Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2013, 11:53   #1
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Guten Tag Community,
(auch wenn mein Tag nicht ganz so gut ist :P)
Zuerst einmal etwas hintergrund Info von mir.
Hatte gestern Probleme mit Google Chrome. Konnte auf viele websites nichtmehr zugreifen und bekam stattdessen immer die Meldung das die Sicherheitszertifikate wiederrufen wurden.
IE und Firefox funktionieren weiterhin problemlos. Hatte dann eine Vollstandige Suche, mit fast 3 Stunden Dauer, von Malwarebytes Anti-Malware durchgeführt, jedoch ohne Funde.
Als ich ein weiteres Programm downloaden wollte (Avast! Antivirus), sind mir seltsame Leistungseinbrüche bei der Downloadgeschwindigkeit aufgefallen. Ein blick in Netlimiter zeigte
mir dann warum. Anwendung für Dienste und Controller griff mehrmals die minute auf das Internet zu und verbrauchte dabei fast meine Gesamte Internetleistung (1,4-1,7 MB/s download und 300-400 KB/s upload). Habe nach dem abgeschlossenen Download von Avast! die Internetverbindung getrennt, Avast! installiert und durchlaufen lassen. Einziger fund war
C:\Windows\System32\services.exe mit dem im Titel benannten Win32:ZAccess-PB [Trj].
Zu einer reperatur war Avast! nicht fähig. Habe danach die Verbindung zum Internet wiederhergestellt und nun kommt mehrmals die minute von Avast! ein PopUp mit der Meldung das ein Zugriff erfolgreich Blockiert wurde.
Prozess: Services.exe
Infektion: Win32:ZAccess-PB [Trj]
Objekt: C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\80000064.@
Internettraffic von Anwendung für Dienste und Controller ist nun permanent auf einem sehr
geringen Wert (wenige bytes/s bis maximal 1 kb/s)
Jetzt ist guter Rat teuer, "muss" das System neu aufgesetzt werden oder besteht die Chance auf eine bereinigung?

Mit freundlichen Grüßen
JuppSchlupp

Alt 01.07.2013, 12:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 01.07.2013, 12:39   #3
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Danke für die schnelle Antwort, wie gewünscht Eingestellt, ausgeführt und hier der Log :P

