3.5 Assets Materials and Terrain
2013-06-24 19:58 - 2013-06-24 19:57 - 00000000 ____D C:\Users\Alex\Downloads\Introduction.to.C.sharp.in.Unity.3.5
2013-06-24 19:53 - 2013-06-24 19:52 - 00000000 ____D C:\Users\Alex\Downloads\Introduction to Unity 4 (Joshua Kinney) [06.05.2013]
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\stetic
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8
2013-06-24 00:39 - 2013-05-10 16:18 - 00063120 ____A C:\Windows\DirectX.log
2013-06-23 13:09 - 2013-06-23 13:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 13:09 - 2013-05-09 08:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:09 - 2013-05-09 08:48 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 09:55 - 2013-06-22 00:32 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2013-06-22 12:49 - 2013-06-22 12:48 - 00000000 ____D C:\Users\Alex\Downloads\User Interface Design
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2013-06-22 08:49 - 2013-06-22 08:47 - 00000000 ____D C:\Program Files (x86)\Unity
2013-06-22 02:36 - 2013-05-20 12:15 - 00000000 ____D C:\Program Files (x86)\Eclipse
2013-06-21 13:51 - 2013-06-21 13:51 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3 Client
2013-06-20 15:34 - 2013-05-25 16:09 - 00000000 ____D C:\Program Files (x86)\YGOPro
2013-06-20 08:29 - 2013-05-16 22:42 - 00000000 ____D C:\Users\Alex\Documents\Rockstar Games
2013-06-16 22:06 - 2013-06-16 22:01 - 00000000 ____D C:\Users\Alex\Documents\DragonNest
2013-06-16 21:06 - 2013-06-16 21:05 - 00000000 ____D C:\Users\Alex\Downloads\Designing Futuristic Menus in Illustrator_2013
2013-06-12 06:57 - 2013-05-08 21:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 06:30 - 2013-05-08 19:58 - 00000000 ____D C:\ProgramData\Adobe
2013-06-12 06:29 - 2013-05-08 21:36 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2013-06-11 17:27 - 2013-05-20 12:29 - 00000000 ____D C:\Users\Alex\workspace
2013-06-09 15:10 - 2013-05-26 14:38 - 00000000 ____D C:\Users\Alex\Documents\Alcohol 52%
2013-06-09 15:00 - 2013-06-08 21:29 - 00000000 ____D C:\Users\Alex\Desktop\FF8
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ePSXe180_Starter_Pack
2013-06-08 19:06 - 2013-05-31 21:26 - 00000000 ____D C:\Users\Alex\AppData\Local\Deployment
2013-06-08 16:08 - 2013-06-15 14:36 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 14:36 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 14:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 14:36 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 14:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 21:52 - 2013-06-07 21:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Awesomium
2013-06-07 21:47 - 2013-05-08 19:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-07 21:47 - 2013-05-08 19:51 - 00000000 ____D C:\ProgramData\Skype
2013-06-07 16:36 - 2013-06-07 16:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-07 16:36 - 2013-05-19 21:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-06-06 20:34 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\Documents\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-06 19:16 - 2013-06-06 19:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-03 23:21 - 2013-05-09 23:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2013-06-03 07:49 - 2013-05-15 06:25 - 00000000 ____D C:\Windows\pss
2013-06-02 23:09 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OpenOffice.org
2013-06-02 12:49 - 2013-06-02 12:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-06-24 14:20
==================== End Of Log ============================
Mich wundern hier die 3 ZeroAccess Meldungen. Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03 Ran by Alex at 2013-07-01 13:56:47 Running from C:\Users\Alex\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 3.3.0.29625) Adobe AIR (x32 Version: 3.1.0.4880) Adobe Edge Animate (x32 Version: 1.5) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Flash Professional CS6 (x32 Version: 12.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.4.4) Audacity 2.0.3 (x32 Version: 2.0.3) Aureon 5.1 PCI Avira Free Antivirus (x32 Version: 13.0.0.3737) Cisco Packet Tracer 5.3.3 (x32) Counter-Strike: Source (x32) DAEMON Tools Ultra (x32 Version: 1.1.0.0101) EAX(tm) Unified (SHELL) (x32) FileZilla Client 3.7.0.1 (x32 Version: 3.7.0.1) FlashDevelop 4.4.0 (x32 Version: 4.4.0-RTM) Google Chrome (x32 Version: 27.0.1453.116) Google Update Helper (x32 Version: 1.3.21.149) HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (Version: 25.0.571.0) HP Deskjet 3070 B611 series Hilfe (x32 Version: 140.0.2.2) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209) Java 7 Update 21 (64-bit) (Version: 7.0.210) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) LAME v3.99.3 (for Windows) (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000) Microsoft Help Viewer 1.0 (Version: 1.0.30319) Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319) Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) NVIDIA 3D Vision Treiber 314.22 (Version: 314.22) NVIDIA Grafiktreiber 314.22 (Version: 314.22) NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1) NVIDIA Install Application (Version: 2.1002.124.810) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422) NVIDIA Systemsteuerung 314.22 (Version: 314.22) NVIDIA Update 1.12.12 (Version: 1.12.12) NVIDIA Update Components (Version: 1.12.12) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Pidgin (x32 Version: 2.10.7) Skype™ 6.3 (x32 Version: 6.3.107) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (HKCU Version: 3.0.10) Unity (x32 Version: ) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) VLC media player 2.0.6 (x32 Version: 2.0.6) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 23-06-2013 22:38:54 DirectX wurde installiert 30-06-2013 20:47:29 zoek.exe restore point 30-06-2013 21:11:58 OTL Restore Point - 30.06.2013 23:11:55 01-07-2013 01:03:53 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {4A86B5F4-FBC8-420F-8257-BCC561100BAC} - System32\Tasks\hpUrlLauncher.exe_{1E150443-62FA-4132-9680-6338B27EF999} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe [2011-06-08] (Hewlett-Packard Co.) Task: {643D1053-A777-4887-8062-69DE8CF36260} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.) Task: {DAE117EE-4175-42E9-A951-9A6CF1E7D006} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.) Task: {F731EDB7-5D47-480C-B892-7A08288B3FE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-Maus Description: Microsoft PS/2-Maus Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: High Definition Audio-Gerät Description: High