Code:
ATTFilter
13:18:48.0519 5240  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:18:48.0758 5240  ============================================================
13:18:48.0758 5240  Current date / time: 2013/07/01 13:18:48.0758
13:18:48.0758 5240  SystemInfo:
13:18:48.0758 5240  
13:18:48.0759 5240  OS Version: 6.0.6002 ServicePack: 2.0
13:18:48.0759 5240  Product type: Workstation
13:18:48.0759 5240  ComputerName: GAST-PC
13:18:48.0759 5240  UserName: Gast
13:18:48.0759 5240  Windows directory: C:\Windows
13:18:48.0759 5240  System windows directory: C:\Windows
13:18:48.0759 5240  Running under WOW64
13:18:48.0759 5240  Processor architecture: Intel x64
13:18:48.0759 5240  Number of processors: 4
13:18:48.0759 5240  Page size: 0x1000
13:18:48.0759 5240  Boot type: Normal boot
13:18:48.0759 5240  ============================================================
13:18:48.0963 5240  Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:48.0981 5240  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:49.0009 5240  ============================================================
13:18:49.0009 5240  \Device\Harddisk0\DR0:
13:18:49.0009 5240  MBR partitions:
13:18:49.0009 5240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48AA5D70
13:18:49.0009 5240  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AA5DAF, BlocksNum 0x1D6E641
13:18:49.0009 5240  \Device\Harddisk1\DR1:
13:18:49.0009 5240  MBR partitions:
13:18:49.0009 5240  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
13:18:49.0009 5240  ============================================================
13:18:49.0033 5240  C: <-> \Device\Harddisk0\DR0\Partition1
13:18:49.0076 5240  E: <-> \Device\Harddisk1\DR1\Partition1
13:18:49.0161 5240  D: <-> \Device\Harddisk0\DR0\Partition2
13:18:49.0161 5240  ============================================================
13:18:49.0161 5240  Initialize success
13:18:49.0161 5240  ============================================================
13:18:55.0120 5068  ============================================================
13:18:55.0120 5068  Scan started
13:18:55.0120 5068  Mode: Manual; SigCheck; TDLFS; 
13:18:55.0120 5068  ============================================================
13:18:55.0864 5068  ================ Scan system memory ========================
13:18:55.0864 5068  System memory - ok
13:18:55.0864 5068  ================ Scan services =============================
13:18:56.0017 5068  [ F146E2BA475893DD77B2370DC1211FC6 ] 97862858        C:\Windows\system32\drivers\83758499.sys
13:18:56.0114 5068  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
13:18:56.0188 5068  AAV UpdateService - ok
13:18:56.0214 5068  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:18:56.0226 5068  ACPI - ok
13:18:56.0306 5068  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:56.0315 5068  AdobeFlashPlayerUpdateSvc - ok
13:18:56.0352 5068  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:18:56.0366 5068  adp94xx - ok
13:18:56.0402 5068  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:18:56.0413 5068  adpahci - ok
13:18:56.0439 5068  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:18:56.0446 5068  adpu160m - ok
13:18:56.0458 5068  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:18:56.0466 5068  adpu320 - ok
13:18:56.0496 5068  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:18:56.0516 5068  AeLookupSvc - ok
13:18:56.0555 5068  [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD             C:\Windows\system32\drivers\afd.sys
13:18:56.0578 5068  AFD - ok
13:18:56.0592 5068  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:18:56.0598 5068  agp440 - ok
13:18:56.0631 5068  [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s        C:\Windows\system32\drivers\ahcix64s.sys
13:18:56.0651 5068  ahcix64s - ok
13:18:56.0667 5068  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:18:56.0675 5068  aic78xx - ok
13:18:56.0688 5068  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
13:18:56.0714 5068  ALG - ok
13:18:56.0732 5068  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:18:56.0738 5068  aliide - ok
13:18:56.0751 5068  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
13:18:56.0757 5068  amdide - ok
13:18:56.0794 5068  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:18:56.0818 5068  AmdK8 - ok
13:18:56.0895 5068  [ 03E7D34FA978123760EE9DBA30930137 ] AMD_RAIDXpert   C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
13:18:56.0899 5068  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
13:18:56.0899 5068  AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
13:18:56.0924 5068  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
13:18:56.0933 5068  Appinfo - ok
13:18:56.0964 5068  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
13:18:56.0971 5068  arc - ok
13:18:57.0014 5068  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:18:57.0021 5068  arcsas - ok
13:18:57.0143 5068  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:18:57.0150 5068  aspnet_state - ok
13:18:57.0197 5068  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:18:57.0203 5068  aswFsBlk - ok
13:18:57.0245 5068  [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
13:18:57.0252 5068  aswFW - ok
13:18:57.0286 5068  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
13:18:57.0291 5068  aswKbd - ok
13:18:57.0346 5068  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:18:57.0353 5068  aswMonFlt - ok
13:18:57.0402 5068  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
13:18:57.0408 5068  aswNdis - ok
13:18:57.0438 5068  [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
13:18:57.0446 5068  aswNdis2 - ok
13:18:57.0467 5068  [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
13:18:57.0473 5068  AswRdr - ok
13:18:57.0515 5068  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:18:57.0521 5068  aswRvrt - ok
13:18:57.0563 5068  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:18:57.0585 5068  aswSnx - ok
13:18:57.0645 5068  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:18:57.0656 5068  aswSP - ok
13:18:57.0707 5068  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:18:57.0713 5068  aswTdi - ok
13:18:57.0741 5068  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:18:57.0749 5068  aswVmm - ok
13:18:57.0766 5068  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:18:57.0790 5068  AsyncMac - ok
13:18:57.0817 5068  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:18:57.0824 5068  atapi - ok
13:18:57.0844 5068  [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
13:18:57.0849 5068  AtiPcie - ok
13:18:57.0895 5068  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
13:18:57.0904 5068  atksgt - ok
13:18:57.0959 5068  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:18:57.0982 5068  AudioEndpointBuilder - ok
13:18:58.0026 5068  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:18:58.0048 5068  AudioSrv - ok
13:18:58.0190 5068  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:18:58.0196 5068  avast! Antivirus - ok
13:18:58.0243 5068  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
13:18:58.0250 5068  avast! Firewall - ok
13:18:58.0298 5068  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:18:58.0323 5068  blbdrive - ok
13:18:58.0353 5068  [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:18:58.0378 5068  bowser - ok
13:18:58.0403 5068  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:18:58.0420 5068  BrFiltLo - ok
13:18:58.0445 5068  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:18:58.0462 5068  BrFiltUp - ok
13:18:58.0487 5068  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
13:18:58.0512 5068  Browser - ok
13:18:58.0539 5068  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:18:58.0578 5068  Brserid - ok
13:18:58.0604 5068  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:18:58.0642 5068  BrSerWdm - ok
13:18:58.0653 5068  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:18:58.0690 5068  BrUsbMdm - ok
13:18:58.0700 5068  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:18:58.0737 5068  BrUsbSer - ok
13:18:58.0759 5068  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:18:58.0797 5068  BTHMODEM - ok
13:18:58.0826 5068  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:18:58.0851 5068  cdfs - ok
13:18:58.0869 5068  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:18:58.0887 5068  cdrom - ok
13:18:59.0093 5068  [ DFC81DD1112338DC8500E8A3E8ADE77D ] CEDRIVER60      E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys
13:18:59.0100 5068  CEDRIVER60 - ok
13:18:59.0147 5068  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:18:59.0164 5068  CertPropSvc - ok
13:18:59.0177 5068  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:18:59.0202 5068  circlass - ok
13:18:59.0247 5068  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
13:18:59.0260 5068  CLFS - ok
13:18:59.0364 5068  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:18:59.0371 5068  clr_optimization_v2.0.50727_32 - ok
13:18:59.0443 5068  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:18:59.0449 5068  clr_optimization_v2.0.50727_64 - ok
13:18:59.0557 5068  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:18:59.0564 5068  clr_optimization_v4.0.30319_32 - ok
13:18:59.0623 5068  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:18:59.0631 5068  clr_optimization_v4.0.30319_64 - ok
13:18:59.0652 5068  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:18:59.0658 5068  cmdide - ok
13:18:59.0682 5068  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:18:59.0688 5068  Compbatt - ok
13:18:59.0691 5068  COMSysApp - ok
13:18:59.0695 5068  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:18:59.0702 5068  crcdisk - ok
13:18:59.0727 5068  [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:18:59.0746 5068  CryptSvc - ok
13:18:59.0910 5068  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
13:18:59.0915 5068  DAUpdaterSvc - ok
13:18:59.0972 5068  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:19:00.0000 5068  DcomLaunch - ok
13:19:00.0024 5068  [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:19:00.0042 5068  DfsC - ok
13:19:00.0150 5068  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
13:19:00.0229 5068  DFSR - ok
13:19:00.0291 5068  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:19:00.0310 5068  Dhcp - ok
13:19:00.0330 5068  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
13:19:00.0338 5068  disk - ok
13:19:00.0389 5068  [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:19:00.0407 5068  Dnscache - ok
13:19:00.0447 5068  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:19:00.0466 5068  dot3svc - ok
13:19:00.0487 5068  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
13:19:00.0513 5068  DPS - ok
13:19:00.0538 5068  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:19:00.0555 5068  drmkaud - ok
13:19:00.0578 5068  dump_wmimmc - ok
13:19:00.0644 5068  [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:19:00.0665 5068  DXGKrnl - ok
13:19:00.0714 5068  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
13:19:00.0740 5068  E1G60 - ok
13:19:00.0768 5068  EagleX64 - ok
13:19:00.0786 5068  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
13:19:00.0804 5068  EapHost - ok
13:19:00.0859 5068  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:19:00.0867 5068  Ecache - ok
13:19:00.0906 5068  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:19:00.0919 5068  ehRecvr - ok
13:19:00.0973 5068  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
13:19:00.0982 5068  ehSched - ok
13:19:00.0997 5068  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
13:19:01.0005 5068  ehstart - ok
13:19:01.0032 5068  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:19:01.0044 5068  elxstor - ok
13:19:01.0084 5068  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:19:01.0099 5068  EMDMgmt - ok
13:19:01.0133 5068  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:19:01.0141 5068  ErrDev - ok
13:19:01.0162 5068  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
13:19:01.0184 5068  EventSystem - ok
13:19:01.0222 5068  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:19:01.0232 5068  exfat - ok
13:19:01.0235 5068  ezSharedSvc - ok
13:19:01.0264 5068  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:19:01.0283 5068  fastfat - ok
13:19:01.0308 5068  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:19:01.0332 5068  fdc - ok
13:19:01.0336 5068  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
13:19:01.0361 5068  fdPHost - ok
13:19:01.0381 5068  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
13:19:01.0419 5068  FDResPub - ok
13:19:01.0431 5068  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:19:01.0438 5068  FileInfo - ok
13:19:01.0461 5068  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:19:01.0485 5068  Filetrace - ok
13:19:01.0506 5068  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:01.0531 5068  flpydisk - ok
13:19:01.0550 5068  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:19:01.0559 5068  FltMgr - ok
13:19:01.0620 5068  [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache       C:\Windows\system32\FntCache.dll
13:19:01.0647 5068  FontCache - ok
13:19:01.0755 5068  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:01.0761 5068  FontCache3.0.0.0 - ok
13:19:01.0773 5068  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:19:01.0791 5068  Fs_Rec - ok
13:19:01.0819 5068  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:19:01.0825 5068  gagp30kx - ok
13:19:01.0907 5068  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:19:01.0915 5068  GamesAppService - ok
13:19:01.0947 5068  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:19:01.0975 5068  gpsvc - ok
13:19:02.0055 5068  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:02.0061 5068  gupdate - ok
13:19:02.0071 5068  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:02.0077 5068  gupdatem - ok
13:19:02.0132 5068  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:02.0143 5068  HdAudAddService - ok
13:19:02.0242 5068  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:02.0273 5068  HDAudBus - ok
13:19:02.0359 5068  [ 0457348421B377D172E893573D5CFE28 ] HH9Help.sys     C:\Windows\system32\drivers\HH9Help.sys
13:19:02.0365 5068  HH9Help.sys - ok
13:19:02.0386 5068  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:19:02.0424 5068  HidBth - ok
13:19:02.0448 5068  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:19:02.0485 5068  HidIr - ok
13:19:02.0538 5068  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
13:19:02.0556 5068  hidserv - ok
13:19:02.0566 5068  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:19:02.0584 5068  HidUsb - ok
13:19:02.0604 5068  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:19:02.0630 5068  hkmsvc - ok
13:19:02.0680 5068  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:19:02.0684 5068  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
13:19:02.0684 5068  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
13:19:02.0710 5068  [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv        C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
13:19:02.0715 5068  HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
13:19:02.0715 5068  HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
13:19:02.0739 5068  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:19:02.0745 5068  HpCISSs - ok
13:19:02.0780 5068  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:19:02.0797 5068  HTTP - ok
13:19:02.0840 5068  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:19:02.0847 5068  i2omp - ok
13:19:02.0875 5068  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:02.0892 5068  i8042prt - ok
13:19:02.0914 5068  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:19:02.0924 5068  iaStorV - ok
13:19:03.0034 5068  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:19:03.0038 5068  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:19:03.0038 5068  IDriverT - detected UnsignedFile.Multi.Generic (1)
13:19:03.0109 5068  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:03.0147 5068  idsvc - ok
13:19:03.0173 5068  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:19:03.0179 5068  iirsp - ok
13:19:03.0252 5068  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
13:19:03.0275 5068  IKEEXT - ok
13:19:03.0341 5068  [ 96B0A408842B0E214EDCB41E89438999 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:19:03.0407 5068  IntcAzAudAddService - ok
13:19:03.0448 5068  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
13:19:03.0454 5068  intelide - ok
13:19:03.0485 5068  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:19:03.0509 5068  intelppm - ok
13:19:03.0533 5068  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:19:03.0558 5068  IPBusEnum - ok
13:19:03.0593 5068  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:03.0611 5068  IpFilterDriver - ok
13:19:03.0614 5068  IpInIp - ok
13:19:03.0635 5068  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:19:03.0659 5068  IPMIDRV - ok
13:19:03.0672 5068  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:19:03.0697 5068  IPNAT - ok
13:19:03.0708 5068  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:19:03.0733 5068  IRENUM - ok
13:19:03.0781 5068  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:19:03.0788 5068  isapnp - ok
13:19:03.0821 5068  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:19:03.0831 5068  iScsiPrt - ok
13:19:03.0853 5068  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:19:03.0860 5068  iteatapi - ok
13:19:03.0905 5068  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:19:03.0911 5068  iteraid - ok
13:19:03.0930 5068  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:03.0936 5068  kbdclass - ok
13:19:03.0955 5068  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:03.0972 5068  kbdhid - ok
13:19:03.0992 5068  [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso          C:\Windows\system32\lsass.exe
13:19:04.0001 5068  KeyIso - ok
13:19:04.0015 5068  [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:19:04.0029 5068  KSecDD - ok
13:19:04.0076 5068  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:19:04.0101 5068  ksthunk - ok
13:19:04.0117 5068  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:19:04.0147 5068  KtmRm - ok
13:19:04.0227 5068  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:19:04.0238 5068  LanmanServer - ok
13:19:04.0255 5068  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:04.0267 5068  LanmanWorkstation - ok
13:19:04.0288 5068  [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:19:04.0292 5068  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:19:04.0292 5068  LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:19:04.0316 5068  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
13:19:04.0322 5068  lirsgt - ok
13:19:04.0335 5068  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:19:04.0360 5068  lltdio - ok
13:19:04.0388 5068  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:19:04.0416 5068  lltdsvc - ok
13:19:04.0440 5068  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:19:04.0465 5068  lmhosts - ok
13:19:04.0492 5068  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:19:04.0499 5068  LSI_FC - ok
13:19:04.0513 5068  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:19:04.0521 5068  LSI_SAS - ok
13:19:04.0531 5068  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:19:04.0539 5068  LSI_SCSI - ok
13:19:04.0570 5068  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:19:04.0596 5068  luafv - ok
13:19:04.0662 5068  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
13:19:04.0671 5068  McComponentHostService - ok
13:19:04.0689 5068  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:19:04.0698 5068  Mcx2Svc - ok
13:19:04.0751 5068  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
13:19:04.0757 5068  megasas - ok
13:19:04.0817 5068  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:19:04.0912 5068  MegaSR - ok
13:19:04.0951 5068  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
13:19:04.0977 5068  MMCSS - ok
13:19:05.0011 5068  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
13:19:05.0036 5068  Modem - ok
13:19:05.0085 5068  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:19:05.0109 5068  monitor - ok
13:19:05.0146 5068  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:19:05.0152 5068  mouclass - ok
13:19:05.0164 5068  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:19:05.0189 5068  mouhid - ok
13:19:05.0198 5068  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:19:05.0205 5068  MountMgr - ok
13:19:05.0237 5068  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:19:05.0244 5068  mpio - ok
13:19:05.0278 5068  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:19:05.0296 5068  mpsdrv - ok
13:19:05.0321 5068  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:19:05.0328 5068  Mraid35x - ok
13:19:05.0356 5068  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:19:05.0367 5068  MRxDAV - ok
13:19:05.0408 5068  [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:05.0418 5068  mrxsmb - ok
13:19:05.0446 5068  [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:05.0456 5068  mrxsmb10 - ok
13:19:05.0477 5068  [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:05.0486 5068  mrxsmb20 - ok
13:19:05.0510 5068  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
13:19:05.0517 5068  msahci - ok
13:19:05.0540 5068  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:19:05.0547 5068  msdsm - ok
13:19:05.0564 5068  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
13:19:05.0591 5068  MSDTC - ok
13:19:05.0617 5068  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:19:05.0643 5068  Msfs - ok
13:19:05.0657 5068  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:19:05.0663 5068  msisadrv - ok
13:19:05.0690 5068  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:19:05.0717 5068  MSiSCSI - ok
13:19:05.0720 5068  msiserver - ok
13:19:05.0748 5068  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:19:05.0774 5068  MSKSSRV - ok
13:19:05.0784 5068  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:05.0811 5068  MSPCLOCK - ok
13:19:05.0821 5068  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:19:05.0850 5068  MSPQM - ok
13:19:05.0876 5068  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:19:05.0888 5068  MsRPC - ok
13:19:05.0911 5068  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:19:05.0918 5068  mssmbios - ok
13:19:05.0928 5068  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:19:05.0954 5068  MSTEE - ok
13:19:05.0959 5068  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:19:05.0967 5068  Mup - ok
13:19:05.0989 5068  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
13:19:06.0017 5068  napagent - ok
13:19:06.0082 5068  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:19:06.0094 5068  NativeWifiP - ok
13:19:06.0168 5068  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:19:06.0201 5068  NDIS - ok
13:19:06.0230 5068  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:06.0249 5068  NdisTapi - ok
13:19:06.0278 5068  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:06.0303 5068  Ndisuio - ok
13:19:06.0338 5068  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:06.0357 5068  NdisWan - ok
13:19:06.0414 5068  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:19:06.0432 5068  NDProxy - ok
13:19:06.0461 5068  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:19:06.0487 5068  NetBIOS - ok
13:19:06.0665 5068  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:19:06.0684 5068  netbt - ok
13:19:06.0709 5068  [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon        C:\Windows\system32\lsass.exe
13:19:06.0718 5068  Netlogon - ok
13:19:06.0947 5068  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
13:19:06.0991 5068  Netman - ok
13:19:07.0050 5068  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:07.0058 5068  NetMsmqActivator - ok
13:19:07.0102 5068  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:07.0109 5068  NetPipeActivator - ok
13:19:07.0156 5068  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
13:19:07.0185 5068  netprofm - ok
13:19:07.0189 5068  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:07.0196 5068  NetTcpActivator - ok
13:19:07.0200 5068  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:07.0207 5068  NetTcpPortSharing - ok
13:19:07.0222 5068  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:19:07.0229 5068  nfrd960 - ok
13:19:07.0295 5068  [ 473AB3856CA286A616998CB34762EB6D ] nHancer         E:\Program Files\nHancer\nHancerService.exe
13:19:07.0298 5068  nHancer ( UnsignedFile.Multi.Generic ) - warning
13:19:07.0298 5068  nHancer - detected UnsignedFile.Multi.Generic (1)
13:19:07.0319 5068  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:19:07.0346 5068  NlaSvc - ok
13:19:07.0440 5068  [ C71311E06C2CF6A4E3AB84404E1BE8C3 ] nlsvc           C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
13:19:07.0455 5068  nlsvc ( UnsignedFile.Multi.Generic ) - warning
13:19:07.0455 5068  nlsvc - detected UnsignedFile.Multi.Generic (1)
13:19:07.0504 5068  [ D4E38BF6563C88445FBDFDFFE0308BAF ] nltdi           C:\Windows\system32\drivers\nltdi.sys
13:19:07.0511 5068  nltdi - ok
13:19:07.0562 5068  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:19:07.0580 5068  Npfs - ok
13:19:07.0627 5068  npggsvc - ok
13:19:07.0721 5068  [ CA79C58B966C16B2CC4A3FD3F6AD5EC1 ] npkcft64        C:\Windows\SysWOW64\npkcft64.sys
13:19:07.0728 5068  npkcft64 - ok
13:19:07.0850 5068  [ 93B9A6B06C873A425AB18A834CD381D0 ] npkcmsvc        C:\Windows\SysWOW64\npkcmsvc.exe
13:19:07.0859 5068  npkcmsvc - ok
13:19:07.0902 5068  [ FBAC9BDA9E3CAB742EF9D10FF23201E1 ] npkuft64        C:\Windows\SysWOW64\npkuft64.sys
13:19:07.0909 5068  npkuft64 - ok
13:19:07.0912 5068  NPPTNT2 - ok
13:19:07.0991 5068  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
13:19:08.0017 5068  nsi - ok
13:19:08.0082 5068  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:19:08.0106 5068  nsiproxy - ok
13:19:08.0446 5068  [ 213866EF6F9E75131CE844130F172ABF ] NSPService      C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe
13:19:08.0475 5068  NSPService - ok
13:19:08.0642 5068  [ 79BC85B1D188DADC51BA02A977BF4985 ] NSPUpdateService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
13:19:08.0684 5068  NSPUpdateService - ok
13:19:08.0797 5068  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:19:08.0837 5068  Ntfs - ok
13:19:08.0927 5068  nTuneService - ok
13:19:08.0947 5068  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
13:19:08.0971 5068  Null - ok
13:19:09.0289 5068  [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:19:09.0568 5068  nvlddmkm - ok
13:19:09.0601 5068  [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64        C:\Windows\system32\DRIVERS\nvoclk64.sys
13:19:09.0607 5068  nvoclk64 - ok
13:19:09.0627 5068  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:19:09.0635 5068  nvraid - ok
13:19:09.0646 5068  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:19:09.0653 5068  nvstor - ok
13:19:09.0705 5068  [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:19:09.0727 5068  nvsvc - ok
13:19:09.0787 5068  [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:19:09.0814 5068  nvUpdatusService - ok
13:19:09.0841 5068  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:19:09.0848 5068  nv_agp - ok
13:19:09.0851 5068  NwlnkFlt - ok
13:19:09.0855 5068  NwlnkFwd - ok
13:19:09.0918 5068  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:19:09.0936 5068  ohci1394 - ok
13:19:09.0981 5068  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:19:10.0001 5068  p2pimsvc - ok
13:19:10.0090 5068  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
13:19:10.0182 5068  p2psvc - ok
13:19:10.0242 5068  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
13:19:10.0285 5068  Parport - ok
13:19:10.0394 5068  [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:19:10.0402 5068  partmgr - ok
13:19:10.0431 5068  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:19:10.0443 5068  PcaSvc - ok
13:19:10.0541 5068  [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
13:19:10.0546 5068  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
13:19:10.0546 5068  PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
13:19:10.0582 5068  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
13:19:10.0591 5068  pci - ok
13:19:10.0606 5068  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:19:10.0613 5068  pciide - ok
13:19:10.0643 5068  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:19:10.0651 5068  pcmcia - ok
13:19:10.0691 5068  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:19:10.0738 5068  PEAUTH - ok
13:19:10.0815 5068  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:19:10.0841 5068  PerfHost - ok
13:19:10.0882 5068  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
13:19:10.0958 5068  pla - ok
13:19:11.0017 5068  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:19:11.0038 5068  PlugPlay - ok
13:19:11.0090 5068  PnkBstrA - ok
13:19:11.0140 5068  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:19:11.0160 5068  PNRPAutoReg - ok
13:19:11.0215 5068  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:19:11.0234 5068  PNRPsvc - ok
13:19:11.0295 5068  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:19:11.0319 5068  PolicyAgent - ok
13:19:11.0399 5068  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:19:11.0417 5068  PptpMiniport - ok
13:19:11.0424 5068  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:19:11.0449 5068  Processor - ok
13:19:11.0489 5068  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
13:19:11.0511 5068  ProfSvc - ok
13:19:11.0533 5068  [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:19:11.0543 5068  ProtectedStorage - ok
13:19:11.0576 5068  [ 1D0A3F565397D08707F3D75B88586645 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
13:19:11.0584 5068  Ps2 - ok
13:19:11.0626 5068  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:19:11.0646 5068  PSched - ok
13:19:11.0680 5068  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:19:11.0713 5068  ql2300 - ok
13:19:11.0748 5068  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:19:11.0756 5068  ql40xx - ok
13:19:11.0793 5068  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
13:19:11.0806 5068  QWAVE - ok
13:19:11.0816 5068  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:19:11.0827 5068  QWAVEdrv - ok
13:19:11.0834 5068  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:19:11.0860 5068  RasAcd - ok
13:19:11.0873 5068  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
13:19:11.0900 5068  RasAuto - ok
13:19:11.0927 5068  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:19:11.0946 5068  Rasl2tp - ok
13:19:11.0952 5068  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
13:19:11.0973 5068  RasMan - ok
13:19:12.0016 5068  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:19:12.0034 5068  RasPppoe - ok
13:19:12.0054 5068  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:19:12.0064 5068  RasSstp - ok
13:19:12.0125 5068  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:19:12.0145 5068  rdbss - ok
13:19:12.0172 5068  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:12.0196 5068  RDPCDD - ok
13:19:12.0228 5068  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:19:12.0255 5068  rdpdr - ok
13:19:12.0267 5068  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:19:12.0292 5068  RDPENCDD - ok
13:19:12.0316 5068  [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:19:12.0336 5068  RDPWD - ok
13:19:12.0370 5068  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:19:12.0396 5068  RemoteAccess - ok
13:19:12.0449 5068  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:19:12.0470 5068  RemoteRegistry - ok
13:19:12.0489 5068  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
13:19:12.0499 5068  RpcLocator - ok
13:19:12.0555 5068  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
13:19:12.0583 5068  RpcSs - ok
13:19:12.0617 5068  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:19:12.0642 5068  rspndr - ok
13:19:12.0676 5068  [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
13:19:12.0692 5068  RTL8169 - ok
13:19:12.0700 5068  [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs           C:\Windows\system32\lsass.exe
13:19:12.0710 5068  SamSs - ok
13:19:12.0735 5068  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:19:12.0742 5068  sbp2port - ok
13:19:12.0794 5068  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:19:12.0815 5068  SCardSvr - ok
13:19:12.0846 5068  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
13:19:12.0869 5068  Schedule - ok
13:19:12.0921 5068  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:19:12.0939 5068  SCPolicySvc - ok
13:19:12.0977 5068  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:19:12.0988 5068  SDRSVC - ok
13:19:12.0995 5068  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:19:13.0033 5068  secdrv - ok
13:19:13.0038 5068  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
13:19:13.0065 5068  seclogon - ok
13:19:13.0072 5068  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
13:19:13.0099 5068  SENS - ok
13:19:13.0118 5068  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:19:13.0157 5068  Serenum - ok
13:19:13.0179 5068  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
13:19:13.0219 5068  Serial - ok
13:19:13.0244 5068  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:19:13.0269 5068  sermouse - ok
13:19:13.0289 5068  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:19:13.0316 5068  SessionEnv - ok
13:19:13.0349 5068  [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
13:19:13.0356 5068  sfdrv01 - ok
13:19:13.0369 5068  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:19:13.0394 5068  sffdisk - ok
13:19:13.0405 5068  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:19:13.0430 5068  sffp_mmc - ok
13:19:13.0441 5068  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:19:13.0465 5068  sffp_sd - ok
13:19:13.0491 5068  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
13:19:13.0497 5068  sfhlp02 - ok
13:19:13.0509 5068  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:19:13.0547 5068  sfloppy - ok
13:19:13.0575 5068  [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
13:19:13.0581 5068  sfsync04 - ok
13:19:13.0645 5068  [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:19:13.0667 5068  ShellHWDetection - ok
13:19:13.0678 5068  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:19:13.0685 5068  SiSRaid2 - ok
13:19:13.0700 5068  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:19:13.0707 5068  SiSRaid4 - ok
13:19:13.0775 5068  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     E:\Program Files (x86)\Skype\Updater\Updater.exe
13:19:13.0782 5068  SkypeUpdate - ok
13:19:13.0860 5068  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
13:19:13.0931 5068  slsvc - ok
13:19:13.0966 5068  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:19:13.0986 5068  SLUINotify - ok
13:19:14.0057 5068  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:19:14.0075 5068  Smb - ok
13:19:14.0100 5068  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:19:14.0110 5068  SNMPTRAP - ok
13:19:14.0128 5068  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
13:19:14.0136 5068  spldr - ok
13:19:14.0193 5068  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
13:19:14.0205 5068  Spooler - ok
13:19:14.0259 5068  [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd            C:\Windows\System32\Drivers\sptd.sys
13:19:14.0260 5068  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF
13:19:14.0261 5068  sptd ( LockedFile.Multi.Generic ) - warning
13:19:14.0261 5068  sptd - detected LockedFile.Multi.Generic (1)
13:19:14.0324 5068  [ 8CD33A47CA02C79038B669F31F95BDAC ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:19:14.0338 5068  srv - ok
13:19:14.0410 5068  [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:19:14.0420 5068  srv2 - ok
13:19:14.0427 5068  [ 2B8C340F830C465F514D966F7E6A822F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:19:14.0437 5068  srvnet - ok
13:19:14.0442 5068  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:19:14.0470 5068  SSDPSRV - ok
13:19:14.0508 5068  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:19:14.0520 5068  SstpSvc - ok
13:19:14.0554 5068  Steam Client Service - ok
13:19:14.0598 5068  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
13:19:14.0616 5068  stisvc - ok
13:19:14.0664 5068  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:19:14.0670 5068  swenum - ok
13:19:14.0723 5068  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
13:19:14.0749 5068  swprv - ok
13:19:14.0768 5068  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:19:14.0775 5068  Symc8xx - ok
13:19:14.0807 5068  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:19:14.0813 5068  Sym_hi - ok
13:19:14.0826 5068  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:19:14.0833 5068  Sym_u3 - ok
13:19:14.0890 5068  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
13:19:14.0922 5068  SysMain - ok
13:19:14.0927 5068  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:19:14.0941 5068  TabletInputService - ok
13:19:14.0959 5068  tandpl - ok
13:19:15.0130 5068  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:19:15.0152 5068  TapiSrv - ok
13:19:15.0219 5068  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
13:19:15.0246 5068  TBS - ok
13:19:15.0288 5068  [ 0011810B5211FDACD784DE585262ECFE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:19:15.0320 5068  Tcpip - ok
13:19:15.0439 5068  [ 0011810B5211FDACD784DE585262ECFE ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:19:15.0551 5068  Tcpip6 - ok
13:19:15.0606 5068  [ CE3AE2BA7A076F0ADE9F48C598C1D15D ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:19:15.0615 5068  tcpipreg - ok
13:19:15.0632 5068  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:19:15.0656 5068  TDPIPE - ok
13:19:15.0681 5068  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:19:15.0705 5068  TDTCP - ok
13:19:15.0749 5068  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:19:15.0768 5068  tdx - ok
13:19:15.0778 5068  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:19:15.0785 5068  TermDD - ok
13:19:15.0830 5068  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
13:19:15.0856 5068  TermService - ok
13:19:15.0887 5068  [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes          C:\Windows\system32\shsvcs.dll
13:19:15.0909 5068  Themes - ok
13:19:15.0934 5068  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:19:15.0960 5068  THREADORDER - ok
13:19:16.0003 5068  [ 49916F9CE160399B868176298D7D1B18 ] TKCtrl          C:\Windows\system32\TKCtrl2k64.sys
13:19:16.0011 5068  TKCtrl - ok
13:19:16.0036 5068  [ D2DF92451F2F5D381171C2AAC50AD352 ] TKFsAvM         C:\Windows\system32\TKFsAv64.sys
13:19:16.0046 5068  TKFsAvM - ok
13:19:16.0085 5068  [ B62AE84BAFC7581FE3BF72B1BAFF7EB4 ] TkFsFtM         C:\Windows\system32\TKFsFt64.sys
13:19:16.0093 5068  TkFsFtM - ok
13:19:16.0129 5068  [ 9638CBC32E752C61BE3D2AC5F128A572 ] TKFWFV          C:\Windows\system32\TKFWFV64.sys
13:19:16.0136 5068  TKFWFV - ok
13:19:16.0173 5068  [ 39211E00F15B399938A1222064157061 ] TKFWVT          C:\Windows\system32\TKFWVT64.sys
13:19:16.0182 5068  TKFWVT - ok
13:19:16.0219 5068  [ A653DE4BB01789B987B1B67C253EF5AE ] TkIdsVt         C:\Windows\system32\TkIdsVt64.sys
13:19:16.0228 5068  TkIdsVt - ok
13:19:16.0233 5068  [ C78246370A8E2BA691A33DB2655FB77A ] TKPcFt          C:\Windows\system32\TKPcFtCb64.sys
13:19:16.0241 5068  TKPcFt - ok
13:19:16.0257 5068  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
13:19:16.0284 5068  TrkWks - ok
13:19:16.0349 5068  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:19:16.0367 5068  TrustedInstaller - ok
13:19:16.0389 5068  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:16.0413 5068  tssecsrv - ok
13:19:16.0435 5068  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:19:16.0444 5068  tunmp - ok
13:19:16.0473 5068  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:19:16.0482 5068  tunnel - ok
13:19:16.0502 5068  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:19:16.0509 5068  uagp35 - ok
13:19:16.0541 5068  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:19:16.0561 5068  udfs - ok
13:19:16.0568 5068  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:19:16.0594 5068  UI0Detect - ok
13:19:16.0617 5068  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:19:16.0624 5068  uliagpkx - ok
13:19:16.0648 5068  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:19:16.0657 5068  uliahci - ok
13:19:16.0692 5068  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:19:16.0699 5068  UlSata - ok
13:19:16.0727 5068  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:19:16.0735 5068  ulsata2 - ok
13:19:16.0757 5068  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:19:16.0782 5068  umbus - ok
13:19:16.0828 5068  UpdateCenterService - ok
13:19:16.0839 5068  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
13:19:16.0870 5068  upnphost - ok
13:19:16.0941 5068  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:19:16.0959 5068  usbccgp - ok
13:19:16.0979 5068  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:19:17.0018 5068  usbcir - ok
13:19:17.0046 5068  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:19:17.0064 5068  usbehci - ok
13:19:17.0100 5068  [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
13:19:17.0106 5068  usbfilter - ok
13:19:17.0117 5068  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:19:17.0137 5068  usbhub - ok
13:19:17.0143 5068  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:19:17.0160 5068  usbohci - ok
13:19:17.0189 5068  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:19:17.0214 5068  usbprint - ok
13:19:17.0217 5068  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:17.0235 5068  USBSTOR - ok
13:19:17.0250 5068  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:19:17.0268 5068  usbuhci - ok
13:19:17.0279 5068  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
13:19:17.0298 5068  UxSms - ok
13:19:17.0334 5068  [ 43D018A3ACBA1DCB0BD336476E122B69 ] VC9SecS         E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe
13:19:17.0341 5068  VC9SecS - ok
13:19:17.0411 5068  [ 53606539DE7E6225211F576A6EBFBA39 ] vcd9bus         C:\Windows\system32\DRIVERS\vcd9bus.sys
13:19:17.0417 5068  vcd9bus - ok
13:19:17.0465 5068  [ 689917FB02D3005CE98DB1FEA8A81E5C ] vdrv9000        C:\Windows\system32\DRIVERS\vdrv9000.sys
13:19:17.0471 5068  vdrv9000 - ok
13:19:17.0519 5068  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
13:19:17.0544 5068  vds - ok
13:19:17.0583 5068  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:17.0607 5068  vga - ok
13:19:17.0611 5068  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:19:17.0636 5068  VgaSave - ok
13:19:17.0652 5068  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
13:19:17.0658 5068  viaide - ok
13:19:17.0699 5068  [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm             C:\Windows\system32\Treiber\vmm.sys
13:19:17.0708 5068  vmm - ok
13:19:17.0721 5068  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:19:17.0729 5068  volmgr - ok
13:19:17.0782 5068  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:19:17.0795 5068  volmgrx - ok
13:19:17.0809 5068  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:19:17.0819 5068  volsnap - ok
13:19:17.0853 5068  [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
13:19:17.0859 5068  VPCNetS2 - ok
13:19:17.0885 5068  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:19:17.0893 5068  vsmraid - ok
13:19:17.0942 5068  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
13:19:18.0005 5068  VSS - ok
13:19:18.0048 5068  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
13:19:18.0072 5068  W32Time - ok
13:19:18.0093 5068  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:19:18.0131 5068  WacomPen - ok
13:19:18.0175 5068  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:19:18.0193 5068  Wanarp - ok
13:19:18.0196 5068  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:19:18.0214 5068  Wanarpv6 - ok
13:19:18.0228 5068  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:19:18.0247 5068  wcncsvc - ok
13:19:18.0259 5068  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:19:18.0279 5068  WcsPlugInService - ok
13:19:18.0303 5068  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
13:19:18.0309 5068  Wd - ok
13:19:18.0351 5068  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:19:18.0372 5068  Wdf01000 - ok
13:19:18.0401 5068  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:19:18.0428 5068  WdiServiceHost - ok
13:19:18.0431 5068  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:19:18.0458 5068  WdiSystemHost - ok
13:19:18.0472 5068  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
13:19:18.0485 5068  WebClient - ok
13:19:18.0491 5068  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:19:18.0519 5068  Wecsvc - ok
13:19:18.0529 5068  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:19:18.0549 5068  wercplsupport - ok
13:19:18.0558 5068  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
13:19:18.0579 5068  WerSvc - ok
13:19:18.0584 5068  WinHttpAutoProxySvc - ok
13:19:18.0662 5068  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:19:18.0682 5068  Winmgmt - ok
13:19:18.0742 5068  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:19:18.0776 5068  WinRM - ok
13:19:18.0821 5068  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:19:18.0841 5068  Wlansvc - ok
13:19:18.0986 5068  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:19:19.0049 5068  wlidsvc - ok
13:19:19.0066 5068  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:19:19.0074 5068  WmiAcpi - ok
13:19:19.0129 5068  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:19:19.0148 5068  wmiApSrv - ok
13:19:19.0151 5068  WMPNetworkSvc - ok
13:19:19.0161 5068  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:19:19.0173 5068  WPCSvc - ok
13:19:19.0218 5068  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:19:19.0229 5068  WPDBusEnum - ok
13:19:19.0367 5068  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:19:19.0410 5068  WPFFontCache_v0400 - ok
13:19:19.0430 5068  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:19:19.0454 5068  ws2ifsl - ok
13:19:19.0457 5068  WSearch - ok
13:19:19.0500 5068  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:19.0525 5068  WUDFRd - ok
13:19:19.0534 5068  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:19:19.0561 5068  wudfsvc - ok
13:19:19.0643 5068  X6va005 - ok
13:19:19.0679 5068  [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
13:19:19.0684 5068  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
13:19:19.0687 5068  ================ Scan global ===============================
13:19:19.0714 5068  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:19:19.0759 5068  [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
13:19:19.0775 5068  [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
13:19:19.0821 5068  [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
13:19:19.0825 5068  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
13:19:19.0825 5068  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
13:19:19.0826 5068  ================ Scan MBR ==================================
13:19:19.0854 5068  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
13:19:20.0256 5068  \Device\Harddisk0\DR0 - ok
13:19:20.0280 5068  [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1
13:19:20.0359 5068  \Device\Harddisk1\DR1 - ok
13:19:20.0360 5068  ================ Scan VBR ==================================
13:19:20.0362 5068  [ 27E9362AA78875B12248F97C95836487 ] \Device\Harddisk0\DR0\Partition1
13:19:20.0363 5068  \Device\Harddisk0\DR0\Partition1 - ok
13:19:20.0365 5068  [ 219370FB1439A3125D7F9E6F8724A60C ] \Device\Harddisk0\DR0\Partition2
13:19:20.0366 5068  \Device\Harddisk0\DR0\Partition2 - ok
13:19:20.0369 5068  [ 960CDE92622C58C393F6E4FC501C8B8C ] \Device\Harddisk1\DR1\Partition1
13:19:20.0370 5068  \Device\Harddisk1\DR1\Partition1 - ok
13:19:20.0370 5068  ============================================================
13:19:20.0370 5068  Scan finished
13:19:20.0370 5068  ============================================================
13:19:20.0377 5364  Detected object count: 10
13:19:20.0377 5364  Actual detected object count: 10
13:19:33.0641 5364  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0641 5364  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0642 5364  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0642 5364  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0643 5364  HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0643 5364  HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0644 5364  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0644 5364  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0645 5364  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0645 5364  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0646 5364  nHancer ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0646 5364  nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0647 5364  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0647 5364  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0648 5364  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:33.0648 5364  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0649 5364  sptd ( LockedFile.Multi.Generic ) - skipped by user
13:19:33.0649 5364  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
13:19:33.0650 5364  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
13:19:33.0650 5364  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip 
13:19:38.0579 5416  Deinitialize success
         
__________________

Alt 01.07.2013, 13:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Zitat:
C:\Windows\system32\services.exe
neben dem Eintrag Cure wählen, laufen lassen, log posten.