Definition Audio-Gerät Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/01/2013 11:29:14 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 03:02:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 00:42:10 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 00:06:17 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 10:53:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 10:50:12 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 10:44:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x756fc9f1 ID des fehlerhaften Prozesses: 0xfa0 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/30/2013 10:43:34 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x756fc9f1 ID des fehlerhaften Prozesses: 0x5ec Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/30/2013 10:39:32 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x756fc9f1 ID des fehlerhaften Prozesses: 0x81c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/30/2013 10:32:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/01/2013 11:29:50 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinDefend" wurde mit folgendem Fehler beendet: %%5 Error: (07/01/2013 03:02:40 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinDefend" wurde mit folgendem Fehler beendet: %%5 Error: (07/01/2013 00:42:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinDefend" wurde mit folgendem Fehler beendet: %%5 Error: (07/01/2013 00:06:49 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinDefend" wurde mit folgendem Fehler beendet: %%5 Error: (06/30/2013 10:56:54 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "BFE" wurde mit folgendem Fehler beendet: %%5 Error: (06/30/2013 10:52:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error: (06/30/2013 10:52:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (06/30/2013 10:48:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error: (06/30/2013 10:48:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (06/30/2013 10:30:57 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Microsoft Office Sessions: ========================= Error: (07/01/2013 11:29:14 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 03:02:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 00:42:10 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 00:06:17 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 10:53:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 10:50:12 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 10:44:34 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005756fc9f1fa001ce75d2a11d237bC:\Windows\SysWOW64\svchost.exeunknowndeccf260-e1c5-11e2-8761-902b3413699c Error: (06/30/2013 10:43:34 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005756fc9f15ec01ce75d27c776ae2C:\Windows\SysWOW64\svchost.exeunknownbaf64095-e1c5-11e2-8761-902b3413699c Error: (06/30/2013 10:39:32 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005756fc9f181c01ce75d1ece1cbb5C:\Windows\SysWOW64\svchost.exeunknown2aebbf6b-e1c5-11e2-8761-902b3413699c Error: (06/30/2013 10:32:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 4058.5 MB Available physical RAM: 2450.09 MB Total Pagefile: 8115.19 MB Available Pagefile: 6064.8 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.29 GB) (Free:798.43 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000) Partition: GPT Partition Type ==================== End Of Log ============================ Vielen Dank! |
|
01.07.2013, 13:39
| #6 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC - services.exe anscheinend infiziert. Mich wundern die nicht Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
und ein frisches FRST Log bitte.
__________________ --> W32/Patched.UC - services.exe anscheinend infiziert. |
|
01.07.2013, 13:45
| #7 |
| | W32/Patched.UC - services.exe anscheinend infiziert.Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Alex at 2013-07-01 14:42:34 Run:1
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====
 Code:
ATTFilter Die Datei 'C:\FRST\Quarantine\Desktop.ini'
enthielt einen Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.
Danke. |
|
01.07.2013, 13:49
| #8 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC - services.exe anscheinend infiziert. Av Programm bei sowas immer abstellen Neues FRST Scanlog bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 13:52
| #9 |
| | W32/Patched.UC - services.exe anscheinend infiziert. Oops, sorry. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Alex at 2013-07-01 14:51:18 Run:2
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================
C:\Windows\assembly\GAC_32\Desktop.ini => File/Directory not found.
C:\Windows\assembly\GAC_64\Desktop.ini => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====
|
|
01.07.2013, 14:12
| #10 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC - services.exe anscheinend infiziert. ein frisches Scanlog mit FRST bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 14:21
| #11 |
| | W32/Patched.UC - services.exe anscheinend infiziert. Omg was ist mit meinen Augen heut los. Bitte entschuldige, Scanlog natürlich FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Alex (administrator) on 01-07-2013 15:16:36
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd [8151040 2009-09-07] (C-Media Corporation)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun [3123744 2013-05-23] (Disc Soft Ltd)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 85.214.243.38:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {F4999599-089C-4EC5-9775-2500B3FAA8B3} URL = hxxp://nova.rambler.ru/search?query={searchTerms}&utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default
FF SearchEngine: Rambler
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://nova.rambler.ru/search?utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01&query=
FF NetworkProxy: "http", "188.40.116.55"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\ich@maltegoetz.de
FF Extension: admin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: garg_sms - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\garg_sms@yahoo.in.xpi
FF Extension: jid0-UVAeBCfd34Kk5usS8A1CBiobvM8 - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
FF Extension: openwith - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\openwith@darktrojan.net.xpi
FF Extension: testpilot - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: vk - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\vk@sergeykolosov.mp.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-05-23] (Disc Soft Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-08] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-05-26] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-26] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 13:56 - 2013-07-01 14:42 - 00000000 ____D C:\FRST
2013-07-01 13:55 - 2013-07-01 13:55 - 01933758 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-07-01 02:59 - 2013-07-01 02:59 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-07-01 02:59 - 2013-07-01 02:59 - 00000000 ____D C:\Support
2013-07-01 02:56 - 2013-07-01 02:56 - 00360914 ____A C:\Users\Alex\Downloads\KillZA.zip
2013-07-01 01:15 - 2013-07-01 01:15 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 01:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 00:30 - 2013-07-01 00:30 - 00377856 ____A C:\Users\Alex\Downloads\gmer_2.1.19163.exe
2013-07-01 00:06 - 2013-07-01 00:06 - 00602112 ____A (OldTimer Tools) C:\Users\Alex\Downloads\OTL.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00050477 ____A C:\Users\Alex\Downloads\Defogger.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00000580 ____A C:\Users\Alex\Downloads\defogger_disable.log
2013-07-01 00:03 - 2013-07-01 00:03 - 00000020 ____A C:\Users\Alex\defogger_reenable
2013-06-30 23:41 - 2013-07-01 14:42 - 00000000 ____D C:\Users\Alex\Desktop\backup
2013-06-30 22:50 - 2013-06-30 22:50 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-06-30 14:21 - 2013-06-30 14:21 - 00000000 ____D C:\Users\Alex\Documents\assets_0002
2013-06-30 13:23 - 2013-07-01 14:28 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 13:23 - 2013-07-01 13:28 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 13:23 - 2013-06-30 13:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2013-06-30 13:23 - 2013-06-30 13:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 13:14 - 2013-06-30 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Movies Extractor Scout
2013-06-30 01:09 - 2013-06-30 01:09 - 00000000 ____D C:\Users\Alex\Downloads\Ultimate Symbol
2013-06-30 01:04 - 2013-06-30 01:18 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-28 21:11 - 2013-06-28 21:11 - 00000218 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-06-28 18:42 - 2013-06-28 18:42 - 00000000 ____D C:\Users\Alex\Downloads\3 - Introduction to Unity 3D API
2013-06-27 13:16 - 2013-06-30 20:16 - 00000000 ____D C:\Users\Alex\Documents\Battlefield_ChessBoard
2013-06-26 15:39 - 2013-06-26 15:39 - 00000000 ____D C:\Users\Alex\Documents\Adobe
2013-06-25 19:38 - 2013-06-25 22:17 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
2013-06-25 19:30 - 2013-06-30 21:57 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.purple
2013-06-25 19:30 - 2013-06-25 19:30 - 00000000 ____D C:\Program Files (x86)\Pidgin
2013-06-24 19:57 - 2013-06-24 19:58 - 00000000 ____D C:\Users\Alex\Downloads\Introduction.to.C.sharp.in.Unity.3.5
2013-06-24 19:52 - 2013-06-24 19:53 - 00000000 ____D C:\Users\Alex\Downloads\Introduction to Unity 4 [06.05.2013]
2013-06-24 16:00 - 2013-06-27 13:16 - 00000000 ___AD C:\Users\Alex\Documents\Terrain
2013-06-24 15:55 - 2013-06-28 21:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\stetic
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8
2013-06-23 13:09 - 2013-06-23 13:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 12:48 - 2013-06-22 12:49 - 00000000 ____D C:\Users\Alex\Downloads\User Interface Design
2013-06-22 08:51 - 2013-06-27 15:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2013-06-22 08:50 - 2013-06-30 18:04 - 00000000 ____D C:\ProgramData\Unity
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2013-06-22 08:47 - 2013-06-22 08:49 - 00000000 ____D C:\Program Files (x86)\Unity
2013-06-22 00:32 - 2013-06-23 09:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2013-06-21 13:59 - 2013-06-30 22:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-06-21 13:51 - 2013-06-21 13:51 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3 Client
2013-06-19 19:29 - 2013-06-26 15:41 - 00000132 ____A C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-19 13:17 - 2013-06-30 23:43 - 00000000 ____D C:\Users\Alex\Desktop\Musik
2013-06-16 21:58 - 2013-06-30 23:49 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-06-16 21:05 - 2013-06-16 21:06 - 00000000 ____D C:\Users\Alex\Downloads\Designing Futuristic Menus in Illustrator_2013
2013-06-15 14:36 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 14:36 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 14:36 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 14:36 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 14:36 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 06:56 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 06:56 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 06:56 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 06:56 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 06:56 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 06:56 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 05:51 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 05:51 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 05:51 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 05:51 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 05:51 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 05:51 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 05:51 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 05:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 05:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 05:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 05:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 05:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 05:51 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 05:51 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 05:51 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 05:51 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ePSXe180_Starter_Pack
2013-06-08 21:29 - 2013-06-09 15:00 - 00000000 ____D C:\Users\Alex\Desktop\FF8
2013-06-07 21:52 - 2013-06-30 23:48 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-06-07 21:52 - 2013-06-30 23:48 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-06-07 21:52 - 2013-06-07 21:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Awesomium
2013-06-07 16:36 - 2013-06-07 16:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-06 20:28 - 2013-06-06 20:34 - 00000000 ____D C:\Users\Alex\Documents\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-06 19:16 - 2013-06-30 18:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-06-06 19:16 - 2013-06-06 19:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-02 23:09 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OpenOffice.org