Neuen Scan mit TDSSKiller, das Log ebenfalls bitte posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 13:34   #5
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Soooo, durchlaufen gelassen, hier der Log:

Code:
ATTFilter
14:10:53.0573 5600  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:10:53.0829 5600  ============================================================
14:10:53.0829 5600  Current date / time: 2013/07/01 14:10:53.0829
14:10:53.0829 5600  SystemInfo:
14:10:53.0829 5600  
14:10:53.0829 5600  OS Version: 6.0.6002 ServicePack: 2.0
14:10:53.0829 5600  Product type: Workstation
14:10:53.0829 5600  ComputerName: GAST-PC
14:10:53.0829 5600  UserName: Gast
14:10:53.0829 5600  Windows directory: C:\Windows
14:10:53.0829 5600  System windows directory: C:\Windows
14:10:53.0829 5600  Running under WOW64
14:10:53.0829 5600  Processor architecture: Intel x64
14:10:53.0829 5600  Number of processors: 4
14:10:53.0829 5600  Page size: 0x1000
14:10:53.0829 5600  Boot type: Normal boot
14:10:53.0829 5600  ============================================================
14:10:54.0060 5600  Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:10:54.0083 5600  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:10:54.0115 5600  ============================================================
14:10:54.0115 5600  \Device\Harddisk0\DR0:
14:10:54.0116 5600  MBR partitions:
14:10:54.0116 5600  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48AA5D70
14:10:54.0116 5600  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AA5DAF, BlocksNum 0x1D6E641
14:10:54.0116 5600  \Device\Harddisk1\DR1:
14:10:54.0116 5600  MBR partitions:
14:10:54.0116 5600  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
14:10:54.0116 5600  ============================================================
14:10:54.0145 5600  C: <-> \Device\Harddisk0\DR0\Partition1
14:10:54.0186 5600  E: <-> \Device\Harddisk1\DR1\Partition1
14:10:54.0282 5600  D: <-> \Device\Harddisk0\DR0\Partition2
14:10:54.0282 5600  ============================================================
14:10:54.0282 5600  Initialize success
14:10:54.0282 5600  ============================================================
14:11:00.0560 5240  ============================================================
14:11:00.0560 5240  Scan started
14:11:00.0560 5240  Mode: Manual; SigCheck; TDLFS; 
14:11:00.0560 5240  ============================================================
14:11:01.0569 5240  ================ Scan system memory ========================
14:11:01.0569 5240  System memory - ok
14:11:01.0569 5240  ================ Scan services =============================
14:11:01.0721 5240  [ F146E2BA475893DD77B2370DC1211FC6 ] 97862858        C:\Windows\system32\drivers\83758499.sys
14:11:01.0819 5240  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
14:11:01.0893 5240  AAV UpdateService - ok
14:11:01.0935 5240  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:11:01.0947 5240  ACPI - ok
14:11:02.0027 5240  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:02.0036 5240  AdobeFlashPlayerUpdateSvc - ok
14:11:02.0081 5240  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:11:02.0096 5240  adp94xx - ok
14:11:02.0132 5240  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:11:02.0143 5240  adpahci - ok
14:11:02.0168 5240  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:11:02.0175 5240  adpu160m - ok
14:11:02.0187 5240  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:11:02.0195 5240  adpu320 - ok
14:11:02.0225 5240  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:11:02.0245 5240  AeLookupSvc - ok
14:11:02.0285 5240  [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD             C:\Windows\system32\drivers\afd.sys
14:11:02.0307 5240  AFD - ok
14:11:02.0321 5240  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:11:02.0328 5240  agp440 - ok
14:11:02.0360 5240  [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s        C:\Windows\system32\drivers\ahcix64s.sys
14:11:02.0381 5240  ahcix64s - ok
14:11:02.0397 5240  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:11:02.0404 5240  aic78xx - ok
14:11:02.0418 5240  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
14:11:02.0443 5240  ALG - ok
14:11:02.0461 5240  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:11:02.0467 5240  aliide - ok
14:11:02.0481 5240  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
14:11:02.0487 5240  amdide - ok
14:11:02.0523 5240  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:11:02.0548 5240  AmdK8 - ok
14:11:02.0608 5240  [ 03E7D34FA978123760EE9DBA30930137 ] AMD_RAIDXpert   C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
14:11:02.0612 5240  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
14:11:02.0612 5240  AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
14:11:02.0637 5240  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
14:11:02.0646 5240  Appinfo - ok
14:11:02.0660 5240  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
14:11:02.0667 5240  arc - ok
14:11:02.0694 5240  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:11:02.0701 5240  arcsas - ok
14:11:02.0823 5240  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:11:02.0830 5240  aspnet_state - ok
14:11:02.0860 5240  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:11:02.0866 5240  aswFsBlk - ok
14:11:02.0908 5240  [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
14:11:02.0915 5240  aswFW - ok
14:11:02.0948 5240  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
14:11:02.0954 5240  aswKbd - ok
14:11:03.0009 5240  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:11:03.0016 5240  aswMonFlt - ok
14:11:03.0065 5240  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
14:11:03.0070 5240  aswNdis - ok
14:11:03.0109 5240  [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
14:11:03.0118 5240  aswNdis2 - ok
14:11:03.0138 5240  [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
14:11:03.0144 5240  AswRdr - ok
14:11:03.0186 5240  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:11:03.0192 5240  aswRvrt - ok
14:11:03.0234 5240  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:11:03.0256 5240  aswSnx - ok
14:11:03.0324 5240  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:11:03.0336 5240  aswSP - ok
14:11:03.0378 5240  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:11:03.0384 5240  aswTdi - ok
14:11:03.0413 5240  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:11:03.0420 5240  aswVmm - ok
14:11:03.0462 5240  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:03.0486 5240  AsyncMac - ok
14:11:03.0513 5240  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:11:03.0520 5240  atapi - ok
14:11:03.0540 5240  [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
14:11:03.0545 5240  AtiPcie - ok
14:11:03.0591 5240  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
14:11:03.0600 5240  atksgt - ok
14:11:03.0664 5240  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:11:03.0687 5240  AudioEndpointBuilder - ok
14:11:03.0730 5240  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:11:03.0753 5240  AudioSrv - ok
14:11:03.0903 5240  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:11:03.0909 5240  avast! Antivirus - ok
14:11:03.0956 5240  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
14:11:03.0963 5240  avast! Firewall - ok
14:11:04.0011 5240  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:11:04.0036 5240  blbdrive - ok
14:11:04.0074 5240  [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:11:04.0099 5240  bowser - ok
14:11:04.0124 5240  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:11:04.0141 5240  BrFiltLo - ok
14:11:04.0175 5240  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:11:04.0192 5240  BrFiltUp - ok
14:11:04.0216 5240  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
14:11:04.0241 5240  Browser - ok
14:11:04.0269 5240  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:11:04.0307 5240  Brserid - ok
14:11:04.0342 5240  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:11:04.0380 5240  BrSerWdm - ok
14:11:04.0391 5240  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:11:04.0428 5240  BrUsbMdm - ok
14:11:04.0438 5240  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:11:04.0475 5240  BrUsbSer - ok
14:11:04.0497 5240  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:11:04.0535 5240  BTHMODEM - ok
14:11:04.0563 5240  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:11:04.0589 5240  cdfs - ok
14:11:04.0616 5240  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:11:04.0633 5240  cdrom - ok
14:11:04.0837 5240  [ DFC81DD1112338DC8500E8A3E8ADE77D ] CEDRIVER60      E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys
14:11:04.0844 5240  CEDRIVER60 - ok
14:11:04.0893 5240  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:11:04.0911 5240  CertPropSvc - ok
14:11:04.0923 5240  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:11:04.0948 5240  circlass - ok
14:11:04.0993 5240  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
14:11:05.0006 5240  CLFS - ok
14:11:05.0102 5240  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:05.0109 5240  clr_optimization_v2.0.50727_32 - ok
14:11:05.0172 5240  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:05.0179 5240  clr_optimization_v2.0.50727_64 - ok
14:11:05.0278 5240  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:05.0285 5240  clr_optimization_v4.0.30319_32 - ok
14:11:05.0336 5240  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:05.0343 5240  clr_optimization_v4.0.30319_64 - ok
14:11:05.0365 5240  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:11:05.0370 5240  cmdide - ok
14:11:05.0403 5240  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:11:05.0409 5240  Compbatt - ok
14:11:05.0413 5240  COMSysApp - ok
14:11:05.0417 5240  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:11:05.0423 5240  crcdisk - ok
14:11:05.0448 5240  [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:11:05.0468 5240  CryptSvc - ok
14:11:05.0629 5240  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
14:11:05.0634 5240  DAUpdaterSvc - ok
14:11:05.0693 5240  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:11:05.0722 5240  DcomLaunch - ok
14:11:05.0754 5240  [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:11:05.0772 5240  DfsC - ok
14:11:05.0880 5240  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
14:11:05.0958 5240  DFSR - ok
14:11:06.0020 5240  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:11:06.0040 5240  Dhcp - ok
14:11:06.0060 5240  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
14:11:06.0067 5240  disk - ok
14:11:06.0118 5240  [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:11:06.0137 5240  Dnscache - ok
14:11:06.0176 5240  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:11:06.0196 5240  dot3svc - ok
14:11:06.0216 5240  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
14:11:06.0242 5240  DPS - ok
14:11:06.0268 5240  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:11:06.0285 5240  drmkaud - ok
14:11:06.0307 5240  dump_wmimmc - ok
14:11:06.0365 5240  [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:11:06.0388 5240  DXGKrnl - ok
14:11:06.0460 5240  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
14:11:06.0486 5240  E1G60 - ok
14:11:06.0514 5240  EagleX64 - ok
14:11:06.0532 5240  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
14:11:06.0551 5240  EapHost - ok
14:11:06.0605 5240  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:11:06.0613 5240  Ecache - ok
14:11:06.0652 5240  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:11:06.0665 5240  ehRecvr - ok
14:11:06.0711 5240  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
14:11:06.0720 5240  ehSched - ok
14:11:06.0735 5240  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
14:11:06.0743 5240  ehstart - ok
14:11:06.0769 5240  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:11:06.0782 5240  elxstor - ok
14:11:06.0822 5240  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:11:06.0837 5240  EMDMgmt - ok
14:11:06.0871 5240  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:11:06.0878 5240  ErrDev - ok
14:11:06.0933 5240  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
14:11:06.0956 5240  EventSystem - ok
14:11:07.0027 5240  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:11:07.0037 5240  exfat - ok
14:11:07.0040 5240  ezSharedSvc - ok
14:11:07.0069 5240  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:11:07.0089 5240  fastfat - ok
14:11:07.0121 5240  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:11:07.0145 5240  fdc - ok
14:11:07.0149 5240  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
14:11:07.0174 5240  fdPHost - ok
14:11:07.0194 5240  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
14:11:07.0234 5240  FDResPub - ok
14:11:07.0244 5240  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:11:07.0250 5240  FileInfo - ok
14:11:07.0274 5240  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:11:07.0298 5240  Filetrace - ok
14:11:07.0327 5240  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:07.0352 5240  flpydisk - ok
14:11:07.0371 5240  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:11:07.0381 5240  FltMgr - ok
14:11:07.0441 5240  [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache       C:\Windows\system32\FntCache.dll
14:11:07.0467 5240  FontCache - ok
14:11:07.0576 5240  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:07.0582 5240  FontCache3.0.0.0 - ok
14:11:07.0595 5240  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:11:07.0612 5240  Fs_Rec - ok
14:11:07.0640 5240  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:11:07.0646 5240  gagp30kx - ok
14:11:07.0720 5240  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:11:07.0728 5240  GamesAppService - ok
14:11:07.0760 5240  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:11:07.0787 5240  gpsvc - ok
14:11:07.0892 5240  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:11:07.0899 5240  gupdate - ok
14:11:07.0909 5240  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:11:07.0915 5240  gupdatem - ok
14:11:07.0953 5240  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:11:07.0964 5240  HdAudAddService - ok
14:11:08.0022 5240  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:11:08.0052 5240  HDAudBus - ok
14:11:08.0130 5240  [ 0457348421B377D172E893573D5CFE28 ] HH9Help.sys     C:\Windows\system32\drivers\HH9Help.sys
14:11:08.0136 5240  HH9Help.sys - ok
14:11:08.0157 5240  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:11:08.0195 5240  HidBth - ok
14:11:08.0227 5240  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:11:08.0265 5240  HidIr - ok
14:11:08.0317 5240  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
14:11:08.0335 5240  hidserv - ok
14:11:08.0346 5240  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:11:08.0363 5240  HidUsb - ok
14:11:08.0384 5240  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:11:08.0410 5240  hkmsvc - ok
14:11:08.0476 5240  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:11:08.0480 5240  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:11:08.0480 5240  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:11:08.0506 5240  [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv        C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
14:11:08.0511 5240  HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
14:11:08.0511 5240  HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
14:11:08.0535 5240  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:11:08.0541 5240  HpCISSs - ok
14:11:08.0576 5240  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:11:08.0593 5240  HTTP - ok
14:11:08.0636 5240  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:11:08.0642 5240  i2omp - ok
14:11:08.0679 5240  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:11:08.0697 5240  i8042prt - ok
14:11:08.0727 5240  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:11:08.0737 5240  iaStorV - ok
14:11:08.0838 5240  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:11:08.0843 5240  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:11:08.0843 5240  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:11:08.0913 5240  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:08.0934 5240  idsvc - ok
14:11:08.0977 5240  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:11:08.0984 5240  iirsp - ok
14:11:09.0056 5240  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
14:11:09.0080 5240  IKEEXT - ok
14:11:09.0145 5240  [ 96B0A408842B0E214EDCB41E89438999 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:11:09.0211 5240  IntcAzAudAddService - ok
14:11:09.0252 5240  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
14:11:09.0259 5240  intelide - ok
14:11:09.0281 5240  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:11:09.0306 5240  intelppm - ok
14:11:09.0329 5240  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:11:09.0355 5240  IPBusEnum - ok
14:11:09.0389 5240  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:09.0407 5240  IpFilterDriver - ok
14:11:09.0410 5240  IpInIp - ok
14:11:09.0464 5240  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:11:09.0489 5240  IPMIDRV - ok
14:11:09.0501 5240  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:11:09.0527 5240  IPNAT - ok
14:11:09.0546 5240  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:11:09.0571 5240  IRENUM - ok
14:11:09.0619 5240  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:11:09.0625 5240  isapnp - ok
14:11:09.0659 5240  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:11:09.0668 5240  iScsiPrt - ok
14:11:09.0691 5240  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:11:09.0697 5240  iteatapi - ok
14:11:09.0743 5240  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:11:09.0749 5240  iteraid - ok
14:11:09.0767 5240  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:09.0774 5240  kbdclass - ok
14:11:09.0793 5240  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:09.0810 5240  kbdhid - ok
14:11:09.0830 5240  [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso          C:\Windows\system32\lsass.exe
14:11:09.0839 5240  KeyIso - ok
14:11:09.0852 5240  [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:11:09.0867 5240  KSecDD - ok
14:11:09.0881 5240  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:11:09.0905 5240  ksthunk - ok
14:11:09.0921 5240  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:11:09.0952 5240  KtmRm - ok
14:11:10.0040 5240  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:11:10.0051 5240  LanmanServer - ok
14:11:10.0068 5240  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:11:10.0080 5240  LanmanWorkstation - ok
14:11:10.0101 5240  [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:11:10.0105 5240  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:11:10.0105 5240  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:11:10.0129 5240  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
14:11:10.0135 5240  lirsgt - ok
14:11:10.0148 5240  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:11:10.0173 5240  lltdio - ok
14:11:10.0201 5240  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:11:10.0229 5240  lltdsvc - ok
14:11:10.0252 5240  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:11:10.0278 5240  lmhosts - ok
14:11:10.0305 5240  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:11:10.0312 5240  LSI_FC - ok
14:11:10.0326 5240  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:11:10.0334 5240  LSI_SAS - ok
14:11:10.0352 5240  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:11:10.0360 5240  LSI_SCSI - ok
14:11:10.0391 5240  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:11:10.0417 5240  luafv - ok
14:11:10.0483 5240  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
14:11:10.0492 5240  McComponentHostService - ok
14:11:10.0510 5240  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:11:10.0519 5240  Mcx2Svc - ok
14:11:10.0563 5240  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
14:11:10.0570 5240  megasas - ok
14:11:10.0596 5240  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:11:10.0609 5240  MegaSR - ok
14:11:10.0631 5240  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
14:11:10.0656 5240  MMCSS - ok
14:11:10.0682 5240  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
14:11:10.0706 5240  Modem - ok
14:11:10.0739 5240  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:11:10.0764 5240  monitor - ok
14:11:10.0775 5240  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:11:10.0782 5240  mouclass - ok
14:11:10.0794 5240  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:11:10.0819 5240  mouhid - ok
14:11:10.0828 5240  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:11:10.0834 5240  MountMgr - ok
14:11:10.0866 5240  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:11:10.0873 5240  mpio - ok
14:11:10.0916 5240  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:11:10.0934 5240  mpsdrv - ok
14:11:10.0959 5240  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:11:10.0965 5240  Mraid35x - ok
14:11:10.0993 5240  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:11:11.0004 5240  MRxDAV - ok
14:11:11.0046 5240  [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:11.0055 5240  mrxsmb - ok
14:11:11.0083 5240  [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:11.0094 5240  mrxsmb10 - ok
14:11:11.0114 5240  [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:11.0123 5240  mrxsmb20 - ok
14:11:11.0148 5240  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:11:11.0155 5240  msahci - ok
14:11:11.0169 5240  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:11:11.0176 5240  msdsm - ok
14:11:11.0194 5240  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
14:11:11.0220 5240  MSDTC - ok
14:11:11.0247 5240  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:11:11.0272 5240  Msfs - ok
14:11:11.0286 5240  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:11:11.0293 5240  msisadrv - ok
14:11:11.0319 5240  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:11:11.0346 5240  MSiSCSI - ok
14:11:11.0349 5240  msiserver - ok
14:11:11.0378 5240  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:11:11.0407 5240  MSKSSRV - ok
14:11:11.0430 5240  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:11.0455 5240  MSPCLOCK - ok
14:11:11.0468 5240  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:11:11.0492 5240  MSPQM - ok
14:11:11.0513 5240  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:11:11.0523 5240  MsRPC - ok
14:11:11.0557 5240  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:11:11.0564 5240  mssmbios - ok
14:11:11.0574 5240  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:11:11.0598 5240  MSTEE - ok
14:11:11.0602 5240  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:11:11.0609 5240  Mup - ok
14:11:11.0627 5240  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
14:11:11.0652 5240  napagent - ok
14:11:11.0711 5240  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:11:11.0722 5240  NativeWifiP - ok
14:11:11.0780 5240  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:11:11.0799 5240  NDIS - ok
14:11:11.0818 5240  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:11.0836 5240  NdisTapi - ok
14:11:11.0857 5240  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:11.0882 5240  Ndisuio - ok
14:11:11.0917 5240  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:11.0936 5240  NdisWan - ok
14:11:11.0943 5240  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:11:11.0961 5240  NDProxy - ok
14:11:11.0974 5240  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:11:11.0999 5240  NetBIOS - ok
14:11:12.0052 5240  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:11:12.0072 5240  netbt - ok
14:11:12.0080 5240  [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon        C:\Windows\system32\lsass.exe
14:11:12.0090 5240  Netlogon - ok
14:11:12.0110 5240  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
14:11:12.0141 5240  Netman - ok
14:11:12.0205 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:12.0212 5240  NetMsmqActivator - ok
14:11:12.0263 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:12.0270 5240  NetPipeActivator - ok
14:11:12.0293 5240  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
14:11:12.0321 5240  netprofm - ok
14:11:12.0325 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:12.0332 5240  NetTcpActivator - ok
14:11:12.0335 5240  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:11:12.0342 5240  NetTcpPortSharing - ok
14:11:12.0369 5240  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:11:12.0375 5240  nfrd960 - ok
14:11:12.0455 5240  [ 473AB3856CA286A616998CB34762EB6D ] nHancer         E:\Program Files\nHancer\nHancerService.exe
14:11:12.0459 5240  nHancer ( UnsignedFile.Multi.Generic ) - warning
14:11:12.0459 5240  nHancer - detected UnsignedFile.Multi.Generic (1)
14:11:12.0480 5240  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:11:12.0508 5240  NlaSvc - ok
14:11:12.0578 5240  [ C71311E06C2CF6A4E3AB84404E1BE8C3 ] nlsvc           C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
14:11:12.0593 5240  nlsvc ( UnsignedFile.Multi.Generic ) - warning
14:11:12.0593 5240  nlsvc - detected UnsignedFile.Multi.Generic (1)
14:11:12.0642 5240  [ D4E38BF6563C88445FBDFDFFE0308BAF ] nltdi           C:\Windows\system32\drivers\nltdi.sys
14:11:12.0649 5240  nltdi - ok
14:11:12.0670 5240  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:11:12.0688 5240  Npfs - ok
14:11:12.0732 5240  npggsvc - ok
14:11:12.0792 5240  [ CA79C58B966C16B2CC4A3FD3F6AD5EC1 ] npkcft64        C:\Windows\SysWOW64\npkcft64.sys
14:11:12.0799 5240  npkcft64 - ok
14:11:12.0821 5240  [ 93B9A6B06C873A425AB18A834CD381D0 ] npkcmsvc        C:\Windows\SysWOW64\npkcmsvc.exe
14:11:12.0830 5240  npkcmsvc - ok
14:11:12.0848 5240  [ FBAC9BDA9E3CAB742EF9D10FF23201E1 ] npkuft64        C:\Windows\SysWOW64\npkuft64.sys
14:11:12.0855 5240  npkuft64 - ok
14:11:12.0858 5240  NPPTNT2 - ok
14:11:12.0871 5240  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
14:11:12.0897 5240  nsi - ok
14:11:12.0903 5240  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:11:12.0928 5240  nsiproxy - ok
14:11:12.0983 5240  [ 213866EF6F9E75131CE844130F172ABF ] NSPService      C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe
14:11:12.0998 5240  NSPService - ok
14:11:13.0047 5240  [ 79BC85B1D188DADC51BA02A977BF4985 ] NSPUpdateService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
14:11:13.0074 5240  NSPUpdateService - ok
14:11:13.0149 5240  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:11:13.0234 5240  Ntfs - ok
14:11:13.0331 5240  nTuneService - ok
14:11:13.0343 5240  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
14:11:13.0368 5240  Null - ok
14:11:13.0560 5240  [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:11:13.0815 5240  nvlddmkm - ok
14:11:13.0847 5240  [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64        C:\Windows\system32\DRIVERS\nvoclk64.sys
14:11:13.0853 5240  nvoclk64 - ok
14:11:13.0873 5240  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:11:13.0881 5240  nvraid - ok
14:11:13.0892 5240  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:11:13.0899 5240  nvstor - ok
14:11:13.0960 5240  [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:11:13.0981 5240  nvsvc - ok
14:11:14.0041 5240  [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:11:14.0085 5240  nvUpdatusService - ok
14:11:14.0128 5240  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:11:14.0136 5240  nv_agp - ok
14:11:14.0139 5240  NwlnkFlt - ok
14:11:14.0142 5240  NwlnkFwd - ok
14:11:14.0189 5240  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:11:14.0207 5240  ohci1394 - ok
14:11:14.0253 5240  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:11:14.0273 5240  p2pimsvc - ok
14:11:14.0336 5240  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
14:11:14.0356 5240  p2psvc - ok
14:11:14.0388 5240  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
14:11:14.0427 5240  Parport - ok
14:11:14.0440 5240  [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:11:14.0448 5240  partmgr - ok
14:11:14.0477 5240  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:11:14.0489 5240  PcaSvc - ok
14:11:14.0637 5240  [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
14:11:14.0643 5240  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
14:11:14.0643 5240  PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
14:11:14.0662 5240  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
14:11:14.0670 5240  pci - ok
14:11:14.0686 5240  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:11:14.0693 5240  pciide - ok
14:11:14.0722 5240  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:11:14.0730 5240  pcmcia - ok
14:11:14.0771 5240  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:11:14.0818 5240  PEAUTH - ok
14:11:14.0895 5240  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:11:14.0921 5240  PerfHost - ok
14:11:14.0961 5240  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
14:11:14.0998 5240  pla - ok
14:11:15.0055 5240  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:11:15.0077 5240  PlugPlay - ok
14:11:15.0093 5240  PnkBstrA - ok
14:11:15.0136 5240  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:11:15.0156 5240  PNRPAutoReg - ok
14:11:15.0211 5240  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:11:15.0231 5240  PNRPsvc - ok
14:11:15.0291 5240  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:11:15.0316 5240  PolicyAgent - ok
14:11:15.0387 5240  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:11:15.0405 5240  PptpMiniport - ok
14:11:15.0412 5240  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:11:15.0437 5240  Processor - ok
14:11:15.0477 5240  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
14:11:15.0497 5240  ProfSvc - ok
14:11:15.0513 5240  [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:11:15.0522 5240  ProtectedStorage - ok
14:11:15.0555 5240  [ 1D0A3F565397D08707F3D75B88586645 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
14:11:15.0562 5240  Ps2 - ok
14:11:15.0597 5240  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:11:15.0615 5240  PSched - ok
14:11:15.0643 5240  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:11:15.0670 5240  ql2300 - ok
14:11:15.0710 5240  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:11:15.0718 5240  ql40xx - ok
14:11:15.0747 5240  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
14:11:15.0761 5240  QWAVE - ok
14:11:15.0770 5240  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:11:15.0780 5240  QWAVEdrv - ok
14:11:15.0789 5240  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:11:15.0814 5240  RasAcd - ok
14:11:15.0819 5240  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
14:11:15.0848 5240  RasAuto - ok
14:11:15.0873 5240  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:15.0892 5240  Rasl2tp - ok
14:11:15.0898 5240  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
14:11:15.0919 5240  RasMan - ok
14:11:15.0962 5240  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:15.0980 5240  RasPppoe - ok
14:11:16.0001 5240  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:11:16.0010 5240  RasSstp - ok
14:11:16.0038 5240  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:11:16.0058 5240  rdbss - ok
14:11:16.0068 5240  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:16.0093 5240  RDPCDD - ok
14:11:16.0124 5240  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:11:16.0151 5240  rdpdr - ok
14:11:16.0154 5240  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:11:16.0180 5240  RDPENCDD - ok
14:11:16.0204 5240  [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:11:16.0223 5240  RDPWD - ok
14:11:16.0257 5240  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:11:16.0284 5240  RemoteAccess - ok
14:11:16.0337 5240  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:11:16.0358 5240  RemoteRegistry - ok
14:11:16.0377 5240  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
14:11:16.0386 5240  RpcLocator - ok
14:11:16.0459 5240  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
14:11:16.0488 5240  RpcSs - ok
14:11:16.0521 5240  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:11:16.0546 5240  rspndr - ok
14:11:16.0622 5240  [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
14:11:16.0638 5240  RTL8169 - ok
14:11:16.0646 5240  [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs           C:\Windows\system32\lsass.exe
14:11:16.0655 5240  SamSs - ok
14:11:16.0681 5240  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:11:16.0688 5240  sbp2port - ok
14:11:16.0740 5240  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:11:16.0760 5240  SCardSvr - ok
14:11:16.0791 5240  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
14:11:16.0814 5240  Schedule - ok
14:11:16.0867 5240  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:11:16.0885 5240  SCPolicySvc - ok
14:11:16.0906 5240  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:11:16.0917 5240  SDRSVC - ok
14:11:16.0924 5240  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:11:16.0962 5240  secdrv - ok
14:11:16.0967 5240  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
14:11:16.0994 5240  seclogon - ok
14:11:17.0001 5240  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
14:11:17.0028 5240  SENS - ok
14:11:17.0048 5240  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:11:17.0086 5240  Serenum - ok
14:11:17.0109 5240  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
14:11:17.0147 5240  Serial - ok
14:11:17.0182 5240  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:11:17.0207 5240  sermouse - ok
14:11:17.0227 5240  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:11:17.0254 5240  SessionEnv - ok
14:11:17.0287 5240  [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
14:11:17.0293 5240  sfdrv01 - ok
14:11:17.0307 5240  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:11:17.0332 5240  sffdisk - ok
14:11:17.0343 5240  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:11:17.0368 5240  sffp_mmc - ok
14:11:17.0378 5240  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:11:17.0403 5240  sffp_sd - ok
14:11:17.0429 5240  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
14:11:17.0435 5240  sfhlp02 - ok
14:11:17.0447 5240  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:11:17.0485 5240  sfloppy - ok
14:11:17.0513 5240  [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
14:11:17.0519 5240  sfsync04 - ok
14:11:17.0575 5240  [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:11:17.0597 5240  ShellHWDetection - ok
14:11:17.0608 5240  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:11:17.0614 5240  SiSRaid2 - ok
14:11:17.0630 5240  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:11:17.0637 5240  SiSRaid4 - ok
14:11:17.0694 5240  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     E:\Program Files (x86)\Skype\Updater\Updater.exe
14:11:17.0701 5240  SkypeUpdate - ok
14:11:17.0781 5240  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
14:11:17.0860 5240  slsvc - ok
14:11:17.0929 5240  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:11:17.0948 5240  SLUINotify - ok
14:11:18.0003 5240  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:11:18.0021 5240  Smb - ok
14:11:18.0029 5240  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:11:18.0040 5240  SNMPTRAP - ok
14:11:18.0058 5240  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
14:11:18.0065 5240  spldr - ok
14:11:18.0122 5240  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
14:11:18.0135 5240  Spooler - ok
14:11:18.0189 5240  [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd            C:\Windows\System32\Drivers\sptd.sys
14:11:18.0189 5240  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF
14:11:18.0190 5240  sptd ( LockedFile.Multi.Generic ) - warning
14:11:18.0190 5240  sptd - detected LockedFile.Multi.Generic (1)
14:11:18.0254 5240  [ 8CD33A47CA02C79038B669F31F95BDAC ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:11:18.0267 5240  srv - ok
14:11:18.0331 5240  [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:11:18.0341 5240  srv2 - ok
14:11:18.0346 5240  [ 2B8C340F830C465F514D966F7E6A822F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:11:18.0355 5240  srvnet - ok
14:11:18.0360 5240  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:11:18.0388 5240  SSDPSRV - ok
14:11:18.0421 5240  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:11:18.0432 5240  SstpSvc - ok
14:11:18.0467 5240  Steam Client Service - ok
14:11:18.0510 5240  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
14:11:18.0528 5240  stisvc - ok
14:11:18.0577 5240  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:11:18.0583 5240  swenum - ok
14:11:18.0636 5240  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
14:11:18.0661 5240  swprv - ok
14:11:18.0706 5240  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:11:18.0712 5240  Symc8xx - ok
14:11:18.0744 5240  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:11:18.0751 5240  Sym_hi - ok
14:11:18.0763 5240  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:11:18.0770 5240  Sym_u3 - ok
14:11:18.0829 5240  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
14:11:18.0882 5240  SysMain - ok
14:11:18.0886 5240  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:11:18.0899 5240  TabletInputService - ok
14:11:18.0931 5240  tandpl - ok
14:11:18.0982 5240  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:11:19.0003 5240  TapiSrv - ok
14:11:19.0016 5240  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
14:11:19.0042 5240  TBS - ok
14:11:19.0085 5240  [ 0011810B5211FDACD784DE585262ECFE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:11:19.0116 5240  Tcpip - ok
14:11:19.0176 5240  [ 0011810B5211FDACD784DE585262ECFE ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:11:19.0208 5240  Tcpip6 - ok
14:11:19.0277 5240  [ CE3AE2BA7A076F0ADE9F48C598C1D15D ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:11:19.0286 5240  tcpipreg - ok
14:11:19.0303 5240  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:11:19.0328 5240  TDPIPE - ok
14:11:19.0352 5240  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:11:19.0376 5240  TDTCP - ok
14:11:19.0412 5240  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:11:19.0430 5240  tdx - ok
14:11:19.0440 5240  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:11:19.0448 5240  TermDD - ok
14:11:19.0492 5240  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
14:11:19.0518 5240  TermService - ok
14:11:19.0533 5240  [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes          C:\Windows\system32\shsvcs.dll
14:11:19.0555 5240  Themes - ok
14:11:19.0572 5240  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:11:19.0598 5240  THREADORDER - ok
14:11:19.0641 5240  [ 49916F9CE160399B868176298D7D1B18 ] TKCtrl          C:\Windows\system32\TKCtrl2k64.sys
14:11:19.0649 5240  TKCtrl - ok
14:11:19.0674 5240  [ D2DF92451F2F5D381171C2AAC50AD352 ] TKFsAvM         C:\Windows\system32\TKFsAv64.sys
14:11:19.0684 5240  TKFsAvM - ok
14:11:19.0723 5240  [ B62AE84BAFC7581FE3BF72B1BAFF7EB4 ] TkFsFtM         C:\Windows\system32\TKFsFt64.sys
14:11:19.0730 5240  TkFsFtM - ok
14:11:19.0767 5240  [ 9638CBC32E752C61BE3D2AC5F128A572 ] TKFWFV          C:\Windows\system32\TKFWFV64.sys
14:11:19.0774 5240  TKFWFV - ok
14:11:19.0811 5240  [ 39211E00F15B399938A1222064157061 ] TKFWVT          C:\Windows\system32\TKFWVT64.sys
14:11:19.0820 5240  TKFWVT - ok
14:11:19.0857 5240  [ A653DE4BB01789B987B1B67C253EF5AE ] TkIdsVt         C:\Windows\system32\TkIdsVt64.sys
14:11:19.0866 5240  TkIdsVt - ok
14:11:19.0871 5240  [ C78246370A8E2BA691A33DB2655FB77A ] TKPcFt          C:\Windows\system32\TKPcFtCb64.sys
14:11:19.0879 5240  TKPcFt - ok
14:11:19.0895 5240  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
14:11:19.0922 5240  TrkWks - ok
14:11:19.0987 5240  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:11:20.0005 5240  TrustedInstaller - ok
14:11:20.0026 5240  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:20.0051 5240  tssecsrv - ok
14:11:20.0081 5240  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:11:20.0090 5240  tunmp - ok
14:11:20.0119 5240  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:11:20.0128 5240  tunnel - ok
14:11:20.0149 5240  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:11:20.0156 5240  uagp35 - ok
14:11:20.0187 5240  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:11:20.0207 5240  udfs - ok
14:11:20.0214 5240  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:11:20.0241 5240  UI0Detect - ok
14:11:20.0263 5240  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:11:20.0270 5240  uliagpkx - ok
14:11:20.0294 5240  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:11:20.0303 5240  uliahci - ok
14:11:20.0330 5240  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:11:20.0337 5240  UlSata - ok
14:11:20.0357 5240  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:11:20.0365 5240  ulsata2 - ok
14:11:20.0386 5240  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:11:20.0412 5240  umbus - ok
14:11:20.0457 5240  UpdateCenterService - ok
14:11:20.0469 5240  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
14:11:20.0526 5240  upnphost - ok
14:11:20.0587 5240  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:20.0605 5240  usbccgp - ok
14:11:20.0625 5240  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:11:20.0664 5240  usbcir - ok
14:11:20.0693 5240  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:11:20.0710 5240  usbehci - ok
14:11:20.0730 5240  [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:11:20.0736 5240  usbfilter - ok
14:11:20.0747 5240  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:11:20.0767 5240  usbhub - ok
14:11:20.0781 5240  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:11:20.0798 5240  usbohci - ok
14:11:20.0827 5240  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:11:20.0853 5240  usbprint - ok
14:11:20.0857 5240  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:20.0875 5240  USBSTOR - ok
14:11:20.0888 5240  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:20.0906 5240  usbuhci - ok
14:11:20.0925 5240  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
14:11:20.0945 5240  UxSms - ok
14:11:20.0995 5240  [ 43D018A3ACBA1DCB0BD336476E122B69 ] VC9SecS         E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe
14:11:21.0002 5240  VC9SecS - ok
14:11:21.0074 5240  [ 53606539DE7E6225211F576A6EBFBA39 ] vcd9bus         C:\Windows\system32\DRIVERS\vcd9bus.sys
14:11:21.0080 5240  vcd9bus - ok
14:11:21.0136 5240  [ 689917FB02D3005CE98DB1FEA8A81E5C ] vdrv9000        C:\Windows\system32\DRIVERS\vdrv9000.sys
14:11:21.0142 5240  vdrv9000 - ok
14:11:21.0199 5240  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
14:11:21.0223 5240  vds - ok
14:11:21.0246 5240  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:21.0270 5240  vga - ok
14:11:21.0274 5240  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:11:21.0299 5240  VgaSave - ok
14:11:21.0314 5240  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
14:11:21.0321 5240  viaide - ok
14:11:21.0370 5240  [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm             C:\Windows\system32\Treiber\vmm.sys
14:11:21.0383 5240  vmm - ok
14:11:21.0401 5240  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:11:21.0408 5240  volmgr - ok
14:11:21.0494 5240  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:11:21.0508 5240  volmgrx - ok
14:11:21.0522 5240  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:11:21.0532 5240  volsnap - ok
14:11:21.0566 5240  [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
14:11:21.0572 5240  VPCNetS2 - ok
14:11:21.0589 5240  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:11:21.0597 5240  vsmraid - ok
14:11:21.0647 5240  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
14:11:21.0687 5240  VSS - ok
14:11:21.0753 5240  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
14:11:21.0777 5240  W32Time - ok
14:11:21.0806 5240  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:11:21.0845 5240  WacomPen - ok
14:11:21.0887 5240  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:11:21.0906 5240  Wanarp - ok
14:11:21.0909 5240  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:11:21.0927 5240  Wanarpv6 - ok
14:11:21.0941 5240  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:11:21.0960 5240  wcncsvc - ok
14:11:21.0972 5240  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:11:21.0992 5240  WcsPlugInService - ok
14:11:22.0016 5240  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
14:11:22.0022 5240  Wd - ok
14:11:22.0064 5240  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:11:22.0085 5240  Wdf01000 - ok
14:11:22.0114 5240  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:11:22.0142 5240  WdiServiceHost - ok
14:11:22.0145 5240  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:11:22.0172 5240  WdiSystemHost - ok
14:11:22.0185 5240  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
14:11:22.0198 5240  WebClient - ok
14:11:22.0204 5240  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:11:22.0232 5240  Wecsvc - ok
14:11:22.0242 5240  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:11:22.0262 5240  wercplsupport - ok
14:11:22.0271 5240  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
14:11:22.0292 5240  WerSvc - ok
14:11:22.0297 5240  WinHttpAutoProxySvc - ok
14:11:22.0367 5240  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:11:22.0386 5240  Winmgmt - ok
14:11:22.0447 5240  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:11:22.0505 5240  WinRM - ok
14:11:22.0551 5240  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:11:22.0570 5240  Wlansvc - ok
14:11:22.0715 5240  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:22.0778 5240  wlidsvc - ok
14:11:22.0795 5240  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:11:22.0803 5240  WmiAcpi - ok
14:11:22.0858 5240  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:11:22.0877 5240  wmiApSrv - ok
14:11:22.0886 5240  WMPNetworkSvc - ok
14:11:22.0899 5240  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:11:22.0911 5240  WPCSvc - ok
14:11:22.0956 5240  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:11:22.0967 5240  WPDBusEnum - ok
14:11:23.0105 5240  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:11:23.0127 5240  WPFFontCache_v0400 - ok
14:11:23.0159 5240  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:11:23.0184 5240  ws2ifsl - ok
14:11:23.0187 5240  WSearch - ok
14:11:23.0230 5240  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:23.0255 5240  WUDFRd - ok
14:11:23.0263 5240  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:11:23.0291 5240  wudfsvc - ok
14:11:23.0363 5240  X6va005 - ok
14:11:23.0392 5240  [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
14:11:23.0397 5240  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
14:11:23.0400 5240  ================ Scan global ===============================
14:11:23.0427 5240  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:11:23.0480 5240  [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
14:11:23.0496 5240  [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
14:11:23.0542 5240  [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
14:11:23.0546 5240  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
14:11:23.0546 5240  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
14:11:23.0547 5240  ================ Scan MBR ==================================
14:11:23.0575 5240  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
14:11:23.0977 5240  \Device\Harddisk0\DR0 - ok
14:11:23.0999 5240  [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1
14:11:24.0079 5240  \Device\Harddisk1\DR1 - ok
14:11:24.0079 5240  ================ Scan VBR ==================================
14:11:24.0081 5240  [ 27E9362AA78875B12248F97C95836487 ] \Device\Harddisk0\DR0\Partition1
14:11:24.0082 5240  \Device\Harddisk0\DR0\Partition1 - ok
14:11:24.0084 5240  [ 219370FB1439A3125D7F9E6F8724A60C ] \Device\Harddisk0\DR0\Partition2
14:11:24.0086 5240  \Device\Harddisk0\DR0\Partition2 - ok
14:11:24.0087 5240  [ 960CDE92622C58C393F6E4FC501C8B8C ] \Device\Harddisk1\DR1\Partition1
14:11:24.0089 5240  \Device\Harddisk1\DR1\Partition1 - ok
14:11:24.0089 5240  ============================================================
14:11:24.0089 5240  Scan finished
14:11:24.0089 5240  ============================================================
14:11:24.0096 5036  Detected object count: 10
14:11:24.0096 5036  Actual detected object count: 10
14:11:34.0182 5036  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0182 5036  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0183 5036  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0184 5036  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0184 5036  HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0185 5036  HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0185 5036  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0186 5036  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0186 5036  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0187 5036  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0188 5036  nHancer ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0188 5036  nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0189 5036  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0189 5036  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0190 5036  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:34.0190 5036  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0191 5036  sptd ( LockedFile.Multi.Generic ) - skipped by user
14:11:34.0191 5036  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
14:11:34.0233 5036  C:\Windows\system32\services.exe - copied to quarantine
14:11:37.0369 5036  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
14:11:37.0384 5036  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
14:11:37.0402 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\@ - copied to quarantine
14:11:37.0403 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@ - copied to quarantine
14:11:37.0404 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde - copied to quarantine
14:11:37.0406 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287 - copied to quarantine
14:11:37.0407 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000004.@ - copied to quarantine
14:11:37.0421 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000008.@ - copied to quarantine
14:11:37.0426 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\000000cb.@ - copied to quarantine
14:11:37.0440 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\80000000.@ - copied to quarantine
14:11:40.0065 5036  Backup copy not found, trying to cure infected file..
14:11:40.0066 5036  Cure success, using it..
14:11:40.0123 5036  C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
14:11:40.0123 5036  C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
14:11:40.0129 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\@ - will be deleted on reboot
14:11:40.0130 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000004.@ - will be deleted on reboot
14:11:40.0130 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000008.@ - will be deleted on reboot
14:11:40.0131 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\000000cb.@ - will be deleted on reboot
14:11:40.0131 5036  C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\80000000.@ - will be deleted on reboot
14:11:40.0134 5036  C:\Windows\system32\services.exe - will be cured on reboot
14:11:40.0134 5036  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure 
14:12:10.0004 1932  Deinitialize success
         