2013-06-02 12:49 - 2013-06-02 12:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
==================== One Month Modified Files and Folders =======
2013-07-01 15:16 - 2013-05-10 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-01 15:09 - 2013-05-08 19:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-01 14:50 - 2013-05-08 19:58 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 14:42 - 2013-07-01 13:56 - 00000000 ____D C:\FRST
2013-07-01 14:42 - 2013-06-30 23:41 - 00000000 ____D C:\Users\Alex\Desktop\backup
2013-07-01 14:28 - 2013-06-30 13:23 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 14:01 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 14:01 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 13:55 - 2013-07-01 13:55 - 01933758 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-07-01 13:28 - 2013-06-30 13:23 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 12:48 - 2013-05-08 19:25 - 02012688 ____A C:\Windows\WindowsUpdate.log
2013-07-01 11:31 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-07-01 11:31 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-07-01 11:31 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 11:27 - 2013-05-25 08:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 11:27 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 11:27 - 2009-07-14 06:51 - 00034347 ____A C:\Windows\setupact.log
2013-07-01 03:06 - 2013-05-18 20:14 - 01589442 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-01 02:59 - 2013-07-01 02:59 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-07-01 02:59 - 2013-07-01 02:59 - 00000000 ____D C:\Support
2013-07-01 02:59 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 02:56 - 2013-07-01 02:56 - 00360914 ____A C:\Users\Alex\Downloads\KillZA.zip
2013-07-01 01:15 - 2013-07-01 01:15 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 00:30 - 2013-07-01 00:30 - 00377856 ____A C:\Users\Alex\Downloads\gmer_2.1.19163.exe
2013-07-01 00:06 - 2013-07-01 00:06 - 00602112 ____A (OldTimer Tools) C:\Users\Alex\Downloads\OTL.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00050477 ____A C:\Users\Alex\Downloads\Defogger.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00000580 ____A C:\Users\Alex\Downloads\defogger_disable.log
2013-07-01 00:03 - 2013-07-01 00:03 - 00000020 ____A C:\Users\Alex\defogger_reenable
2013-07-01 00:03 - 2013-05-08 19:25 - 00000000 ____D C:\users\Alex
2013-06-30 23:49 - 2013-06-16 21:58 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-06-30 23:48 - 2013-06-07 21:52 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-06-30 23:48 - 2013-06-07 21:52 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-06-30 23:48 - 2013-05-08 19:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-30 23:43 - 2013-06-19 13:17 - 00000000 ____D C:\Users\Alex\Desktop\Musik
2013-06-30 23:40 - 2013-05-09 09:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2013-06-30 23:38 - 2013-05-22 23:00 - 00006407 ____A C:\Users\Alex\Desktop\Shutdown.lnk
2013-06-30 23:38 - 2013-05-18 20:16 - 00000000 ____D C:\Users\Alex\Documents\My Games
2013-06-30 23:37 - 2013-05-22 23:02 - 00000000 ____D C:\Users\Alex\Desktop\Illustrator
2013-06-30 22:51 - 2010-11-21 05:47 - 00011312 ____A C:\Windows\PFRO.log
2013-06-30 22:50 - 2013-06-30 22:50 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-06-30 22:39 - 2013-05-08 19:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-30 22:39 - 2013-05-08 19:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-30 22:06 - 2013-06-21 13:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-06-30 21:57 - 2013-06-25 19:30 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.purple
2013-06-30 20:16 - 2013-06-27 13:16 - 00000000 ____D C:\Users\Alex\Documents\Battlefield_ChessBoard
2013-06-30 18:04 - 2013-06-22 08:50 - 00000000 ____D C:\ProgramData\Unity
2013-06-30 18:00 - 2013-06-06 19:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-06-30 14:21 - 2013-06-30 14:21 - 00000000 ____D C:\Users\Alex\Documents\assets_0002
2013-06-30 13:24 - 2013-06-30 13:23 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2013-06-30 13:24 - 2013-06-30 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 13:14 - 2013-06-30 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Movies Extractor Scout
2013-06-30 13:03 - 2013-05-08 19:26 - 00000000 ____D C:\Users\Alex\AppData\Local\VirtualStore
2013-06-30 01:18 - 2013-06-30 01:04 - 00000000 ____D C:\ProgramData\AMMYY
2013-06-30 01:09 - 2013-06-30 01:09 - 00000000 ____D C:\Users\Alex\Downloads\Ultimate Symbol
2013-06-28 21:11 - 2013-06-28 21:11 - 00000218 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-06-28 21:04 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-28 18:42 - 2013-06-28 18:42 - 00000000 ____D C:\Users\Alex\Downloads\3 - Introduction to Unity 3D API
2013-06-27 21:07 - 2013-05-14 16:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FileZilla
2013-06-27 15:13 - 2013-06-22 08:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2013-06-27 13:16 - 2013-06-24 16:00 - 00000000 ___AD C:\Users\Alex\Documents\Terrain
2013-06-27 11:46 - 2013-05-09 08:23 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-27 11:40 - 2009-07-14 06:45 - 04920928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-26 15:41 - 2013-06-19 19:29 - 00000132 ____A C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-26 15:39 - 2013-06-26 15:39 - 00000000 ____D C:\Users\Alex\Documents\Adobe
2013-06-26 15:39 - 2013-05-08 19:58 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2013-06-26 14:36 - 2013-05-08 21:28 - 00065992 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-25 22:17 - 2013-06-25 19:38 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
2013-06-25 19:30 - 2013-06-25 19:30 - 00000000 ____D C:\Program Files (x86)\Pidgin
2013-06-24 20:04 - 2013-06-24 20:03 - 00000000 ____D C:\Users\Alex\Downloads\Unity 3.5 Assets Materials and Terrain
2013-06-24 19:58 - 2013-06-24 19:57 - 00000000 ____D C:\Users\Alex\Downloads\Introduction.to.C.sharp.in.Unity.3.5
2013-06-24 19:53 - 2013-06-24 19:52 - 00000000 ____D C:\Users\Alex\Downloads\Introduction to Unity 4 [06.05.2013]
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\stetic
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8
2013-06-24 00:39 - 2013-05-10 16:18 - 00063120 ____A C:\Windows\DirectX.log