Alt 01.07.2013, 13:35   #6
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Und nen 2. Post, angeblich war alles in einen zu packen 12k Zeichen zu lang :/

Den vom Programm gewünschten Reboot ausgeführt und beim hochfahren eine ganze weile einen schwarzen Bildschirm gehabt. Mauzeiger war sicht- und bewegbar. Lief dann aber nach mehreren minuten alles normal weiter. Tdsskiller.exe hatte sich dann automatisch gestartet und hier der 2. log nach erneutem Scan:

Code:
ATTFilter
14:19:54.0032 3124  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:19:54.0500 3124  ============================================================
14:19:54.0500 3124  Current date / time: 2013/07/01 14:19:54.0500
14:19:54.0500 3124  SystemInfo:
14:19:54.0500 3124  
14:19:54.0500 3124  OS Version: 6.0.6002 ServicePack: 2.0
14:19:54.0500 3124  Product type: Workstation
14:19:54.0500 3124  ComputerName: GAST-PC
14:19:54.0500 3124  UserName: Gast
14:19:54.0500 3124  Windows directory: C:\Windows
14:19:54.0500 3124  System windows directory: C:\Windows
14:19:54.0500 3124  Running under WOW64
14:19:54.0500 3124  Processor architecture: Intel x64
14:19:54.0500 3124  Number of processors: 4
14:19:54.0500 3124  Page size: 0x1000
14:19:54.0500 3124  Boot type: Normal boot
14:19:54.0500 3124  ============================================================
14:20:07.0385 3124  BG loaded
14:20:07.0962 3124  Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:07.0994 3124  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:20:08.0025 3124  ============================================================
14:20:08.0025 3124  \Device\Harddisk0\DR0:
14:20:08.0025 3124  MBR partitions:
14:20:08.0025 3124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48AA5D70
14:20:08.0025 3124  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AA5DAF, BlocksNum 0x1D6E641
14:20:08.0025 3124  \Device\Harddisk1\DR1:
14:20:08.0025 3124  MBR partitions:
14:20:08.0025 3124  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
14:20:08.0025 3124  ============================================================
14:20:08.0103 3124  C: <-> \Device\Harddisk0\DR0\Partition1
14:20:08.0150 3124  E: <-> \Device\Harddisk1\DR1\Partition1
14:20:08.0337 3124  D: <-> \Device\Harddisk0\DR0\Partition2
14:20:08.0337 3124  ============================================================
14:20:08.0337 3124  Initialize success
14:20:08.0337 3124  ============================================================
14:26:07.0959 2704  ============================================================
14:26:07.0959 2704  Scan started
14:26:07.0959 2704  Mode: Manual; 
14:26:07.0959 2704  ============================================================
14:26:09.0194 2704  ================ Scan system memory ========================
14:26:09.0194 2704  System memory - ok
14:26:09.0194 2704  ================ Scan services =============================
14:26:09.0282 2704  Scan interrupted by user!
14:26:09.0282 2704  ================ Scan global ===============================
14:26:09.0282 2704  Scan interrupted by user!
14:26:09.0282 2704  ================ Scan MBR ==================================
14:26:09.0282 2704  Scan interrupted by user!
14:26:09.0282 2704  ================ Scan VBR ==================================
14:26:09.0282 2704  Scan interrupted by user!
14:26:09.0282 2704  ============================================================
14:26:09.0282 2704  Scan finished
14:26:09.0282 2704  ============================================================
14:26:09.0288 3528  Detected object count: 0
14:26:09.0288 3528  Actual detected object count: 0
14:26:16.0642 4312  ============================================================
14:26:16.0642 4312  Scan started
14:26:16.0642 4312  Mode: Manual; SigCheck; TDLFS; 
14:26:16.0642 4312  ============================================================
14:26:17.0322 4312  ================ Scan system memory ========================
14:26:17.0322 4312  System memory - ok
14:26:17.0322 4312  ================ Scan services =============================
14:26:17.0761 4312  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
14:26:17.0841 4312  AAV UpdateService - ok
14:26:17.0953 4312  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:26:17.0965 4312  ACPI - ok
14:26:18.0061 4312  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:18.0070 4312  AdobeFlashPlayerUpdateSvc - ok
14:26:18.0115 4312  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:26:18.0141 4312  adp94xx - ok
14:26:18.0199 4312  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:26:18.0213 4312  adpahci - ok
14:26:18.0276 4312  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:26:18.0284 4312  adpu160m - ok
14:26:18.0313 4312  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:26:18.0322 4312  adpu320 - ok
14:26:18.0368 4312  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:26:18.0405 4312  AeLookupSvc - ok
14:26:18.0480 4312  [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD             C:\Windows\system32\drivers\afd.sys
14:26:18.0502 4312  AFD - ok
14:26:18.0522 4312  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:26:18.0529 4312  agp440 - ok
14:26:18.0552 4312  [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s        C:\Windows\system32\drivers\ahcix64s.sys
14:26:18.0602 4312  ahcix64s - ok
14:26:18.0622 4312  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:26:18.0631 4312  aic78xx - ok
14:26:18.0644 4312  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
14:26:18.0669 4312  ALG - ok
14:26:18.0712 4312  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:26:18.0718 4312  aliide - ok
14:26:18.0731 4312  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
14:26:18.0738 4312  amdide - ok
14:26:18.0765 4312  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:26:18.0814 4312  AmdK8 - ok
14:26:18.0859 4312  [ 03E7D34FA978123760EE9DBA30930137 ] AMD_RAIDXpert   C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
14:26:18.0863 4312  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
14:26:18.0863 4312  AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
14:26:18.0871 4312  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
14:26:18.0880 4312  Appinfo - ok
14:26:18.0894 4312  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
14:26:18.0902 4312  arc - ok
14:26:18.0928 4312  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:26:18.0935 4312  arcsas - ok
14:26:19.0090 4312  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:26:19.0097 4312  aspnet_state - ok
14:26:19.0144 4312  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:26:19.0150 4312  aswFsBlk - ok
14:26:19.0217 4312  [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
14:26:19.0224 4312  aswFW - ok
14:26:19.0274 4312  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
14:26:19.0280 4312  aswKbd - ok
14:26:19.0335 4312  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:26:19.0341 4312  aswMonFlt - ok
14:26:19.0382 4312  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
14:26:19.0388 4312  aswNdis - ok
14:26:19.0460 4312  [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
14:26:19.0468 4312  aswNdis2 - ok
14:26:19.0497 4312  [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
14:26:19.0503 4312  AswRdr - ok
14:26:19.0553 4312  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:26:19.0560 4312  aswRvrt - ok
14:26:19.0601 4312  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:26:19.0671 4312  aswSnx - ok
14:26:19.0716 4312  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:26:19.0728 4312  aswSP - ok
14:26:19.0787 4312  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:26:19.0793 4312  aswTdi - ok
14:26:19.0872 4312  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:26:19.0907 4312  aswVmm - ok
14:26:19.0929 4312  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:26:19.0973 4312  AsyncMac - ok
14:26:19.0989 4312  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:26:19.0996 4312  atapi - ok
14:26:20.0015 4312  [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
14:26:20.0021 4312  AtiPcie - ok
14:26:20.0066 4312  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
14:26:20.0076 4312  atksgt - ok
14:26:20.0131 4312  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:26:20.0154 4312  AudioEndpointBuilder - ok
14:26:20.0298 4312  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:26:20.0321 4312  AudioSrv - ok
14:26:20.0570 4312  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:26:20.0576 4312  avast! Antivirus - ok
14:26:20.0631 4312  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
14:26:20.0638 4312  avast! Firewall - ok
14:26:20.0695 4312  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:26:20.0740 4312  blbdrive - ok
14:26:20.0783 4312  [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:26:20.0808 4312  bowser - ok
14:26:20.0833 4312  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:26:20.0851 4312  BrFiltLo - ok
14:26:20.0875 4312  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:26:20.0911 4312  BrFiltUp - ok
14:26:20.0950 4312  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
14:26:20.0976 4312  Browser - ok
14:26:21.0036 4312  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:26:21.0090 4312  Brserid - ok
14:26:21.0126 4312  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:26:21.0165 4312  BrSerWdm - ok
14:26:21.0174 4312  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:26:21.0213 4312  BrUsbMdm - ok
14:26:21.0230 4312  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:26:21.0268 4312  BrUsbSer - ok
14:26:21.0306 4312  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:26:21.0344 4312  BTHMODEM - ok
14:26:21.0372 4312  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:26:21.0398 4312  cdfs - ok
14:26:21.0450 4312  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:26:21.0467 4312  cdrom - ok
14:26:21.0664 4312  [ DFC81DD1112338DC8500E8A3E8ADE77D ] CEDRIVER60      E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys
14:26:21.0672 4312  CEDRIVER60 - ok
14:26:21.0710 4312  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:26:21.0728 4312  CertPropSvc - ok
14:26:21.0765 4312  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:26:21.0793 4312  circlass - ok
14:26:21.0835 4312  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
14:26:21.0852 4312  CLFS - ok
14:26:21.0944 4312  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:26:21.0952 4312  clr_optimization_v2.0.50727_32 - ok
14:26:22.0023 4312  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:26:22.0030 4312  clr_optimization_v2.0.50727_64 - ok
14:26:22.0163 4312  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:26:22.0170 4312  clr_optimization_v4.0.30319_32 - ok
14:26:22.0270 4312  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:26:22.0277 4312  clr_optimization_v4.0.30319_64 - ok
14:26:22.0298 4312  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:26:22.0305 4312  cmdide - ok
14:26:22.0329 4312  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:26:22.0335 4312  Compbatt - ok
14:26:22.0339 4312  COMSysApp - ok
14:26:22.0343 4312  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:26:22.0349 4312  crcdisk - ok
14:26:22.0374 4312  [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:26:22.0393 4312  CryptSvc - ok
14:26:22.0598 4312  [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc    E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
14:26:22.0603 4312  DAUpdaterSvc - ok
14:26:22.0877 4312  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:26:22.0919 4312  DcomLaunch - ok
14:26:22.0957 4312  [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:26:22.0975 4312  DfsC - ok
14:26:23.0097 4312  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
14:26:23.0199 4312  DFSR - ok
14:26:23.0329 4312  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:26:23.0348 4312  Dhcp - ok
14:26:23.0369 4312  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
14:26:23.0377 4312  disk - ok
14:26:23.0447 4312  [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:26:23.0466 4312  Dnscache - ok
14:26:23.0586 4312  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:26:23.0606 4312  dot3svc - ok
14:26:23.0717 4312  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
14:26:23.0743 4312  DPS - ok
14:26:23.0793 4312  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:26:23.0811 4312  drmkaud - ok
14:26:23.0833 4312  dump_wmimmc - ok
14:26:24.0180 4312  [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:26:24.0209 4312  DXGKrnl - ok
14:26:24.0278 4312  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
14:26:24.0317 4312  E1G60 - ok
14:26:24.0332 4312  EagleX64 - ok
14:26:24.0357 4312  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
14:26:24.0376 4312  EapHost - ok
14:26:24.0439 4312  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:26:24.0451 4312  Ecache - ok
14:26:24.0495 4312  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:26:24.0507 4312  ehRecvr - ok
14:26:24.0603 4312  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
14:26:24.0613 4312  ehSched - ok
14:26:24.0669 4312  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
14:26:24.0677 4312  ehstart - ok
14:26:24.0703 4312  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:26:24.0718 4312  elxstor - ok
14:26:24.0755 4312  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:26:24.0807 4312  EMDMgmt - ok
14:26:24.0855 4312  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:26:24.0876 4312  ErrDev - ok
14:26:24.0945 4312  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
14:26:24.0977 4312  EventSystem - ok
14:26:25.0061 4312  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:26:25.0088 4312  exfat - ok
14:26:25.0091 4312  ezSharedSvc - ok
14:26:25.0127 4312  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:26:25.0148 4312  fastfat - ok
14:26:25.0180 4312  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:26:25.0205 4312  fdc - ok
14:26:25.0226 4312  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
14:26:25.0251 4312  fdPHost - ok
14:26:25.0278 4312  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
14:26:25.0316 4312  FDResPub - ok
14:26:25.0369 4312  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:26:25.0378 4312  FileInfo - ok
14:26:25.0399 4312  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:26:25.0424 4312  Filetrace - ok
14:26:25.0444 4312  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:26:25.0469 4312  flpydisk - ok
14:26:25.0538 4312  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:26:25.0547 4312  FltMgr - ok
14:26:25.0634 4312  [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache       C:\Windows\system32\FntCache.dll
14:26:25.0687 4312  FontCache - ok
14:26:25.0785 4312  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:26:25.0790 4312  FontCache3.0.0.0 - ok
14:26:25.0837 4312  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:26:25.0854 4312  Fs_Rec - ok
14:26:25.0882 4312  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:26:25.0898 4312  gagp30kx - ok
14:26:26.0057 4312  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:26:26.0082 4312  GamesAppService - ok
14:26:26.0127 4312  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:26:26.0180 4312  gpsvc - ok
14:26:26.0259 4312  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:26:26.0267 4312  gupdate - ok
14:26:26.0276 4312  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:26:26.0283 4312  gupdatem - ok
14:26:26.0320 4312  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:26:26.0335 4312  HdAudAddService - ok
14:26:26.0380 4312  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:26:26.0430 4312  HDAudBus - ok
14:26:26.0497 4312  [ 0457348421B377D172E893573D5CFE28 ] HH9Help.sys     C:\Windows\system32\drivers\HH9Help.sys
14:26:26.0503 4312  HH9Help.sys - ok
14:26:26.0524 4312  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:26:26.0562 4312  HidBth - ok
14:26:26.0603 4312  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:26:26.0660 4312  HidIr - ok
14:26:26.0701 4312  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
14:26:26.0719 4312  hidserv - ok
14:26:26.0794 4312  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:26:26.0812 4312  HidUsb - ok
14:26:26.0926 4312  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:26:26.0952 4312  hkmsvc - ok
14:26:27.0093 4312  [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:26:27.0097 4312  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:26:27.0097 4312  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:26:27.0127 4312  [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv        C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
14:26:27.0132 4312  HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
14:26:27.0132 4312  HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
14:26:27.0160 4312  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:26:27.0167 4312  HpCISSs - ok
14:26:27.0226 4312  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:26:27.0243 4312  HTTP - ok
14:26:27.0286 4312  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:26:27.0299 4312  i2omp - ok
14:26:27.0330 4312  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:26:27.0348 4312  i8042prt - ok
14:26:27.0419 4312  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:26:27.0452 4312  iaStorV - ok
14:26:27.0556 4312  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:26:27.0560 4312  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:26:27.0560 4312  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:26:27.0681 4312  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:26:27.0716 4312  idsvc - ok
14:26:27.0761 4312  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:26:27.0790 4312  iirsp - ok
14:26:27.0865 4312  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
14:26:27.0889 4312  IKEEXT - ok
14:26:27.0971 4312  [ 96B0A408842B0E214EDCB41E89438999 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:26:28.0090 4312  IntcAzAudAddService - ok
14:26:28.0161 4312  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
14:26:28.0168 4312  intelide - ok
14:26:28.0190 4312  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:26:28.0215 4312  intelppm - ok
14:26:28.0304 4312  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:26:28.0330 4312  IPBusEnum - ok
14:26:28.0365 4312  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:28.0427 4312  IpFilterDriver - ok
14:26:28.0430 4312  IpInIp - ok
14:26:28.0448 4312  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:26:28.0474 4312  IPMIDRV - ok
14:26:28.0496 4312  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:26:28.0522 4312  IPNAT - ok
14:26:28.0538 4312  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:26:28.0564 4312  IRENUM - ok
14:26:28.0611 4312  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:26:28.0618 4312  isapnp - ok
14:26:28.0668 4312  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:26:28.0677 4312  iScsiPrt - ok
14:26:28.0700 4312  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:26:28.0707 4312  iteatapi - ok
14:26:28.0751 4312  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:26:28.0758 4312  iteraid - ok
14:26:28.0776 4312  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:26:28.0783 4312  kbdclass - ok
14:26:28.0876 4312  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:26:28.0894 4312  kbdhid - ok
14:26:28.0955 4312  [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso          C:\Windows\system32\lsass.exe
14:26:28.0965 4312  KeyIso - ok
14:26:29.0215 4312  [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:26:29.0260 4312  KSecDD - ok
14:26:29.0314 4312  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:26:29.0339 4312  ksthunk - ok
14:26:29.0380 4312  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:26:29.0411 4312  KtmRm - ok
14:26:29.0533 4312  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:26:29.0544 4312  LanmanServer - ok
14:26:29.0571 4312  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:26:29.0583 4312  LanmanWorkstation - ok
14:26:29.0643 4312  [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:26:29.0647 4312  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:26:29.0647 4312  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:26:29.0680 4312  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
14:26:29.0686 4312  lirsgt - ok
14:26:29.0707 4312  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:26:29.0731 4312  lltdio - ok
14:26:29.0970 4312  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:26:30.0030 4312  lltdsvc - ok
14:26:30.0044 4312  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:26:30.0070 4312  lmhosts - ok
14:26:30.0146 4312  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:26:30.0155 4312  LSI_FC - ok
14:26:30.0193 4312  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:26:30.0202 4312  LSI_SAS - ok
14:26:30.0219 4312  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:26:30.0228 4312  LSI_SCSI - ok
14:26:30.0260 4312  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:26:30.0285 4312  luafv - ok
14:26:30.0401 4312  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
14:26:30.0409 4312  McComponentHostService - ok
14:26:30.0452 4312  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:26:30.0462 4312  Mcx2Svc - ok
14:26:30.0505 4312  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
14:26:30.0512 4312  megasas - ok
14:26:30.0538 4312  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:26:30.0554 4312  MegaSR - ok
14:26:30.0598 4312  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
14:26:30.0624 4312  MMCSS - ok
14:26:30.0649 4312  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
14:26:30.0674 4312  Modem - ok
14:26:30.0706 4312  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:26:30.0731 4312  monitor - ok
14:26:30.0742 4312  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:26:30.0749 4312  mouclass - ok
14:26:30.0761 4312  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:26:30.0785 4312  mouhid - ok
14:26:30.0795 4312  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:26:30.0802 4312  MountMgr - ok
14:26:30.0833 4312  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:26:30.0841 4312  mpio - ok
14:26:30.0875 4312  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:26:30.0894 4312  mpsdrv - ok
14:26:30.0918 4312  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:26:30.0924 4312  Mraid35x - ok
14:26:30.0952 4312  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:26:30.0964 4312  MRxDAV - ok
14:26:31.0005 4312  [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:31.0014 4312  mrxsmb - ok
14:26:31.0042 4312  [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:31.0053 4312  mrxsmb10 - ok
14:26:31.0073 4312  [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:31.0082 4312  mrxsmb20 - ok
14:26:31.0107 4312  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:26:31.0114 4312  msahci - ok
14:26:31.0136 4312  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:26:31.0144 4312  msdsm - ok
14:26:31.0186 4312  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
14:26:31.0213 4312  MSDTC - ok
14:26:31.0239 4312  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:26:31.0264 4312  Msfs - ok
14:26:31.0278 4312  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:26:31.0285 4312  msisadrv - ok
14:26:31.0311 4312  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:26:31.0339 4312  MSiSCSI - ok
14:26:31.0342 4312  msiserver - ok
14:26:31.0378 4312  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:26:31.0403 4312  MSKSSRV - ok
14:26:31.0414 4312  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:31.0439 4312  MSPCLOCK - ok
14:26:31.0468 4312  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:26:31.0493 4312  MSPQM - ok
14:26:31.0513 4312  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:26:31.0525 4312  MsRPC - ok
14:26:31.0558 4312  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:26:31.0564 4312  mssmbios - ok
14:26:31.0574 4312  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:26:31.0599 4312  MSTEE - ok
14:26:31.0603 4312  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:26:31.0611 4312  Mup - ok
14:26:31.0628 4312  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
14:26:31.0652 4312  napagent - ok
14:26:31.0695 4312  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:26:31.0707 4312  NativeWifiP - ok
14:26:31.0814 4312  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:26:31.0836 4312  NDIS - ok
14:26:31.0852 4312  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:31.0870 4312  NdisTapi - ok
14:26:31.0891 4312  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:31.0917 4312  Ndisuio - ok
14:26:31.0943 4312  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:31.0961 4312  NdisWan - ok
14:26:31.0969 4312  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:26:31.0987 4312  NDProxy - ok
14:26:32.0000 4312  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:26:32.0025 4312  NetBIOS - ok
14:26:32.0078 4312  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:26:32.0097 4312  netbt - ok
14:26:32.0105 4312  [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon        C:\Windows\system32\lsass.exe
14:26:32.0114 4312  Netlogon - ok
14:26:32.0136 4312  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
14:26:32.0166 4312  Netman - ok
14:26:32.0230 4312  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:32.0238 4312  NetMsmqActivator - ok
14:26:32.0280 4312  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:32.0287 4312  NetPipeActivator - ok
14:26:32.0310 4312  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
14:26:32.0338 4312  netprofm - ok
14:26:32.0342 4312  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:32.0348 4312  NetTcpActivator - ok
14:26:32.0352 4312  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:26:32.0359 4312  NetTcpPortSharing - ok
14:26:32.0386 4312  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:26:32.0393 4312  nfrd960 - ok
14:26:32.0466 4312  [ 473AB3856CA286A616998CB34762EB6D ] nHancer         E:\Program Files\nHancer\nHancerService.exe
14:26:32.0469 4312  nHancer ( UnsignedFile.Multi.Generic ) - warning
14:26:32.0469 4312  nHancer - detected UnsignedFile.Multi.Generic (1)
14:26:32.0506 4312  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:26:32.0533 4312  NlaSvc - ok
14:26:32.0595 4312  [ C71311E06C2CF6A4E3AB84404E1BE8C3 ] nlsvc           C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
14:26:32.0611 4312  nlsvc ( UnsignedFile.Multi.Generic ) - warning
14:26:32.0611 4312  nlsvc - detected UnsignedFile.Multi.Generic (1)
14:26:32.0659 4312  [ D4E38BF6563C88445FBDFDFFE0308BAF ] nltdi           C:\Windows\system32\drivers\nltdi.sys
14:26:32.0667 4312  nltdi - ok
14:26:32.0687 4312  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:26:32.0705 4312  Npfs - ok
14:26:32.0740 4312  npggsvc - ok
14:26:32.0801 4312  [ CA79C58B966C16B2CC4A3FD3F6AD5EC1 ] npkcft64        C:\Windows\SysWOW64\npkcft64.sys
14:26:32.0809 4312  npkcft64 - ok
14:26:32.0830 4312  [ 93B9A6B06C873A425AB18A834CD381D0 ] npkcmsvc        C:\Windows\SysWOW64\npkcmsvc.exe
14:26:32.0838 4312  npkcmsvc - ok
14:26:32.0857 4312  [ FBAC9BDA9E3CAB742EF9D10FF23201E1 ] npkuft64        C:\Windows\SysWOW64\npkuft64.sys
14:26:32.0865 4312  npkuft64 - ok
14:26:32.0868 4312  NPPTNT2 - ok
14:26:32.0880 4312  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
14:26:32.0906 4312  nsi - ok
14:26:32.0920 4312  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:26:32.0945 4312  nsiproxy - ok
14:26:33.0039 4312  [ 213866EF6F9E75131CE844130F172ABF ] NSPService      C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe
14:26:33.0053 4312  NSPService - ok
14:26:33.0130 4312  [ 79BC85B1D188DADC51BA02A977BF4985 ] NSPUpdateService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
14:26:33.0172 4312  NSPUpdateService - ok
14:26:33.0241 4312  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:26:33.0290 4312  Ntfs - ok
14:26:33.0348 4312  nTuneService - ok
14:26:33.0360 4312  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
14:26:33.0385 4312  Null - ok
14:26:33.0577 4312  [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:26:33.0864 4312  nvlddmkm - ok
14:26:33.0906 4312  [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64        C:\Windows\system32\DRIVERS\nvoclk64.sys
14:26:33.0912 4312  nvoclk64 - ok
14:26:33.0932 4312  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:26:33.0941 4312  nvraid - ok
14:26:33.0951 4312  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:26:33.0958 4312  nvstor - ok
14:26:34.0010 4312  [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:26:34.0039 4312  nvsvc - ok
14:26:34.0092 4312  [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:26:34.0137 4312  nvUpdatusService - ok
14:26:34.0162 4312  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:26:34.0170 4312  nv_agp - ok
14:26:34.0173 4312  NwlnkFlt - ok
14:26:34.0176 4312  NwlnkFwd - ok
14:26:34.0207 4312  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:26:34.0226 4312  ohci1394 - ok
14:26:34.0270 4312  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:26:34.0312 4312  p2pimsvc - ok
14:26:34.0345 4312  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
14:26:34.0365 4312  p2psvc - ok
14:26:34.0397 4312  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
14:26:34.0436 4312  Parport - ok
14:26:34.0449 4312  [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:26:34.0458 4312  partmgr - ok
14:26:34.0486 4312  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:26:34.0498 4312  PcaSvc - ok
14:26:34.0588 4312  [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
14:26:34.0595 4312  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
14:26:34.0595 4312  PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
14:26:34.0612 4312  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
14:26:34.0621 4312  pci - ok
14:26:34.0636 4312  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:26:34.0643 4312  pciide - ok
14:26:34.0681 4312  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:26:34.0690 4312  pcmcia - ok
14:26:34.0729 4312  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:26:34.0778 4312  PEAUTH - ok
14:26:34.0854 4312  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:26:34.0882 4312  PerfHost - ok
14:26:34.0928 4312  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
14:26:35.0024 4312  pla - ok
14:26:35.0097 4312  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:26:35.0119 4312  PlugPlay - ok
14:26:35.0145 4312  PnkBstrA - ok
14:26:35.0220 4312  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:26:35.0242 4312  PNRPAutoReg - ok
14:26:35.0287 4312  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:26:35.0307 4312  PNRPsvc - ok
14:26:35.0375 4312  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:26:35.0412 4312  PolicyAgent - ok
14:26:35.0504 4312  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:26:35.0522 4312  PptpMiniport - ok
14:26:35.0579 4312  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:26:35.0604 4312  Processor - ok
14:26:35.0644 4312  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
14:26:35.0665 4312  ProfSvc - ok
14:26:35.0680 4312  [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:26:35.0689 4312  ProtectedStorage - ok
14:26:35.0722 4312  [ 1D0A3F565397D08707F3D75B88586645 ] Ps2             C:\Windows\system32\DRIVERS\PS2.sys
14:26:35.0730 4312  Ps2 - ok
14:26:35.0764 4312  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:26:35.0782 4312  PSched - ok
14:26:35.0810 4312  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:26:35.0855 4312  ql2300 - ok
14:26:35.0894 4312  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:26:35.0902 4312  ql40xx - ok
14:26:35.0948 4312  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
14:26:35.0961 4312  QWAVE - ok
14:26:35.0971 4312  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:26:35.0981 4312  QWAVEdrv - ok
14:26:35.0989 4312  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:26:36.0014 4312  RasAcd - ok
14:26:36.0028 4312  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
14:26:36.0055 4312  RasAuto - ok
14:26:36.0074 4312  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:36.0093 4312  Rasl2tp - ok
14:26:36.0099 4312  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
14:26:36.0121 4312  RasMan - ok
14:26:36.0163 4312  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:36.0180 4312  RasPppoe - ok
14:26:36.0201 4312  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:26:36.0212 4312  RasSstp - ok
14:26:36.0239 4312  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:26:36.0258 4312  rdbss - ok
14:26:36.0269 4312  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:36.0293 4312  RDPCDD - ok
14:26:36.0324 4312  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:26:36.0353 4312  rdpdr - ok
14:26:36.0356 4312  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:26:36.0382 4312  RDPENCDD - ok
14:26:36.0404 4312  [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:26:36.0425 4312  RDPWD - ok
14:26:36.0458 4312  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:26:36.0484 4312  RemoteAccess - ok
14:26:36.0537 4312  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:26:36.0558 4312  RemoteRegistry - ok
14:26:36.0577 4312  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
14:26:36.0587 4312  RpcLocator - ok
14:26:36.0643 4312  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
14:26:36.0672 4312  RpcSs - ok
14:26:36.0705 4312  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:26:36.0730 4312  rspndr - ok
14:26:36.0765 4312  [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
14:26:36.0780 4312  RTL8169 - ok
14:26:36.0788 4312  [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs           C:\Windows\system32\lsass.exe
14:26:36.0798 4312  SamSs - ok
14:26:36.0823 4312  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:26:36.0831 4312  sbp2port - ok
14:26:36.0883 4312  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:26:36.0903 4312  SCardSvr - ok
14:26:36.0933 4312  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
14:26:36.0956 4312  Schedule - ok
14:26:36.0959 4312  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:26:36.0977 4312  SCPolicySvc - ok
14:26:37.0023 4312  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:26:37.0034 4312  SDRSVC - ok
14:26:37.0041 4312  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:26:37.0079 4312  secdrv - ok
14:26:37.0085 4312  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
14:26:37.0111 4312  seclogon - ok
14:26:37.0118 4312  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
14:26:37.0146 4312  SENS - ok
14:26:37.0165 4312  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:26:37.0204 4312  Serenum - ok
14:26:37.0226 4312  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
14:26:37.0265 4312  Serial - ok
14:26:37.0291 4312  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:26:37.0334 4312  sermouse - ok
14:26:37.0361 4312  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:26:37.0387 4312  SessionEnv - ok
14:26:37.0421 4312  [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
14:26:37.0427 4312  sfdrv01 - ok
14:26:37.0441 4312  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:26:37.0465 4312  sffdisk - ok
14:26:37.0477 4312  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:26:37.0502 4312  sffp_mmc - ok
14:26:37.0512 4312  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:26:37.0537 4312  sffp_sd - ok
14:26:37.0563 4312  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
14:26:37.0569 4312  sfhlp02 - ok
14:26:37.0581 4312  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:26:37.0619 4312  sfloppy - ok
14:26:37.0646 4312  [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
14:26:37.0653 4312  sfsync04 - ok
14:26:37.0709 4312  [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:26:37.0730 4312  ShellHWDetection - ok
14:26:37.0742 4312  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:26:37.0749 4312  SiSRaid2 - ok
14:26:37.0763 4312  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:26:37.0771 4312  SiSRaid4 - ok
14:26:37.0838 4312  [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate     E:\Program Files (x86)\Skype\Updater\Updater.exe
14:26:37.0845 4312  SkypeUpdate - ok
14:26:37.0914 4312  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
14:26:37.0990 4312  slsvc - ok
14:26:38.0021 4312  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:26:38.0040 4312  SLUINotify - ok
14:26:38.0095 4312  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:26:38.0113 4312  Smb - ok
14:26:38.0121 4312  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:26:38.0132 4312  SNMPTRAP - ok
14:26:38.0150 4312  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
14:26:38.0157 4312  spldr - ok
14:26:38.0214 4312  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
14:26:38.0227 4312  Spooler - ok
14:26:38.0281 4312  [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd            C:\Windows\System32\Drivers\sptd.sys
14:26:38.0281 4312  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF
14:26:38.0282 4312  sptd ( LockedFile.Multi.Generic ) - warning
14:26:38.0282 4312  sptd - detected LockedFile.Multi.Generic (1)
14:26:38.0346 4312  [ 8CD33A47CA02C79038B669F31F95BDAC ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:26:38.0360 4312  srv - ok
14:26:38.0432 4312  [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:26:38.0442 4312  srv2 - ok
14:26:38.0446 4312  [ 2B8C340F830C465F514D966F7E6A822F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:26:38.0455 4312  srvnet - ok
14:26:38.0460 4312  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:26:38.0488 4312  SSDPSRV - ok
14:26:38.0513 4312  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:26:38.0525 4312  SstpSvc - ok
14:26:38.0559 4312  Steam Client Service - ok
14:26:38.0603 4312  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
14:26:38.0645 4312  stisvc - ok
14:26:38.0685 4312  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:26:38.0691 4312  swenum - ok
14:26:38.0745 4312  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
14:26:38.0769 4312  swprv - ok
14:26:38.0806 4312  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:26:38.0813 4312  Symc8xx - ok
14:26:38.0837 4312  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:26:38.0843 4312  Sym_hi - ok
14:26:38.0856 4312  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:26:38.0862 4312  Sym_u3 - ok
14:26:38.0920 4312  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
14:26:38.0952 4312  SysMain - ok
14:26:38.0956 4312  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:26:38.0968 4312  TabletInputService - ok
14:26:38.0998 4312  tandpl - ok
14:26:39.0049 4312  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:26:39.0071 4312  TapiSrv - ok
14:26:39.0083 4312  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
14:26:39.0110 4312  TBS - ok
14:26:39.0152 4312  [ 0011810B5211FDACD784DE585262ECFE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:26:39.0230 4312  Tcpip - ok
14:26:39.0275 4312  [ 0011810B5211FDACD784DE585262ECFE ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:26:39.0312 4312  Tcpip6 - ok
14:26:39.0361 4312  [ CE3AE2BA7A076F0ADE9F48C598C1D15D ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:26:39.0371 4312  tcpipreg - ok
14:26:39.0387 4312  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:26:39.0413 4312  TDPIPE - ok
14:26:39.0436 4312  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:26:39.0461 4312  TDTCP - ok
14:26:39.0513 4312  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:26:39.0531 4312  tdx - ok
14:26:39.0541 4312  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:26:39.0548 4312  TermDD - ok
14:26:39.0593 4312  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
14:26:39.0645 4312  TermService - ok
14:26:39.0692 4312  [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes          C:\Windows\system32\shsvcs.dll
14:26:39.0713 4312  Themes - ok
14:26:39.0731 4312  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:26:39.0757 4312  THREADORDER - ok
14:26:39.0799 4312  [ 49916F9CE160399B868176298D7D1B18 ] TKCtrl          C:\Windows\system32\TKCtrl2k64.sys
14:26:39.0808 4312  TKCtrl - ok
14:26:39.0833 4312  [ D2DF92451F2F5D381171C2AAC50AD352 ] TKFsAvM         C:\Windows\system32\TKFsAv64.sys
14:26:39.0843 4312  TKFsAvM - ok
14:26:39.0881 4312  [ B62AE84BAFC7581FE3BF72B1BAFF7EB4 ] TkFsFtM         C:\Windows\system32\TKFsFt64.sys
14:26:39.0889 4312  TkFsFtM - ok
14:26:39.0925 4312  [ 9638CBC32E752C61BE3D2AC5F128A572 ] TKFWFV          C:\Windows\system32\TKFWFV64.sys
14:26:39.0933 4312  TKFWFV - ok
14:26:39.0970 4312  [ 39211E00F15B399938A1222064157061 ] TKFWVT          C:\Windows\system32\TKFWVT64.sys
14:26:39.0979 4312  TKFWVT - ok
14:26:40.0016 4312  [ A653DE4BB01789B987B1B67C253EF5AE ] TkIdsVt         C:\Windows\system32\TkIdsVt64.sys
14:26:40.0024 4312  TkIdsVt - ok
14:26:40.0030 4312  [ C78246370A8E2BA691A33DB2655FB77A ] TKPcFt          C:\Windows\system32\TKPcFtCb64.sys
14:26:40.0037 4312  TKPcFt - ok
14:26:40.0053 4312  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
14:26:40.0081 4312  TrkWks - ok
14:26:40.0146 4312  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:26:40.0163 4312  TrustedInstaller - ok
14:26:40.0185 4312  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:40.0211 4312  tssecsrv - ok
14:26:40.0232 4312  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:26:40.0241 4312  tunmp - ok
14:26:40.0270 4312  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:26:40.0278 4312  tunnel - ok
14:26:40.0316 4312  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:26:40.0326 4312  uagp35 - ok
14:26:40.0354 4312  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:26:40.0377 4312  udfs - ok
14:26:40.0383 4312  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:26:40.0411 4312  UI0Detect - ok
14:26:40.0430 4312  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:26:40.0438 4312  uliagpkx - ok
14:26:40.0461 4312  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:26:40.0472 4312  uliahci - ok
14:26:40.0497 4312  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:26:40.0505 4312  UlSata - ok
14:26:40.0532 4312  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:26:40.0541 4312  ulsata2 - ok
14:26:40.0562 4312  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:26:40.0588 4312  umbus - ok
14:26:40.0675 4312  UpdateCenterService - ok
14:26:40.0877 4312  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
14:26:40.0928 4312  upnphost - ok
14:26:40.0962 4312  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:40.0980 4312  usbccgp - ok
14:26:41.0001 4312  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:26:41.0061 4312  usbcir - ok
14:26:41.0101 4312  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:26:41.0119 4312  usbehci - ok
14:26:41.0139 4312  [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
14:26:41.0144 4312  usbfilter - ok
14:26:41.0155 4312  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:26:41.0175 4312  usbhub - ok
14:26:41.0214 4312  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
14:26:41.0232 4312  usbohci - ok
14:26:41.0302 4312  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:26:41.0336 4312  usbprint - ok
14:26:41.0340 4312  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:41.0359 4312  USBSTOR - ok
14:26:41.0372 4312  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:26:41.0390 4312  usbuhci - ok
14:26:41.0409 4312  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
14:26:41.0429 4312  UxSms - ok
14:26:41.0489 4312  [ 43D018A3ACBA1DCB0BD336476E122B69 ] VC9SecS         E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe
14:26:41.0495 4312  VC9SecS - ok
14:26:41.0550 4312  [ 53606539DE7E6225211F576A6EBFBA39 ] vcd9bus         C:\Windows\system32\DRIVERS\vcd9bus.sys
14:26:41.0555 4312  vcd9bus - ok
14:26:41.0556 4312  Suspicious service (NoAccess): vdrv9000
14:26:41.0603 4312  [ 689917FB02D3005CE98DB1FEA8A81E5C ] vdrv9000        C:\Windows\system32\DRIVERS\vdrv9000.sys
14:26:41.0605 4312  vdrv9000 ( LockedService.Multi.Generic ) - warning
14:26:41.0605 4312  vdrv9000 - detected LockedService.Multi.Generic (1)
14:26:41.0657 4312  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
14:26:41.0682 4312  vds - ok
14:26:41.0704 4312  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:41.0730 4312  vga - ok
14:26:41.0733 4312  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:26:41.0758 4312  VgaSave - ok
14:26:41.0798 4312  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
14:26:41.0805 4312  viaide - ok
14:26:41.0846 4312  [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm             C:\Windows\system32\Treiber\vmm.sys
14:26:41.0855 4312  vmm - ok
14:26:41.0868 4312  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:26:41.0876 4312  volmgr - ok
14:26:41.0928 4312  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:26:41.0944 4312  volmgrx - ok
14:26:41.0956 4312  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:26:41.0967 4312  volsnap - ok
14:26:42.0000 4312  [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
14:26:42.0006 4312  VPCNetS2 - ok
14:26:42.0023 4312  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:26:42.0032 4312  vsmraid - ok
14:26:42.0089 4312  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
14:26:42.0129 4312  VSS - ok
14:26:42.0178 4312  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
14:26:42.0202 4312  W32Time - ok
14:26:42.0231 4312  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:26:42.0270 4312  WacomPen - ok
14:26:42.0338 4312  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:26:42.0356 4312  Wanarp - ok
14:26:42.0361 4312  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:26:42.0379 4312  Wanarpv6 - ok
14:26:42.0400 4312  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:26:42.0418 4312  wcncsvc - ok
14:26:42.0472 4312  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:26:42.0492 4312  WcsPlugInService - ok
14:26:42.0516 4312  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
14:26:42.0523 4312  Wd - ok
14:26:42.0556 4312  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:26:42.0589 4312  Wdf01000 - ok
14:26:42.0606 4312  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:26:42.0633 4312  WdiServiceHost - ok
14:26:42.0636 4312  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:26:42.0664 4312  WdiSystemHost - ok
14:26:42.0694 4312  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
14:26:42.0707 4312  WebClient - ok
14:26:42.0712 4312  [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:26:42.0741 4312  Wecsvc - ok
14:26:42.0751 4312  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:26:42.0771 4312  wercplsupport - ok
14:26:42.0780 4312  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
14:26:42.0800 4312  WerSvc - ok
14:26:42.0806 4312  WinHttpAutoProxySvc - ok
14:26:42.0884 4312  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:26:42.0904 4312  Winmgmt - ok
14:26:42.0955 4312  [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:26:43.0008 4312  WinRM - ok
14:26:43.0051 4312  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:26:43.0071 4312  Wlansvc - ok
14:26:43.0208 4312  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:26:43.0275 4312  wlidsvc - ok
14:26:43.0312 4312  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:26:43.0321 4312  WmiAcpi - ok
14:26:43.0375 4312  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:26:43.0395 4312  wmiApSrv - ok
14:26:43.0403 4312  WMPNetworkSvc - ok
14:26:43.0416 4312  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:26:43.0428 4312  WPCSvc - ok
14:26:43.0473 4312  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:26:43.0485 4312  WPDBusEnum - ok
14:26:43.0622 4312  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:26:43.0663 4312  WPFFontCache_v0400 - ok
14:26:43.0693 4312  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:26:43.0721 4312  ws2ifsl - ok
14:26:43.0724 4312  WSearch - ok
14:26:43.0755 4312  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:26:43.0783 4312  WUDFRd - ok
14:26:43.0797 4312  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:26:43.0826 4312  wudfsvc - ok
14:26:43.0897 4312  X6va005 - ok
14:26:43.0934 4312  [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
14:26:43.0940 4312  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
14:26:43.0942 4312  ================ Scan global ===============================
14:26:43.0961 4312  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:26:44.0013 4312  [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
14:26:44.0055 4312  [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll
14:26:44.0117 4312  [ F8DCE3BED869F69C9F7C562B943BC255 ] C:\Windows\system32\services.exe
14:26:44.0122 4312  [Global] - ok
14:26:44.0122 4312  ================ Scan MBR ==================================
14:26:44.0151 4312  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
14:26:44.0544 4312  \Device\Harddisk0\DR0 - ok
14:26:44.0568 4312  [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1
14:26:44.0647 4312  \Device\Harddisk1\DR1 - ok
14:26:44.0648 4312  ================ Scan VBR ==================================
14:26:44.0650 4312  [ 27E9362AA78875B12248F97C95836487 ] \Device\Harddisk0\DR0\Partition1
14:26:44.0651 4312  \Device\Harddisk0\DR0\Partition1 - ok
14:26:44.0653 4312  [ 219370FB1439A3125D7F9E6F8724A60C ] \Device\Harddisk0\DR0\Partition2
14:26:44.0654 4312  \Device\Harddisk0\DR0\Partition2 - ok
14:26:44.0656 4312  [ 960CDE92622C58C393F6E4FC501C8B8C ] \Device\Harddisk1\DR1\Partition1
14:26:44.0657 4312  \Device\Harddisk1\DR1\Partition1 - ok
14:26:44.0657 4312  ============================================================
14:26:44.0657 4312  Scan finished
14:26:44.0657 4312  ============================================================
14:26:44.0664 3084  Detected object count: 10
14:26:44.0664 3084  Actual detected object count: 10
14:26:57.0618 3084  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0618 3084  AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0619 3084  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0619 3084  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0620 3084  HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0620 3084  HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0621 3084  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0621 3084  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0622 3084  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0622 3084  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0623 3084  nHancer ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0623 3084  nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0624 3084  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0624 3084  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0625 3084  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
14:26:57.0625 3084  PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0626 3084  sptd ( LockedFile.Multi.Generic ) - skipped by user
14:26:57.0626 3084  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
14:26:57.0627 3084  vdrv9000 ( LockedService.Multi.Generic ) - skipped by user
14:26:57.0627 3084  vdrv9000 ( LockedService.Multi.Generic ) - User select action: Skip 
14:27:01.0777 3180  Deinitialize success
         