2013-06-23 13:09 - 2013-06-23 13:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 13:09 - 2013-05-09 08:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:09 - 2013-05-09 08:48 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 09:55 - 2013-06-22 00:32 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2013-06-22 12:49 - 2013-06-22 12:48 - 00000000 ____D C:\Users\Alex\Downloads\User Interface Design
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2013-06-22 08:49 - 2013-06-22 08:47 - 00000000 ____D C:\Program Files (x86)\Unity
2013-06-22 02:36 - 2013-05-20 12:15 - 00000000 ____D C:\Program Files (x86)\Eclipse
2013-06-21 13:51 - 2013-06-21 13:51 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3 Client
2013-06-20 15:34 - 2013-05-25 16:09 - 00000000 ____D C:\Program Files (x86)\YGOPro
2013-06-16 21:06 - 2013-06-16 21:05 - 00000000 ____D C:\Users\Alex\Downloads\Designing Futuristic Menus in Illustrator_2013
2013-06-12 06:57 - 2013-05-08 21:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 06:30 - 2013-05-08 19:58 - 00000000 ____D C:\ProgramData\Adobe
2013-06-12 06:29 - 2013-05-08 21:36 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2013-06-11 17:27 - 2013-05-20 12:29 - 00000000 ____D C:\Users\Alex\workspace
2013-06-09 15:10 - 2013-05-26 14:38 - 00000000 ____D C:\Users\Alex\Documents\Alcohol 52%
2013-06-09 15:00 - 2013-06-08 21:29 - 00000000 ____D C:\Users\Alex\Desktop\FF8
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ePSXe180_Starter_Pack
2013-06-08 19:06 - 2013-05-31 21:26 - 00000000 ____D C:\Users\Alex\AppData\Local\Deployment
2013-06-08 16:08 - 2013-06-15 14:36 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 14:36 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 14:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 14:36 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 14:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 21:52 - 2013-06-07 21:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Awesomium
2013-06-07 21:47 - 2013-05-08 19:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-07 21:47 - 2013-05-08 19:51 - 00000000 ____D C:\ProgramData\Skype
2013-06-07 16:36 - 2013-06-07 16:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-07 16:36 - 2013-05-19 21:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-06-06 20:34 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\Documents\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-06 19:16 - 2013-06-06 19:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-03 23:21 - 2013-05-09 23:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2013-06-03 07:49 - 2013-05-15 06:25 - 00000000 ____D C:\Windows\pss
2013-06-02 23:09 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OpenOffice.org
2013-06-02 12:49 - 2013-06-02 12:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 14:20
==================== End Of Log ============================
|
|
01.07.2013, 16:00
| #12 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC - services.exe anscheinend infiziert. Much better Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 19:31
| #13 |
| | W32/Patched.UC - services.exe anscheinend infiziert. So, konnte erst jetzt fertigmachen, ESET hat 2 Stunden gebraucht, das bei nur knapp 0.2TB. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 01/07/2013 um 17:05:44 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Alex - ALEX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\jetpack
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\prefs.js
Gelöscht : user_pref("extensions.quickstores@quickstores.de.install-event-fired", true);
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1136 octets] - [01/07/2013 17:05:44]
########## EOF - C:\AdwCleaner[S1].txt - [1196 octets] ##########
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Alex on 01.07.2013 at 17:11:04,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\Users\Alex\AppData\Roaming\rambler"
Successfully deleted: [Folder] "C:\Users\Alex\appdata\local\rambler"
~~~ FireFox
Successfully deleted: [File] "C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi"
Successfully deleted the following from C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\prefs.js
user_pref("extensions.jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.install-event-fired", true);
Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\is9fj2c3.default\minidumps [639 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2013 at 17:12:58,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91210b99f765214b8d5fe9c3058dd89b
# engine=14224
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-01 05:12:58
# local_time=2013-07-01 07:12:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 27622 4663495 20412 0
# compatibility_mode=5893 16776574 100 94 70104555 124328628 0 0
# scanned=243888
# found=3
# cleaned=0
# scan_time=6898
sh=A0E57BAC8B2A6FF64937D45029FF31FA0F873B30 ft=1 fh=bbc320f44d9ef8bc vn="Win64/Sirefef.W trojan" ac=I fn="C:\FRST\Quarantine\Desktop.ini"
sh=72900F55538091633FB12E9A6A4E0446068D3D06 ft=1 fh=e50106018ed32cbe vn="Win32/Neurevt.A trojan" ac=I fn="C:\Users\Alex\Desktop\backup\memboost\memBoost.exe"
sh=CCB938D9BEA1626D4786D96ED26A96EE392E314B ft=1 fh=0c5d2e9df5c5a0a5 vn="Win64/Patched.A.Gen trojan" ac=I fn="C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01ce75f616ca5154.0000"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Alex (administrator) on 01-07-2013 20:19:54
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd [8151040 2009-09-07] (C-Media Corporation)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun [3123744 2013-05-23] (Disc Soft Ltd)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
ProxyServer: 85.214.243.38:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {F4999599-089C-4EC5-9775-2500B3FAA8B3} URL = hxxp://nova.rambler.ru/search?query={searchTerms}&utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default
FF SearchEngine: Rambler
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://nova.rambler.ru/search?utm_source=r44&utm_medium=distribution&utm_content=e09&utm_campaign=c01&query=
FF NetworkProxy: "http", "188.40.116.55"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\ich@maltegoetz.de
FF Extension: admin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: garg_sms - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\garg_sms@yahoo.in.xpi
FF Extension: openwith - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\openwith@darktrojan.net.xpi