Kurzer Edit: Mir fällt gerade auf, das Avast! seit dem Reboot nichts mehr von Services.exe blocken will.

Alt 01.07.2013, 13:41   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Supi

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 14:00   #8
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Gast (administrator) on 01-07-2013 14:45:50
Running from C:\Users\Gast\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkcmsvc.exe
(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe
(INCA Internet Co.,Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\SysWOW64\BeepApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\vc9play.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9Tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKCU\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [EADM] "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x]
HKCU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: {139f4f8e-2e9f-11e0-b50d-002421172082} - L:\OblivionLauncher.exe
MountPoints2: {139f4f9c-2e9f-11e0-b50d-002421172082} - M:\setup.exe
MountPoints2: {164bed90-1e7b-11e0-aa79-002421172082} - L:\OblivionLauncher.exe
MountPoints2: {3f05954f-e5bd-11dd-9d91-806e6f6e6963} - F:\autorun.exe
MountPoints2: {e273aac0-cbc4-11de-ade2-002421172082} - K:\Autorun.exe
HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)
HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VC9Player] "E:\Program Files (x86)\Virtual CD v9\System\VC9Play.exe" [x]
HKLM-x32\...\Run: [nProtect GameGuard Personal 3.0] "E:\Program Files (x86)\INCAInternet\nProtect GameGuard Personal 3.0\nProtect GameGuard Personal 3.0\nspmain.exe" -tray [x]
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM SearchScopes: DefaultScope {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM-x32 - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM-x32 - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
HKCU SearchScopes: DefaultScope {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [51656 2009-05-22] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default
FF user.js: detected! => C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\user.js
FF SearchEngine: Facemoods Search
FF Homepage: hxxp://start.facemoods.com/?a=ddrnw
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\DTToolbar@toolbarnet.com
FF Extension: Facemoods - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\ffxtlbr@Facemoods.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: DownloadHelper - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: ZoneAlarm-Sicherheit Community Toolbar - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR HomePage: hxxp://start.facemoods.com/?a=ddrnw
CHR RestoreOnStartup: "hxxp://start.facemoods.com/?a=ddrnw"
CHR DefaultSearchURL: (facemoods) - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR DefaultSuggestURL: (facemoods) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.6.1_0\plugins/npProductDetectPlugin.dll (Hewlett-Packard)
CHR Plugin: (Adobe Acrobat) - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll No File
CHR Plugin: (Unity Player) - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Funmoods) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\2.1.0_0
CHR Extension: (Skype Click to Call) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (HP Product Detection Plugin) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.6.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S4 DAUpdaterSvc; E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
S2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 nHancer; E:\Program Files\nHancer\nHancerService.exe [39424 2010-05-02] (KSE - Korndörfer Software Engineering)
R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [817152 2010-03-25] (Locktime Software)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3813096 2010-06-20] (INCA Internet Co., Ltd.)
R2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [191008 2010-08-22] (INCA Internet Co., Ltd.)
R2 NSPService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe [581248 2011-09-16] (INCA Internet Co., Ltd.)
R2 NSPUpdateService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [1252840 2012-10-25] (INCA Internet Co.,Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] ()
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
R2 VC9SecS; E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe [132424 2009-04-21] (H+H Software GmbH)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-12] ()
S3 CEDRIVER60; E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] ()
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-12] ()
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software)
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software)
S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-12] ()
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
R3 TkFsFtM; C:\Windows\System32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.)
R3 TkFsFtM; C:\Windows\SysWow64\TKFsFt64.sys [22848 2011-03-28] (INCA Internet Co., Ltd.)
R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-28] (INCA Internet Co., Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [297496 2008-02-12] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 dump_wmimmc; \??\E:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S2 tandpl; System32\drivers\tandpl.sys [x]
S3 X6va005; \??\C:\Users\Gast\AppData\Local\Temp\00539A5.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST
2013-07-01 13:17 - 2013-07-01 14:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe
2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-01 10:02 - 2013-07-01 11:06 - 00000552 ____A C:\Windows\System32\spsys.log
2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-01 00:42 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-07-01 00:41 - 2013-07-01 00:42 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-01 00:41 - 2013-07-01 00:42 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-01 00:41 - 2013-05-09 10:59 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00059144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-07-01 00:41 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt
2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt
2013-07-01 00:40 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-07-01 00:40 - 2013-03-13 19:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache
2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache
2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 20:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-29 23:28 - 2013-06-30 09:54 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar
2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent
2013-06-26 12:30 - 2013-06-26 12:31 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk
2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime
2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar
2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar
2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar
2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip
2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar
2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor
2013-06-25 17:31 - 2013-06-25 17:32 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe
2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor  V4.2.rar
2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam]
2013-06-23 11:26 - 2013-06-23 11:29 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z
2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine                                                ) C:\Users\Gast\Downloads\CheatEngine63.exe
2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar
2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z
2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z
2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z
2013-06-16 14:16 - 2013-06-16 14:17 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z
2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip
2013-06-16 13:16 - 2013-06-16 13:18 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip
2013-06-16 13:15 - 2013-06-16 13:16 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip
2013-06-14 16:17 - 2013-06-16 19:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium
2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt
2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt
2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url
2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z
2013-06-09 00:02 - 2013-06-09 00:05 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip
2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality
2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url
2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip
2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip
2013-06-08 12:05 - 2013-06-08 12:06 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip
2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z
2013-06-01 15:26 - 2013-06-01 15:28 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z
2013-06-01 15:20 - 2013-06-01 15:22 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z
2013-06-01 15:20 - 2013-06-01 15:21 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z
2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z
2013-06-01 15:19 - 2013-06-01 15:20 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z
2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z
2013-06-01 15:16 - 2013-06-01 15:17 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z
2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar

==================== One Month Modified Files and Folders =======

2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST
2013-07-01 14:43 - 2010-07-10 20:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 14:24 - 2009-01-08 03:28 - 16557272 ____A C:\Windows\System32\perfh007.dat
2013-07-01 14:24 - 2009-01-08 03:28 - 05415116 ____A C:\Windows\System32\perfc007.dat
2013-07-01 14:24 - 2006-11-02 14:46 - 00006722 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 14:22 - 2010-11-12 20:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Deployment
2013-07-01 14:21 - 2012-08-22 17:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 14:18 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt
2013-07-01 14:14 - 2010-07-10 20:06 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 14:14 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 14:13 - 2010-12-17 20:20 - 00056114 ____A C:\Windows\PFRO.log
2013-07-01 14:13 - 2009-09-24 16:32 - 00380928 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-07-01 14:13 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 14:13 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 14:12 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 14:11 - 2013-07-01 13:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe
2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-01 11:25 - 2009-12-12 15:40 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 11:24 - 2010-04-08 10:31 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe
2013-07-01 11:06 - 2013-07-01 10:02 - 00000552 ____A C:\Windows\System32\spsys.log
2013-07-01 10:59 - 2010-12-22 15:04 - 00000000 ____D C:\Users\Gast\Desktop\Trainer
2013-07-01 10:58 - 2011-08-13 15:12 - 00000368 ____H C:\Windows\SysWOW64\nspgpinf.nsx
2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-01 00:42 - 2013-07-01 00:41 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-01 00:42 - 2013-07-01 00:41 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-01 00:41 - 2009-04-23 15:22 - 00000000 ____D C:\users\Gast
2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt
2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache
2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache
2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 20:40 - 2011-05-20 23:52 - 00001987 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-30 14:31 - 2009-08-14 19:34 - 00044032 ____A C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-30 14:29 - 2010-03-20 09:42 - 00000000 ____D C:\Users\Gast\AppData\Roaming\vlc
2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-30 09:57 - 2009-09-26 23:38 - 00000000 ____D C:\Users\Gast\AppData\Roaming\BitTorrent
2013-06-30 09:54 - 2013-06-29 23:28 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar
2013-06-30 02:05 - 2009-01-19 02:16 - 01694584 ____A C:\Windows\WindowsUpdate.log
2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent
2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\Users\Gast\AppData\Local\PMB Files
2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-27 09:22 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Skyrim
2013-06-26 12:31 - 2013-06-26 12:30 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk
2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime
2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar
2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar
2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar
2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip
2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar
2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor
2013-06-25 17:32 - 2013-06-25 17:31 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe
2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor  V4.2.rar
2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-06-25 11:34 - 2012-02-02 19:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\.minecraft
2013-06-24 10:01 - 2009-04-24 10:08 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam]
2013-06-23 11:29 - 2013-06-23 11:26 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z
2013-06-23 11:26 - 2010-12-22 15:03 - 00000000 ____D C:\Users\Gast\Desktop\Spiele
2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine                                                ) C:\Users\Gast\Downloads\CheatEngine63.exe
2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar
2013-06-21 08:48 - 2012-05-19 08:10 - 00007916 ____A C:\Users\Gast\AppData\Local\d3d9caps.dat
2013-06-20 11:10 - 2009-04-30 12:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-18 11:40 - 2010-12-10 13:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-16 19:10 - 2013-06-14 16:17 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium
2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z
2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z
2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z
2013-06-16 14:17 - 2013-06-16 14:16 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z
2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip
2013-06-16 13:18 - 2013-06-16 13:16 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip
2013-06-16 13:16 - 2013-06-16 13:15 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip
2013-06-14 16:29 - 2011-01-12 20:45 - 00566636 ____A C:\Windows\DirectX.log
2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt
2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt
2013-06-14 16:17 - 2009-10-25 08:56 - 00000000 ____D C:\Users\Gast\Documents\My Games
2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url
2013-06-12 17:21 - 2012-04-09 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:21 - 2011-06-01 07:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 00:05 - 2013-06-09 00:02 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip
2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z
2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality
2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url
2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip
2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip
2013-06-08 12:06 - 2013-06-08 12:05 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip
2013-06-05 19:24 - 2012-07-06 22:17 - 00000000 ____D C:\Users\Gast\AppData\Local\Origin
2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z
2013-06-01 15:28 - 2013-06-01 15:26 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z
2013-06-01 15:22 - 2013-06-01 15:20 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z
2013-06-01 15:21 - 2013-06-01 15:20 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z
2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z
2013-06-01 15:20 - 2013-06-01 15:19 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z
2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z
2013-06-01 15:17 - 2013-06-01 15:16 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z
2013-06-01 10:34 - 2013-05-31 21:13 - 00000000 ____D C:\Users\Gast\Desktop\Dont Starve
2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar

ZeroAccess:
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\76603ac3

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-09-24 16:32] - [2013-07-01 14:13] - 0380928 ____A (Microsoft Corporation) F8DCE3BED869F69C9F7C562B943BC255

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-01 14:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


und Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03
Ran by Gast at 2013-07-01 14:46:58
Running from C:\Users\Gast\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 1.8.4)
12noon Display Changer (x32 Version: 4.3.1.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AAVUpdateManager (x32 Version: 18.00.0000)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2)
Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
AMD USB Audio Driver Filter (x32 Version: 1.0.7.0031)
ANNO 2070 (x32 Version: 1.0.0.0)
APB Reloaded (x32)
ArtMoney SE v7.31 (x32 Version: 7.31)
AutoIt v3.3.6.1 (x32)
avast! Internet Security (x32 Version: 8.0.1489.0)
Battlelog Web Plugins (x32 Version: 1.122.0)
BILD-Steuer 2012 (x32 Version: 17.10)
BioShock 2 (x32 Version: 1.0.0003.131)
BioShock 2 (x32 Version: 1.00.0000)
BioShock Infinite Deutsch-Patch 1.0 (x32 Version: 1.0)
BitTorrent (x32)
Borderlands (x32)
Borderlands 2 (x32)
BOSS (x32 Version: 2.1.1)
BULLFROG GAMEPAD (x32 Version: 2002.10.8)
Call of Duty: Black Ops II - Multiplayer (x32)
Call of Duty: Black Ops II - Zombies (x32)
Call of Duty: Black Ops II (x32)
CCleaner (Version: 3.01)
Cheat Engine 6.0 (x32)
Cheat Engine 6.3 (x32)
Cheatbook 07.2009 (x32)
Comfort Keys Lite 4.3.3.0 (x32 Version: 4.3)
Command & Conquer 3 (x32 Version: 1.00.0000)
Command & Conquer™ Alarmstufe Rot 3 (x32 Version: 1.0.1.0)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0)
Company of Heroes (x32 Version: 2.602.0)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6425.1000)
Conquest of the New World Deluxe (x32)
Crysis(R) (x32 Version: 1.20.0000)
Crysis® 2 (x32 Version: 1.0.0.0)
Curse Client (HKCU Version: 4.0.1.104)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111)
DAEMON Tools Toolbar (x32 Version: 1.1.3.0244)
Dawn of War - Dark Crusade (x32 Version: 1.00.0000)
Dead Island (x32)
Dead Island Ryder White DLC (x32)
Dead Space™ 2 (x32 Version: 1.0.942.0)
Diablo III (x32 Version: 1.0.8.16603)
DivX-Setup (x32 Version: 2.6.1.28)
Dragon Age 2 DLC Pack 1 1.00 (x32)
Dragon Age II (x32 Version: 1.03)
Dragon Age II DLC PACK 1 (x32)
Dragon Age: Origins (x32 Version: 1.04)
Dungeon Siege III (x32)
Empire Earth II (x32)
Empire Earth II Gold Edition (x32)
EoD ver 1.0.0.0 (x32 Version: 1.0.0)
ESN Sonar (x32 Version: 0.70.0)
ESN Sonar (x32 Version: 0.70.4)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Explorer Suite III
Fable - The Lost Chapters (x32 Version: 1.00.0000)
Fable III (x32 Version: 1.0.0000.131)
Fable III (x32 Version: 1.0.0001.131)
FableTLCMod - Fable Explorer (x32 Version: 1.1.0.0)
Facemoods Toolbar (x32)
Fallout 3 (x32 Version: 1.00.0000)
Fallout Mod Manager 0.11.9 (x32)
Fallout Mod Manager 0.13.21 (x32)
Fallout New Vegas (x32 Version: v7)
Fallout New Vegas (x32)
Far Cry 3 (x32 Version: 1.01)
FEAR (x32 Version: 1.00.0000)
FOOK2 (x32 Version: v1.0)
Free Video Downloader & Converter 1.0.1 (x32 Version: 1.0.1)
Free Video to MP3 Converter version 4.0 (x32)
Free YouTube Download 2.7 (x32)
Gibbed's RED Tools version r21 (x32 Version: r21)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 5.2.1.1588)
Google Update Helper (x32 Version: 1.3.21.145)
Grand Ages Rome 1.11 (x32 Version: 1.11)
Guild 2 Patch 1.4 (x32 Version: 1.0.0)
Guild Wars 2 (x32)
Hardware Diagnose Tools (Version: 5.1.4976.17)
Hex-Editor MX (x32 Version: 6.0)
HijackThis 2.0.2 (x32 Version: 2.0.2)
HP Active Support Library (x32 Version: 3.1.9.1)
HP Customer Experience Enhancements (x32 Version: 5.7.0.2784)
HP Demo (x32 Version: 1.00.0000)
HP Easy Backup (x32 Version: 1.0.7.0)
HP MediaSmart DVD (x32 Version: 2.0.2213)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Picasso Media Center Add-In (x32 Version: 9.1.7.0)
HP Product Detection (x32 Version: 10.7.9.0)
HP Recovery Manager RSS (x32 Version: 91.0.0.10)
HP Total Care Advisor (x32 Version: 2.4.5106.2815)
HP Total Care Setup (x32 Version: 1.1.1983.2818)
HP Update (x32 Version: 4.000.012.001)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2)
ICQ7.6 (x32 Version: 7.6)
IrfanView (remove only) (x32)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 22 (x32 Version: 6.0.220)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Java(TM) 6 Update 7 (x32 Version: 1.6.0.70)
JDownloader 0.9 (x32 Version: 0.9)
K-Lite Codec Pack 4.0.0 (Full) (x32 Version: 4.0.0)
LabelPrint (x32 Version: 2.5.0904)
League of Legends (x32 Version: 1.02.0000)
LightScribe System Software  1.14.25.1 (x32 Version: 1.14.25.1)
Loadout (x32)
Magic Desktop (x32)
Magic ISO Maker v5.4 (build 0239) (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvel Heroes (x32)
Mass Effect (x32 Version: 1.00)
Mass Effect 2 (x32 Version: 1.02)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
MegaChecksum V1.3.0.2b (x32)
MegaTrainer eXperience V1.1.5.3 (x32)
MegaTrainer XL V1.5.8.0 (x32)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2416447) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE (x32 Version: 3.4.54.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6425.1000)
Microsoft Silverlight (x32 Version: 5.0.61118.0)
Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 11.0 (x86 de) (HKCU Version: 11.0)
Mozilla Firefox 7.0.1 (x86 de) (x32 Version: 7.0.1)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.35.7315)
My HP Games (x32 Version: 1.0.0.62)
NetLimiter 2 Monitor (remove only) (x32)
Nexus Mod Manager (Version: 0.44.10)
nHancer (Version: 2.5.0900)
nHancer (x32 Version: 2.5.0900)
NirSoft BlueScreenView (x32)
Notepad++ (x32 Version: 6.3.1)
nProtect GameGuard Personal 3.0 (x32 Version: 3.00.0000)
nProtect KeyCrypt (x32)
nProtect Security Platform (x32 Version: 3.00.0000)
NVIDIA Drivers (Version: 1.10)
NVIDIA Grafiktreiber 310.64 (Version: 310.64)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Performance (x32 Version: 6.5)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA System Monitor (x32 Version: 6.5)
NVIDIA System Update (x32 Version: 3.00)
NVIDIA Systemsteuerung 310.64 (Version: 310.64)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Oblivion (x32 Version: 1.00.0000)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2)
Origin (x32 Version: 8.6.0.357)
Pando Media Booster (x32 Version: 2.6.0.7)
Pflanzen gegen Zombies (x32)
Power2Go (x32 Version: 6.0.2112)
PowerDirector (x32 Version: 7.0.2202)
PunkBuster Services (x32 Version: 0.993)
Python 2.5.2 (x32 Version: 2.5.2150)
RAD Video Tools (x32)
RAIDXpert (x32 Version: 2.4.1540.18)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6101)
Risen - ModStarter 1.3.2.1 (Online Mods DB version) (x32)
Risen (x32 Version: 1.00.0000)
RTPatch Update (x32)
Saints Row The Third (x32)
Silent Storm (x32 Version: 1.2)
Sins of a Solar Empire Rebellion (c) Stardock version 1 (x32 Version: 1)
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 5.10 (x32 Version: 5.10.115)
Sniper Elite V2 (x32)
SpellForce 2 - Dragon Storm (x32 Version: 1.0.0)
SPORE Creature Creator Trial Edition (x32 Version: 1.00.0000)
Star Wars: The Old Republic (x32 Version: 1.00)
StarCraft II (x32 Version: 2.0.6.25180)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab (x32 Version: 4.1.72.0)
System Requirements Lab (x32)
System Requirements Lab CYRI (x32 Version: 5.0.6.0)
TeamExtreme Minecraft Installer 1.3.2 (x32)
TeamSpeak 3 Client
TechPowerUp GPU-Z (x32)
Testversion von Microsoft Office Home and Student 2007
The Elder Scrolls V Hearthfire DLC für die DEU & ENG Version 1.00 (x32)
The Elder Scrolls V Skyrim - Dawnguard DLC Deutsche Version PLus UPDATE 10 1.00 (x32)
The Elder Scrolls V Skyrim Creation-Kit (1.6.89.0) 1.6.89.0 (x32)
The Elder Scrolls V Skyrim Dragonborn DLC Deutsche Version 1.00 (x32 Version: 1.00)
The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Deutsche Version 1.00 (x32)
The Elder Scrolls V Skyrim Update 12 (1.9.29.0.8) Deutsche Version 1.9.29.0.8 (x32 Version: 1.9.29.0.8)
The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8 (x32 Version: 1.9.32.0.8)
The Elder Scrolls V Skyrim Update 9 (1.6.89.0.6) Deutsche Version 1.00 (x32)
The Secret World (x32 Version: 1.0.0)
The Witcher (x32 Version: 1.00.0000)
The Witcher 2 (x32 Version: 1.00.0000)
The Witcher Grafikmods 1.0 (x32)
Unepic (x32)
Uninstall 1.0.0.1 (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Uplay (x32 Version: 2.0)
Vampires Dawn II: Ancient Blood (MP3) (x32 Version: Vampires Dawn 2 - Version 1.23 (MP3))
Vampires Dawn: Reign of Blood (x32 Version: Vampires Dawn: Reign of Blood 1.31)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Virtual CD v9 (x32 Version: 9.30.1)
VLC media player 1.0.5 (x32 Version: 1.0.5)
War Leaders - Clash of Nations (x32 Version: 1.0)
Warframe (x32)
Warhammer 40000 Dawn of War II - Retribution (x32)
Warhammer® 40,000™: Dawn of War® II (x32)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live OneCare safety scanner (x32 Version: 1.0.0.0)
Windows Live OneCare safety scanner (x32)
WinRAR
World of Warcraft (x32 Version: 4.3.4.15595)
XCOM Enemy Unknown Deutsch Patch Version 1.0 (x32 Version: 1.0)
X-Ray SDK v0.4 (x32)

==================== Restore Points  =========================

04-05-2013 11:16:03 Geplanter Prüfpunkt
06-05-2013 19:48:55 Geplanter Prüfpunkt
07-05-2013 18:21:28 Geplanter Prüfpunkt
11-05-2013 19:28:11 Geplanter Prüfpunkt
18-05-2013 19:17:34 Geplanter Prüfpunkt
22-05-2013 15:19:54 DirectX wurde installiert
22-05-2013 15:21:49 Installed Ubisoft Game Launcher
29-05-2013 19:16:00 Geplanter Prüfpunkt
02-06-2013 05:59:21 Geplanter Prüfpunkt
04-06-2013 20:00:38 Geplanter Prüfpunkt
07-06-2013 05:50:37 Geplanter Prüfpunkt
08-06-2013 17:14:35 DirectX wurde installiert
08-06-2013 17:22:19 DirectX wurde installiert
08-06-2013 18:40:38 DirectX wurde installiert
09-06-2013 06:14:07 DirectX wurde installiert
09-06-2013 09:04:36 DirectX wurde installiert
09-06-2013 11:50:29 DirectX wurde installiert
09-06-2013 14:01:03 DirectX wurde installiert
09-06-2013 16:44:42 DirectX wurde installiert
09-06-2013 19:18:09 DirectX wurde installiert
10-06-2013 12:35:27 DirectX wurde installiert
10-06-2013 16:33:58 DirectX wurde installiert
12-06-2013 14:34:08 DirectX wurde installiert
14-06-2013 08:07:37 Geplanter Prüfpunkt
14-06-2013 14:16:38 DirectX wurde installiert
14-06-2013 14:22:42 DirectX wurde installiert
14-06-2013 14:29:35 DirectX wurde installiert
16-06-2013 11:03:00 Geplanter Prüfpunkt
17-06-2013 07:39:54 Geplanter Prüfpunkt
18-06-2013 11:15:41 Geplanter Prüfpunkt
20-06-2013 21:18:44 Geplanter Prüfpunkt
21-06-2013 21:37:23 Geplanter Prüfpunkt
23-06-2013 11:59:06 Geplanter Prüfpunkt
28-06-2013 11:55:58 Geplanter Prüfpunkt
29-06-2013 21:11:37 Geplanter Prüfpunkt
30-06-2013 22:39:14 avast! Internet Security Setup
30-06-2013 22:41:19 Gerätetreiber-Paketinstallation: ALWIL Software Netzwerkadapter
30-06-2013 22:41:35 Gerätetreiber-Paketinstallation: ALWIL Software Netzwerkdienst

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {14898C57-3FAC-44F1-8281-963723F6B95C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {330C7223-A603-443F-B256-45872B811200} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {509552E1-8DCE-4540-AEFD-192AF314238D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08] (Hewlett-Packard)
Task: {607AB94E-BB4D-4FFD-99AA-889207306C9D} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {6CECA62A-A3EF-47AF-9211-74CC52CD9B49} - System32\Tasks\{D9D43378-CBDC-4BF6-9161-D2EB654A99E7} => C:\Program Files (x86)\Skype\Phone\Skype.exe No File
Task: {6D3FC05A-109E-4B69-BCA1-5EE76B4E5EF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {9A7B43EC-9D60-4120-99C5-51B037F8B068} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {A0186FDB-46EB-4A6D-976C-13AA9F3B55DE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation)
Task: {A5B9099E-8987-4D87-ABE9-2486D80534F3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {B19913F3-E7C7-4796-8F3C-441F98C9ADAF} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] ()
Task: {B774125C-EA2A-4276-B248-F3A681D5F756} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10] (PC-Doctor, Inc.)
Task: {C1D57579-FF07-4909-920A-A8825CC1815B} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {E8938192-BEB5-47A1-B6E9-E05867831492} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F13F5A98-8CD3-412D-A223-7492B1D4D99E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {F63B1B8B-12F4-4E17-AF4C-AE6527B59A9D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (07/01/2013 02:19:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 02:14:47 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f,
Prozess-ID 0x1360, Anwendungsstartzeit iexplore.exe0.

Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f,
Prozess-ID 0x10f0, Anwendungsstartzeit iexplore.exe0.

Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f,
Prozess-ID 0xb7c, Anwendungsstartzeit iexplore.exe0.

Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f,
Prozess-ID 0x4f8, Anwendungsstartzeit iexplore.exe0.

Error: (07/01/2013 11:17:00 AM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8


System errors:
=============
Error: (07/01/2013 02:25:03 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (07/01/2013 02:24:59 PM) (Source: Service Control Manager) (User: )
Description: PnkBstrA1

Error: (07/01/2013 02:21:12 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/01/2013 02:21:12 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: )
Description: nHancer Support%%1053

Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: )
Description: 30000nHancer Support

Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: )
Description: HP Easy Backup Button Service%%1053


Microsoft Office Sessions:
=========================
Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (07/01/2013 02:19:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 02:14:47 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4f136001ce763cc5642627

Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4f10f001ce763c81e7b0b7

Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4fb7c01ce763bd680e7f7

Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4f4f801ce763bbe613767

Error: (07/01/2013 11:17:00 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8


CodeIntegrity Errors:
===================================
  Date: 2013-07-01 11:38:30.748
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:30.638
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:30.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:30.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:30.308
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:30.198
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:30.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:29.975
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:29.865
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-01 11:38:29.755
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8183.2 MB
Available physical RAM: 5820.14 MB
Total Pagefile: 20353.73 MB
Available Pagefile: 17785.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:581.32 GB) (Free:28.88 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.72 GB) (Free:2.02 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:31.79 GB) NTFS (Disk=1 Partition=1)
Drive f: (SWTORDE1) (CDROM) (Total:7.78 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 23318F0E)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Öhm, habe auch mal bei den Optionen meiner Order die Anzeige von Systemdateien aktiviert und sehe gerade auf meinem Desktop 3 verblasst angezeigte Systemdateien: 2x desktop.ini und 1x Thumps.db. Ist das normal, oder sollte ich mir gedanken machen?

Alt 01.07.2013, 14:17   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Die Dateien sind normal, die verschwinden wieder wenn man sie wieder versteckt

Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
ZeroAccess:
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\76603ac3
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 14:24   #10
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Und schon ist es erledigt und hier dein log :P

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03
Ran by Gast at 2013-07-01 15:22:42 Run:1
Running from C:\Users\Gast\Desktop
Boot Mode: Normal
==============================================

C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3} => Moved successfully.
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L => File/Directory not found.
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U => File/Directory not found.
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@ => File/Directory not found.
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde => File/Directory not found.
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287 => File/Directory not found.
C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\76603ac3 => File/Directory not found.