FF Extension: testpilot - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: vk - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\vk@sergeykolosov.mp.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\is9fj2c3.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-05-23] (Disc Soft Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-08] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-05-26] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-26] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 20:18 - 2013-07-01 20:18 - 00890988 ____A C:\Users\Alex\Desktop\SecurityCheck.exe
2013-07-01 17:16 - 2013-07-01 17:16 - 02347384 ____A (ESET) C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe
2013-07-01 17:12 - 2013-07-01 17:12 - 00001333 ____A C:\Users\Alex\Desktop\JRT.txt
2013-07-01 17:11 - 2013-07-01 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 17:10 - 2013-07-01 17:10 - 00000000 ____D C:\JRT
2013-07-01 17:09 - 2013-07-01 17:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Alex\Downloads\JRT.exe
2013-07-01 17:05 - 2013-07-01 17:06 - 00001265 ____A C:\Users\Alex\Desktop\AdwCleaner[S1].txt
2013-07-01 17:02 - 2013-07-01 17:02 - 00648201 ____A C:\Users\Alex\Desktop\adwcleaner.exe
2013-07-01 13:56 - 2013-07-01 14:42 - 00000000 ____D C:\FRST
2013-07-01 13:55 - 2013-07-01 13:55 - 01933758 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-07-01 02:59 - 2013-07-01 02:59 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-07-01 02:59 - 2013-07-01 02:59 - 00000000 ____D C:\Support
2013-07-01 02:56 - 2013-07-01 02:56 - 00360914 ____A C:\Users\Alex\Downloads\KillZA.zip
2013-07-01 01:15 - 2013-07-01 01:15 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 01:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 00:30 - 2013-07-01 00:30 - 00377856 ____A C:\Users\Alex\Downloads\gmer_2.1.19163.exe
2013-07-01 00:06 - 2013-07-01 00:06 - 00602112 ____A (OldTimer Tools) C:\Users\Alex\Downloads\OTL.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00050477 ____A C:\Users\Alex\Downloads\Defogger.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00000580 ____A C:\Users\Alex\Downloads\defogger_disable.log
2013-07-01 00:03 - 2013-07-01 00:03 - 00000020 ____A C:\Users\Alex\defogger_reenable
2013-06-30 23:41 - 2013-07-01 14:42 - 00000000 ____D C:\Users\Alex\Desktop\backup
2013-06-30 22:50 - 2013-06-30 22:50 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-06-30 14:21 - 2013-06-30 14:21 - 00000000 ____D C:\Users\Alex\Documents\assets_0002
2013-06-30 13:23 - 2013-07-01 20:13 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 13:23 - 2013-07-01 17:07 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 13:23 - 2013-06-30 13:24 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2013-06-30 13:23 - 2013-06-30 13:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 13:14 - 2013-06-30 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Movies Extractor Scout
2013-06-30 01:09 - 2013-06-30 01:09 - 00000000 ____D C:\Users\Alex\Downloads\Ultimate Symbol
2013-06-28 21:11 - 2013-06-28 21:11 - 00000218 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-06-28 18:42 - 2013-06-28 18:42 - 00000000 ____D C:\Users\Alex\Downloads\3 - Introduction to Unity 3D API
2013-06-27 13:16 - 2013-06-30 20:16 - 00000000 ____D C:\Users\Alex\Documents\Battlefield_ChessBoard
2013-06-26 15:39 - 2013-06-26 15:39 - 00000000 ____D C:\Users\Alex\Documents\Adobe
2013-06-25 19:38 - 2013-06-25 22:17 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
2013-06-25 19:30 - 2013-06-30 21:57 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.purple
2013-06-25 19:30 - 2013-06-25 19:30 - 00000000 ____D C:\Program Files (x86)\Pidgin
2013-06-24 19:57 - 2013-06-24 19:58 - 00000000 ____D C:\Users\Alex\Downloads\Introduction.to.C.sharp.in.Unity.3.5
2013-06-24 19:52 - 2013-06-24 19:53 - 00000000 ____D C:\Users\Alex\Downloads\Introduction to Unity 4 [06.05.2013]
2013-06-24 16:00 - 2013-06-27 13:16 - 00000000 ___AD C:\Users\Alex\Documents\Terrain
2013-06-24 15:55 - 2013-06-28 21:04 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\stetic
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8
2013-06-23 13:09 - 2013-06-23 13:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 12:48 - 2013-06-22 12:49 - 00000000 ____D C:\Users\Alex\Downloads\User Interface Design
2013-06-22 08:51 - 2013-06-27 15:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2013-06-22 08:50 - 2013-06-30 18:04 - 00000000 ____D C:\ProgramData\Unity
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2013-06-22 08:47 - 2013-06-22 08:49 - 00000000 ____D C:\Program Files (x86)\Unity
2013-06-22 00:32 - 2013-06-23 09:55 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2013-06-21 13:59 - 2013-06-30 22:06 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-06-21 13:51 - 2013-06-21 13:51 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3 Client
2013-06-19 19:29 - 2013-06-26 15:41 - 00000132 ____A C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-19 13:17 - 2013-06-30 23:43 - 00000000 ____D C:\Users\Alex\Desktop\Musik
2013-06-16 21:58 - 2013-06-30 23:49 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-06-16 21:05 - 2013-06-16 21:06 - 00000000 ____D C:\Users\Alex\Downloads\Designing Futuristic Menus in Illustrator_2013
2013-06-15 14:36 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 14:36 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 14:36 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 14:36 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 14:36 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 14:36 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 14:36 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 06:56 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 06:56 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 06:56 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 06:56 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 06:56 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 06:56 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 06:56 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 06:56 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 05:51 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 05:51 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 05:51 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 05:51 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 05:51 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 05:51 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 05:51 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 05:51 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 05:51 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 05:51 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 05:51 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 05:51 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 05:51 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 05:51 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 05:51 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 05:51 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 05:51 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ePSXe180_Starter_Pack
2013-06-08 21:29 - 2013-06-09 15:00 - 00000000 ____D C:\Users\Alex\Desktop\FF8
2013-06-07 21:52 - 2013-06-30 23:48 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-06-07 21:52 - 2013-06-30 23:48 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-06-07 21:52 - 2013-06-07 21:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Awesomium
2013-06-07 16:36 - 2013-06-07 16:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-06 20:28 - 2013-06-06 20:34 - 00000000 ____D C:\Users\Alex\Documents\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-06 19:16 - 2013-06-30 18:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-06-06 19:16 - 2013-06-06 19:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-02 23:09 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OpenOffice.org
2013-06-02 12:49 - 2013-06-02 12:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
==================== One Month Modified Files and Folders =======
2013-07-01 20:18 - 2013-07-01 20:18 - 00890988 ____A C:\Users\Alex\Desktop\SecurityCheck.exe
2013-07-01 20:13 - 2013-06-30 13:23 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 20:13 - 2013-05-08 19:58 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 18:25 - 2013-05-08 19:25 - 02033000 ____A C:\Windows\WindowsUpdate.log
2013-07-01 17:16 - 2013-07-01 17:16 - 02347384 ____A (ESET) C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe
2013-07-01 17:16 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-07-01 17:16 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-07-01 17:16 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 17:15 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:15 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:12 - 2013-07-01 17:12 - 00001333 ____A C:\Users\Alex\Desktop\JRT.txt
2013-07-01 17:11 - 2013-07-01 17:11 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 17:10 - 2013-07-01 17:10 - 00000000 ____D C:\JRT
2013-07-01 17:09 - 2013-07-01 17:09 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Alex\Downloads\JRT.exe
2013-07-01 17:07 - 2013-06-30 13:23 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 17:07 - 2013-05-25 08:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 17:07 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 17:07 - 2009-07-14 06:51 - 00034403 ____A C:\Windows\setupact.log
2013-07-01 17:06 - 2013-07-01 17:05 - 00001265 ____A C:\Users\Alex\Desktop\AdwCleaner[S1].txt
2013-07-01 17:05 - 2013-05-10 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-01 17:02 - 2013-07-01 17:02 - 00648201 ____A C:\Users\Alex\Desktop\adwcleaner.exe
2013-07-01 15:09 - 2013-05-08 19:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-01 14:42 - 2013-07-01 13:56 - 00000000 ____D C:\FRST
2013-07-01 14:42 - 2013-06-30 23:41 - 00000000 ____D C:\Users\Alex\Desktop\backup
2013-07-01 13:55 - 2013-07-01 13:55 - 01933758 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-07-01 03:06 - 2013-05-18 20:14 - 01589442 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-01 02:59 - 2013-07-01 02:59 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll
2013-07-01 02:59 - 2013-07-01 02:59 - 00000000 ____D C:\Support
2013-07-01 02:59 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 02:56 - 2013-07-01 02:56 - 00360914 ____A C:\Users\Alex\Downloads\KillZA.zip
2013-07-01 01:15 - 2013-07-01 01:15 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 01:15 - 2013-07-01 01:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 00:30 - 2013-07-01 00:30 - 00377856 ____A C:\Users\Alex\Downloads\gmer_2.1.19163.exe
2013-07-01 00:06 - 2013-07-01 00:06 - 00602112 ____A (OldTimer Tools) C:\Users\Alex\Downloads\OTL.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00050477 ____A C:\Users\Alex\Downloads\Defogger.exe
2013-07-01 00:03 - 2013-07-01 00:03 - 00000580 ____A C:\Users\Alex\Downloads\defogger_disable.log
2013-07-01 00:03 - 2013-07-01 00:03 - 00000020 ____A C:\Users\Alex\defogger_reenable
2013-07-01 00:03 - 2013-05-08 19:25 - 00000000 ____D C:\users\Alex
2013-06-30 23:49 - 2013-06-16 21:58 - 00000000 ____D C:\Program Files (x86)\eFusion
2013-06-30 23:48 - 2013-06-07 21:52 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-06-30 23:48 - 2013-06-07 21:52 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-06-30 23:48 - 2013-05-08 19:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-30 23:43 - 2013-06-19 13:17 - 00000000 ____D C:\Users\Alex\Desktop\Musik
2013-06-30 23:40 - 2013-05-09 09:53 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2013-06-30 23:38 - 2013-05-22 23:00 - 00006407 ____A C:\Users\Alex\Desktop\Shutdown.lnk
2013-06-30 23:38 - 2013-05-18 20:16 - 00000000 ____D C:\Users\Alex\Documents\My Games
2013-06-30 23:37 - 2013-05-22 23:02 - 00000000 ____D C:\Users\Alex\Desktop\Illustrator
2013-06-30 22:51 - 2010-11-21 05:47 - 00011312 ____A C:\Windows\PFRO.log
2013-06-30 22:50 - 2013-06-30 22:50 - 00024064 ____A C:\Windows\zoek-delete.exe
2013-06-30 22:39 - 2013-05-08 19:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-30 22:39 - 2013-05-08 19:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-30 22:06 - 2013-06-21 13:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2013-06-30 21:57 - 2013-06-25 19:30 - 00000000 ____D C:\Users\Alex\AppData\Roaming\.purple
2013-06-30 20:16 - 2013-06-27 13:16 - 00000000 ____D C:\Users\Alex\Documents\Battlefield_ChessBoard
2013-06-30 18:04 - 2013-06-22 08:50 - 00000000 ____D C:\ProgramData\Unity
2013-06-30 18:00 - 2013-06-06 19:16 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2013-06-30 14:21 - 2013-06-30 14:21 - 00000000 ____D C:\Users\Alex\Documents\assets_0002
2013-06-30 13:24 - 2013-06-30 13:23 - 00000000 ____D C:\Users\Alex\AppData\Local\Google
2013-06-30 13:24 - 2013-06-30 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 13:14 - 2013-06-30 13:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Movies Extractor Scout
2013-06-30 13:03 - 2013-05-08 19:26 - 00000000 ____D C:\Users\Alex\AppData\Local\VirtualStore
2013-06-30 01:09 - 2013-06-30 01:09 - 00000000 ____D C:\Users\Alex\Downloads\Ultimate Symbol
2013-06-28 21:11 - 2013-06-28 21:11 - 00000218 ____A C:\Users\Alex\AppData\Local\recently-used.xbel
2013-06-28 21:04 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\MonoDevelop-Unity-2.8
2013-06-28 18:42 - 2013-06-28 18:42 - 00000000 ____D C:\Users\Alex\Downloads\3 - Introduction to Unity 3D API
2013-06-27 21:07 - 2013-05-14 16:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\FileZilla
2013-06-27 15:13 - 2013-06-22 08:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Unity
2013-06-27 13:16 - 2013-06-24 16:00 - 00000000 ___AD C:\Users\Alex\Documents\Terrain
2013-06-27 11:46 - 2013-05-09 08:23 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-27 11:40 - 2009-07-14 06:45 - 04920928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-26 15:41 - 2013-06-19 19:29 - 00000132 ____A C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-26 15:39 - 2013-06-26 15:39 - 00000000 ____D C:\Users\Alex\Documents\Adobe
2013-06-26 15:39 - 2013-05-08 19:58 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2013-06-26 14:36 - 2013-05-08 21:28 - 00065992 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-25 22:17 - 2013-06-25 19:38 - 00000000 ____D C:\Users\Alex\AppData\Local\gtk-2.0
2013-06-25 19:30 - 2013-06-25 19:30 - 00000000 ____D C:\Program Files (x86)\Pidgin
2013-06-24 19:58 - 2013-06-24 19:57 - 00000000 ____D C:\Users\Alex\Downloads\Introduction.to.C.sharp.in.Unity.3.5
2013-06-24 19:53 - 2013-06-24 19:52 - 00000000 ____D C:\Users\Alex\Downloads\Introduction to Unity 4 [06.05.2013]
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Roaming\stetic
2013-06-24 15:55 - 2013-06-24 15:55 - 00000000 ____D C:\Users\Alex\AppData\Local\MonoDevelop-Unity-2.8
2013-06-24 00:39 - 2013-05-10 16:18 - 00063120 ____A C:\Windows\DirectX.log
2013-06-23 13:09 - 2013-06-23 13:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-23 13:09 - 2013-06-23 13:09 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-23 13:09 - 2013-06-23 13:09 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-23 13:09 - 2013-05-09 08:48 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-23 13:09 - 2013-05-09 08:48 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-23 09:55 - 2013-06-22 00:32 - 00000000 ____D C:\Users\Alex\AppData\Local\Unity
2013-06-22 12:49 - 2013-06-22 12:48 - 00000000 ____D C:\Users\Alex\Downloads\User Interface Design
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Apple Computer
2013-06-22 08:50 - 2013-06-22 08:50 - 00000000 ____D C:\Users\Alex\AppData\Local\Apple Computer
2013-06-22 08:49 - 2013-06-22 08:47 - 00000000 ____D C:\Program Files (x86)\Unity
2013-06-22 02:36 - 2013-05-20 12:15 - 00000000 ____D C:\Program Files (x86)\Eclipse
2013-06-21 13:51 - 2013-06-21 13:51 - 00000000 ____D C:\Users\Alex\AppData\Local\TeamSpeak 3 Client
2013-06-20 15:34 - 2013-05-25 16:09 - 00000000 ____D C:\Program Files (x86)\YGOPro
2013-06-16 21:06 - 2013-06-16 21:05 - 00000000 ____D C:\Users\Alex\Downloads\Designing Futuristic Menus in Illustrator_2013
2013-06-12 06:57 - 2013-05-08 21:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 06:30 - 2013-05-08 19:58 - 00000000 ____D C:\ProgramData\Adobe
2013-06-12 06:29 - 2013-05-08 21:36 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2013-06-11 17:27 - 2013-05-20 12:29 - 00000000 ____D C:\Users\Alex\workspace
2013-06-09 15:10 - 2013-05-26 14:38 - 00000000 ____D C:\Users\Alex\Documents\Alcohol 52%
2013-06-09 15:00 - 2013-06-08 21:29 - 00000000 ____D C:\Users\Alex\Desktop\FF8
2013-06-08 21:35 - 2013-06-08 21:35 - 00000000 ____D C:\Users\Alex\Desktop\ePSXe180_Starter_Pack
2013-06-08 19:06 - 2013-05-31 21:26 - 00000000 ____D C:\Users\Alex\AppData\Local\Deployment
2013-06-08 16:08 - 2013-06-15 14:36 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 14:36 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 14:36 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 14:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 14:36 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 14:36 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 14:36 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 21:52 - 2013-06-07 21:52 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Awesomium
2013-06-07 21:47 - 2013-05-08 19:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-07 21:47 - 2013-05-08 19:51 - 00000000 ____D C:\ProgramData\Skype
2013-06-07 16:36 - 2013-06-07 16:36 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-07 16:36 - 2013-05-19 21:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-06-06 20:34 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\Documents\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\Users\Alex\AppData\Local\Arma 3 Alpha Lite
2013-06-06 20:28 - 2013-06-06 20:28 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-06 19:16 - 2013-06-06 19:16 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-03 23:21 - 2013-05-09 23:38 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Audacity
2013-06-03 07:49 - 2013-05-15 06:25 - 00000000 ____D C:\Windows\pss
2013-06-02 23:09 - 2013-06-02 23:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\OpenOffice.org
2013-06-02 12:49 - 2013-06-02 12:49 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-24 14:20
==================== End Of Log ============================
--- --- --- Die memboost.exe ist eigentlich ein Ram-Cache-Cleaner was mir gute dienste erwiesen hat bisjetzt. ( Nachteile habe ich keine entdecken können, false-positive?) Edit: Achja die securitycheck software gibt mir eine Fehlermeldung aus das mein System nicht unterstützt wird. Gruß Alex Geändert von xelawebdev (01.07.2013 um 19:37 Uhr) |
|
01.07.2013, 19:38
| #14 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC - services.exe anscheinend infiziert. Jep Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01ce75f616ca5154.0000
ProxyServer: 85.214.243.38:3128
FF NetworkProxy: "http", "188.40.116.55"
FF NetworkProxy: "http_port", 8080
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 19:46
| #15 |
| | W32/Patched.UC - services.exe anscheinend infiziert.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Alex at 2013-07-01 20:42:11 Run:3
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01ce75f616ca5154.0000 => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
==== End of Fixlog ====
Wenn du mir sagst das alles ok laut Logs ist, dann wars das. |
|
| Themen zu W32/Patched.UC - services.exe anscheinend infiziert. |
| avira, entfernen, exe, firefox, flash player, ftp, helper, infiziert., mozilla, plug-in, programm, spam, svchost.exe, system, teamspeak, tr/atraps.gen2, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/sirefef.77312, virus, w32/patched.uc, windows |
Linear-Darstellung