==== End of Fixlog ====
         

Alt 01.07.2013, 16:00   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 16:41   #12
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Here we go again :P

ADW
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 01/07/2013 um 17:08:02 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Gast - GAST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gast\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Gast\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\searchplugins\daemon-search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\DAEMON Tools Toolbar
Gelöscht mit Neustart : C:\Program Files (x86)\facemoods.com
Gelöscht mit Neustart : C:\ProgramData\Trymedia
Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Temp\Conduit
Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Temp\CT2613550
Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Temp\OCS
Gelöscht mit Neustart : C:\Users\Gast\AppData\LocalLow\boost_interprocess
Gelöscht mit Neustart : C:\Users\Gast\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Gast\AppData\LocalLow\facemoods.com
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Conduit
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\ConduitCommon
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\CT2613550
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\DTToolbar@toolbarnet.com
Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\ffxtlbr@Facemoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18999

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v7.0.1 (de)

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\prefs.js

C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2613550..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2613550.BrowserCompStateIsOpen_130040893173399876", true);
Gelöscht : user_pref("CT2613550.BrowserCompStateIsOpen_130100883130261291", true);
Gelöscht : user_pref("CT2613550.CTID", "ct2613550");
Gelöscht : user_pref("CT2613550.CurrentServerDate", "30-6-2013");
Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200");
Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Sun Jun 30 2013 21:09:10 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602533", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602539", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602545", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602551", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602557", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602563", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602569", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602575", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602581", "Sat Jul 02 2011 23:26:13 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602587", "Sat Jul 02 2011 23:26:13 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602593", "Sat Jul 02 2011 23:26:13 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602599", "Sat Jul 02 2011 23:26:14 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602605", "Sat Jul 02 2011 23:26:14 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602611", "Sat Jul 02 2011 23:26:14 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602617", "Sat Jul 02 2011 23:26:14 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602623", "Sat Jul 02 2011 23:26:14 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602629", "Sat Jul 02 2011 23:26:14 GMT+0200");
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602599", 30);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Gelöscht : user_pref("CT2613550.FeedTTL129254982599602629", 2);
Gelöscht : user_pref("CT2613550.FirstServerDate", "21-12-2010");
Gelöscht : user_pref("CT2613550.FirstTime", true);
Gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
Gelöscht : user_pref("CT2613550.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2613550.Initialize", true);
Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2613550.InstalledDate", "Tue Dec 21 2010 00:54:14 GMT+0100");
Gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2613550.IsGrouping", false);
Gelöscht : user_pref("CT2613550.IsMulticommunity", false);
Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Dec 21 2010 00:54:27 GMT+0100");
Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2613550.LastLogin_2.7.1.3", "Sat Jul 02 2011 23:26:12 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.10.0.1", "Wed Jun 06 2012 21:37:45 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.13.0.6", "Sun Dec 30 2012 00:56:26 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.16.0.3", "Sun Jun 30 2013 21:09:22 GMT+0200");
Gelöscht : user_pref("CT2613550.LastLogin_3.7.0.6", "Thu Jan 12 2012 19:27:51 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.8.1.0", "Tue Feb 28 2012 23:59:12 GMT+0100");
Gelöscht : user_pref("CT2613550.LastLogin_3.9.0.3", "Mon Apr 09 2012 01:52:08 GMT+0200");
Gelöscht : user_pref("CT2613550.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2613550.Locale", "de-de");
Gelöscht : user_pref("CT2613550.LoginCache", 4);
Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", false);
Gelöscht : user_pref("CT2613550.RadioIsPodcast", false);
Gelöscht : user_pref("CT2613550.RadioMediaID", "8546");
Gelöscht : user_pref("CT2613550.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Gelöscht : user_pref("CT2613550.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2613550.RadioStationName", "Radio%208");
Gelöscht : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Gelöscht : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Sun Jun 30 2013 21:09:09 GMT+0200");
Gelöscht : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Tue Dec 21 2010 00:54:14 GMT+0100");
Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1291812328");
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Dec 21 2010 00:54:14 GMT+0100");
Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2613550.UserID", "UN26862688284037837");
Gelöscht : user_pref("CT2613550.ValidationData_Search", 0);
Gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2613550.WeatherNetwork", "");
Gelöscht : user_pref("CT2613550.WeatherPollDate", "Sun Jun 30 2013 21:09:22 GMT+0200");
Gelöscht : user_pref("CT2613550.WeatherUnit", "C");
Gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E2025203[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e.:2z527", "2423");
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e06cg5el8:", "6E6D6A706D736C736F76");
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473707673797279757C242F4B4947[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b-0?3g>d", "3A6D3D696F6F6C737A7570447A2079757E4E254E204E222A7E[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2613550.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2613550.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2613550.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b5ba==9cjag", "3D6A40716E6F41727A4477457246477E767E4B7921");
Gelöscht : user_pref("CT2613550.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A706D736C736F76757578");
Gelöscht : user_pref("CT2613550.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2613550.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2613550.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2613550.backendstorage./9b<:222h64<l8daj", "6D70706F76746F7974782A7972727D75757C20");
Gelöscht : user_pref("CT2613550.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2613550.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2613550.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2613550.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appsdefaultenabled", "66616C7365");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_couponbuddy", "6F6666");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_easytobook", "6F6666");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6666");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_pricegong", "6F6666");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_windowshopper", "6F6666");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstatereporttime", "31333732363139333732353334");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_currentversion", "312E382E302E34");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_eventscache", "7B2265343239346364612D656361372D346435622D[...]
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_first_time", "31");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_gadgetopen", "30");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_lastlogintime", "31333732363139333638373938");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A227375636365656465[...]
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_showclosebutton", "74727565");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_showwelcomegadget", "74727565");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_user_approval_interacted", "31");
Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_userid", "38376266653564352D323736342D343533312D393633652[...]
Gelöscht : user_pref("CT2613550.backendstorage.pg_enable", "74727565");
Gelöscht : user_pref("CT2613550.backendstorage.searchappstate", "31");
Gelöscht : user_pref("CT2613550.backendstorage.searchapptracking", "73656E74");
Gelöscht : user_pref("CT2613550.backendstorage.sf_just_installed", "46414C5345");
Gelöscht : user_pref("CT2613550.backendstorage.sf_status", "454E41424C4544");
Gelöscht : user_pref("CT2613550.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2613550.components.1000082", true);
Gelöscht : user_pref("CT2613550.components.1000234", true);
Gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 832);
Gelöscht : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Sun Jun 30 2013 21:09:11 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Gelöscht : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Jun 30 2013 21:09:24 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Sun Jun 30 2013 21:09:10 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1372576959");
Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sun Jun 30 2013 21:09:10 GMT+0200");
Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sun Jun 30 2013 21:09:24 GMT+0200[...]
Gelöscht : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200"[...]
Gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200"[...]
Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2613550.initDone", true);
Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2613550.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2613550.myStuffEnabled", true);
Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...]
Gelöscht : user_pref("CT2613550.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2613550.testingCtid", "");
Gelöscht : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2613550.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Gast\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 06 2012 21:37:43 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "67480c02-f04b-4ca3-b5e3-3c8e8a75bfba");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Dec 30 2012 00:56:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Dec 30 2012 00:56:19 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "ca9b4ef9-585f-42d3-80ba-f31f907dc2f7");
Gelöscht : user_pref("browser.search.defaultenginename", "Facemoods Search");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Facemoods Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://start.facemoods.com/?a=ddrnw");
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@Facemoods.com:1.2.1,{b9db16a4-6edc-47ec-a1f4-b86292ed[...]
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "30");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.49] : icon_url = "hxxp://facemoods.com/favicon.ico",
Gelöscht [l.52] : keyword = "facemoods.com",
Gelöscht [l.56] : search_url = "hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4",
Gelöscht [l.2312] : homepage = "hxxp://start.facemoods.com/?a=ddrnw",
Gelöscht [l.2916] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=ddrnw" ]

*************************

AdwCleaner[S1].txt - [35707 octets] - [01/07/2013 17:08:02]

########## EOF - C:\AdwCleaner[S1].txt - [35768 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Gast on 01.07.2013 at 17:28:25,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C5BF184-BEAC-415C-8A6F-69F27A468C07}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8C5BF184-BEAC-415C-8A6F-69F27A468C07}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\facemoods.com"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2013 at 17:32:49,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und ein FRST, frisch wie morgenlicher tau xD

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Gast (administrator) on 01-07-2013 17:36:21
Running from C:\Users\Gast\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\vc9play.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(KSE - Korndörfer Software Engineering) E:\Program Files\nHancer\nHancerService.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkcmsvc.exe
(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe
(INCA Internet Co.,Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9Tray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
() C:\Windows\SysWOW64\BeepApp.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKCU\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [EADM] "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x]
HKCU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {139f4f8e-2e9f-11e0-b50d-002421172082} - L:\OblivionLauncher.exe
MountPoints2: {139f4f9c-2e9f-11e0-b50d-002421172082} - M:\setup.exe
MountPoints2: {164bed90-1e7b-11e0-aa79-002421172082} - L:\OblivionLauncher.exe
MountPoints2: {3f05954f-e5bd-11dd-9d91-806e6f6e6963} - F:\autorun.exe
MountPoints2: {e273aac0-cbc4-11de-ade2-002421172082} - K:\Autorun.exe
HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)
HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VC9Player] "E:\Program Files (x86)\Virtual CD v9\System\VC9Play.exe" [x]
HKLM-x32\...\Run: [nProtect GameGuard Personal 3.0] "E:\Program Files (x86)\INCAInternet\nProtect GameGuard Personal 3.0\nProtect GameGuard Personal 3.0\nspmain.exe" -tray [x]
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
SearchScopes: HKLM - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
HKCU SearchScopes: DefaultScope {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [51656 2009-05-22] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: DownloadHelper - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR DefaultSearchURL: (facemoods) - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR DefaultSuggestURL: (facemoods) -       "suggest_url": ""
CHR Extension: (Skype Click to Call) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S4 DAUpdaterSvc; E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 nHancer; E:\Program Files\nHancer\nHancerService.exe [39424 2010-05-02] (KSE - Korndörfer Software Engineering)
R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [817152 2010-03-25] (Locktime Software)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3813096 2010-06-20] (INCA Internet Co., Ltd.)
R2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [191008 2010-08-22] (INCA Internet Co., Ltd.)
R2 NSPService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe [581248 2011-09-16] (INCA Internet Co., Ltd.)
R2 NSPUpdateService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [1252840 2012-10-25] (INCA Internet Co.,Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] ()
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
R2 VC9SecS; E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe [132424 2009-04-21] (H+H Software GmbH)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-12] ()
S3 CEDRIVER60; E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] ()
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-12] ()
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software)
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software)
S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-12] ()
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
R3 TkFsFtM; C:\Windows\System32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.)
R3 TkFsFtM; C:\Windows\SysWow64\TKFsFt64.sys [22848 2011-03-28] (INCA Internet Co., Ltd.)
R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-28] (INCA Internet Co., Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [297496 2008-02-12] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 dump_wmimmc; \??\E:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S2 tandpl; System32\drivers\tandpl.sys [x]
S3 X6va005; \??\C:\Users\Gast\AppData\Local\Temp\00539A5.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 17:32 - 2013-07-01 17:32 - 00001788 ____A C:\Users\Gast\Desktop\JRT.txt
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT
2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt
2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat
2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe
2013-07-01 14:46 - 2013-07-01 14:49 - 00030456 ____A C:\Users\Gast\Desktop\Addition.txt
2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST
2013-07-01 13:17 - 2013-07-01 14:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe
2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-01 10:02 - 2013-07-01 17:10 - 00000808 ____A C:\Windows\System32\spsys.log
2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-01 00:42 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-07-01 00:41 - 2013-07-01 00:42 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-01 00:41 - 2013-07-01 00:42 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-01 00:41 - 2013-05-09 10:59 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00059144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-07-01 00:41 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt
2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt
2013-07-01 00:40 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-07-01 00:40 - 2013-03-13 19:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache
2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache
2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 20:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-29 23:28 - 2013-06-30 09:54 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar
2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent
2013-06-26 12:30 - 2013-06-26 12:31 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk
2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime
2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar
2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar
2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar
2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip
2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar
2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor
2013-06-25 17:31 - 2013-06-25 17:32 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe
2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor  V4.2.rar
2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam]
2013-06-23 11:26 - 2013-06-23 11:29 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z
2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine                                                ) C:\Users\Gast\Downloads\CheatEngine63.exe
2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar
2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z
2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z
2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z
2013-06-16 14:16 - 2013-06-16 14:17 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z
2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip
2013-06-16 13:16 - 2013-06-16 13:18 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip
2013-06-16 13:15 - 2013-06-16 13:16 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip
2013-06-14 16:17 - 2013-06-16 19:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium
2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt
2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt
2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url
2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z
2013-06-09 00:02 - 2013-06-09 00:05 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip
2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality
2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url
2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip
2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip
2013-06-08 12:05 - 2013-06-08 12:06 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip
2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z
2013-06-01 15:26 - 2013-06-01 15:28 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z
2013-06-01 15:20 - 2013-06-01 15:22 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z
2013-06-01 15:20 - 2013-06-01 15:21 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z
2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z
2013-06-01 15:19 - 2013-06-01 15:20 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z
2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z
2013-06-01 15:16 - 2013-06-01 15:17 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z
2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar

==================== One Month Modified Files and Folders =======

2013-07-01 17:32 - 2013-07-01 17:32 - 00001788 ____A C:\Users\Gast\Desktop\JRT.txt
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT
2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 17:23 - 2012-09-03 23:49 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-01 17:23 - 2010-04-29 17:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-01 17:23 - 2009-01-07 19:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 17:21 - 2012-08-22 17:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 17:18 - 2009-01-08 03:28 - 16574524 ____A C:\Windows\System32\perfh007.dat
2013-07-01 17:18 - 2009-01-08 03:28 - 05420980 ____A C:\Windows\System32\perfc007.dat
2013-07-01 17:18 - 2006-11-02 14:46 - 00006722 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 17:16 - 2010-11-12 20:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Deployment
2013-07-01 17:13 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt
2013-07-01 17:11 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:11 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:10 - 2013-07-01 10:02 - 00000808 ____A C:\Windows\System32\spsys.log
2013-07-01 17:10 - 2010-07-10 20:06 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 17:10 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 17:09 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt
2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat
2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe
2013-07-01 16:44 - 2010-07-10 20:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 14:49 - 2013-07-01 14:46 - 00030456 ____A C:\Users\Gast\Desktop\Addition.txt
2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST
2013-07-01 14:13 - 2010-12-17 20:20 - 00056114 ____A C:\Windows\PFRO.log
2013-07-01 14:11 - 2013-07-01 13:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe
2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-01 11:25 - 2009-12-12 15:40 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 11:24 - 2010-04-08 10:31 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe
2013-07-01 10:59 - 2010-12-22 15:04 - 00000000 ____D C:\Users\Gast\Desktop\Trainer
2013-07-01 10:58 - 2011-08-13 15:12 - 00000368 ____H C:\Windows\SysWOW64\nspgpinf.nsx
2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-01 00:42 - 2013-07-01 00:41 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-01 00:42 - 2013-07-01 00:41 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-01 00:41 - 2009-04-23 15:22 - 00000000 ____D C:\users\Gast
2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt
2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache
2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache
2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 20:40 - 2011-05-20 23:52 - 00001987 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-30 14:31 - 2009-08-14 19:34 - 00044032 ____A C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-30 14:29 - 2010-03-20 09:42 - 00000000 ____D C:\Users\Gast\AppData\Roaming\vlc
2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-30 09:57 - 2009-09-26 23:38 - 00000000 ____D C:\Users\Gast\AppData\Roaming\BitTorrent
2013-06-30 09:54 - 2013-06-29 23:28 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar
2013-06-30 02:05 - 2009-01-19 02:16 - 01694584 ____A C:\Windows\WindowsUpdate.log
2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent
2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\Users\Gast\AppData\Local\PMB Files
2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-27 09:22 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Skyrim
2013-06-26 12:31 - 2013-06-26 12:30 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk
2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime
2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar
2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar
2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar
2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip
2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar
2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor
2013-06-25 17:32 - 2013-06-25 17:31 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe
2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor  V4.2.rar
2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-06-25 11:34 - 2012-02-02 19:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\.minecraft
2013-06-24 10:01 - 2009-04-24 10:08 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam]
2013-06-23 11:29 - 2013-06-23 11:26 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z
2013-06-23 11:26 - 2010-12-22 15:03 - 00000000 ____D C:\Users\Gast\Desktop\Spiele
2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine                                                ) C:\Users\Gast\Downloads\CheatEngine63.exe
2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar
2013-06-21 08:48 - 2012-05-19 08:10 - 00007916 ____A C:\Users\Gast\AppData\Local\d3d9caps.dat
2013-06-20 11:10 - 2009-04-30 12:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-18 11:40 - 2010-12-10 13:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-16 19:10 - 2013-06-14 16:17 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium
2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z
2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z
2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z
2013-06-16 14:17 - 2013-06-16 14:16 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z
2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip
2013-06-16 13:18 - 2013-06-16 13:16 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip
2013-06-16 13:16 - 2013-06-16 13:15 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip
2013-06-14 16:29 - 2011-01-12 20:45 - 00566636 ____A C:\Windows\DirectX.log
2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt
2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt
2013-06-14 16:17 - 2009-10-25 08:56 - 00000000 ____D C:\Users\Gast\Documents\My Games
2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url
2013-06-12 17:21 - 2012-04-09 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:21 - 2011-06-01 07:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 00:05 - 2013-06-09 00:02 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip
2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z
2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality
2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url
2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip
2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip
2013-06-08 12:06 - 2013-06-08 12:05 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip
2013-06-05 19:24 - 2012-07-06 22:17 - 00000000 ____D C:\Users\Gast\AppData\Local\Origin
2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z
2013-06-01 15:28 - 2013-06-01 15:26 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z
2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z
2013-06-01 15:22 - 2013-06-01 15:20 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z
2013-06-01 15:21 - 2013-06-01 15:20 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z
2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z
2013-06-01 15:20 - 2013-06-01 15:19 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z
2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z
2013-06-01 15:17 - 2013-06-01 15:16 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z
2013-06-01 10:34 - 2013-05-31 21:13 - 00000000 ____D C:\Users\Gast\Desktop\Dont Starve
2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-01 17:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Edit: Was für einen übellaunigen Bastard hab ich mir da eingefangen gehabt? Ist mir vorher garnicht aufgefallen, das Sicherheitscenter startet nicht. Manueller versuch über die Systemsteuerung bringt keinen Erfolg und unter Verwaltung/Dienste ist das Sicherheitscenter verschwunden. Verdammte Axt, ich könnte in meine Tastatur beissen... werde mich aber mit ner Tasse Kaffee und einer Zigarette begnügen, die schmecken besser :P

Geändert von JuppSchlupp (01.07.2013 um 16:52 Uhr)

Alt 01.07.2013, 18:32   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Schauen wir mal

Windows-taste+R, schreibe

netsh winsock reset

und drücke Enter.


Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und en frisches FRST Log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 08:55   #14
JuppSchlupp
 
Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Soo, auf gehts!
Einmal wie FSS (also das ganze "not exist." gefällt mir ja garnicht :P
Code:
ATTFilter
Farbar Service Scanner Version: 27-06-2013
Ran by Gast (administrator) on 01-07-2013 at 19:37:01
Running from "C:\Users\Gast\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-24 16:31] - [2009-04-11 09:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2009-09-24 16:32] - [2009-04-11 07:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-08-11 18:14] - [2010-06-16 19:14] - 1424264 ____A (Microsoft Corporation) 0011810B5211FDACD784DE585262ECFE

C:\Windows\System32\dnsrslvr.dll
[2009-09-24 16:31] - [2009-04-11 09:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530

C:\Windows\System32\mpssvc.dll
[2009-09-24 16:32] - [2009-04-11 09:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-24 16:31] - [2009-04-11 09:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-24 16:32] - [2009-04-11 09:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-24 16:31] - [2009-04-11 09:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-24 16:31] - [2009-04-11 09:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-10-30 16:38] - [2009-08-07 04:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2009-09-24 16:32] - [2009-04-11 09:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-24 16:32] - [2009-04-11 09:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2009-09-24 16:32] - [2009-04-11 09:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-24 16:32] - [2009-04-11 09:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
         
und dann der von ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=54803ebe5485884a8d2f79351478932b
# engine=14224
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-02 12:58:40
# local_time=2013-07-02 02:58:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=772 16777213 83 94 94569 149436592 0 0
# compatibility_mode=5892 16776574 66 100 57605237 210250626 0 0
# scanned=554067
# found=12
# cleaned=0
# scan_time=25065
sh=5302175DAB7DD0F6A7877FA1843B7B7FD09A1900 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\Local\Temp\jar_cache5804977266532286298.tmp"
sh=FD79DA86C421BBDFBF4A38EE23DD12D56D04901A ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBE trojan" ac=I fn="C:\Users\Gast\AppData\Local\Temp\jar_cache5847185873335909308.tmp"
sh=7447217F413848A83262D11521054E83451C8C52 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6f8474a-1f46d254"
sh=9981D6D246646E7C7701602E0DBB62B3DFCB9EA2 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2010-4452.A trojan" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-4b8e7b48"
sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2b97c68d-57bf79d2"
sh=5CBB72947E281875E213064668AA4CD36951CD13 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\595f3626-3e68d8a6"
sh=7646BA2EA55D71B32D39D9FF996DB18244557228 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7c13d2e9-5c57ee03"
sh=7646BA2EA55D71B32D39D9FF996DB18244557228 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\77d76daf-2ceb58e2"
sh=D3B9A35B817A2D7779B7A59A9B15B323BB9ABE78 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEO trojan" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5fef98f5-3b87e464"
sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2f5b6b7-598a4687"
sh=18F8AE4E2B3ABC0C151E08E731AA9157C1DD08CA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\247a5648-72ccf4ed"
sh=64C3D25CA783CB73BD75D9B2C29968D46F7EC72A ft=1 fh=877375bc35405650 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\Gast\Downloads\hdplugin_chrome.exe"
         
dann noch der SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows Vista Service Pack 2 x64   
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
nProtect GameGuard Personal 3.0   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 HijackThis 2.0.2    
 Java(TM) 6 Update 22  
 Java(TM) 6 Update 31  
 Java 7 Update 25  
 Java(TM) 6 Update 7  
 Adobe Flash Player 	11.7.700.224  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (7.0.1) 
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
und ein FRST (Erstellt während ich diesen Text schreibe... Frischer geht nicht xD)

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03
Ran by Gast (administrator) on 02-07-2013 09:54:28
Running from C:\Users\Gast\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\vc9play.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9Tray.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
() C:\Windows\SysWOW64\BeepApp.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKCU\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {139f4f8e-2e9f-11e0-b50d-002421172082} - L:\OblivionLauncher.exe
MountPoints2: {139f4f9c-2e9f-11e0-b50d-002421172082} - M:\setup.exe
MountPoints2: {164bed90-1e7b-11e0-aa79-002421172082} - L:\OblivionLauncher.exe
MountPoints2: {3f05954f-e5bd-11dd-9d91-806e6f6e6963} - F:\autorun.exe
MountPoints2: {e273aac0-cbc4-11de-ade2-002421172082} - K:\Autorun.exe
HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro)
HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VC9Player] "E:\Program Files (x86)\Virtual CD v9\System\VC9Play.exe" [x]
HKLM-x32\...\Run: [nProtect GameGuard Personal 3.0] "E:\Program Files (x86)\INCAInternet\nProtect GameGuard Personal 3.0\nProtect GameGuard Personal 3.0\nspmain.exe" -tray [x]
HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
SearchScopes: HKLM - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
HKCU SearchScopes: DefaultScope {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [51656 2009-05-22] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: DownloadHelper - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
CHR DefaultSearchURL: (facemoods) - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR DefaultSuggestURL: (facemoods) -       "suggest_url": ""
CHR Extension: (Skype Click to Call) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0

==================== Services (Whitelisted) =================

S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S4 DAUpdaterSvc; E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 nHancer; E:\Program Files\nHancer\nHancerService.exe [39424 2010-05-02] (KSE - Korndörfer Software Engineering)
R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [817152 2010-03-25] (Locktime Software)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3813096 2010-06-20] (INCA Internet Co., Ltd.)
S2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [191008 2010-08-22] (INCA Internet Co., Ltd.)
S2 NSPService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe [581248 2011-09-16] (INCA Internet Co., Ltd.)
S2 NSPUpdateService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [1252840 2012-10-25] (INCA Internet Co.,Ltd.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] ()
S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
R2 VC9SecS; E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe [132424 2009-04-21] (H+H Software GmbH)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-12] ()
S3 CEDRIVER60; E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] ()
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-12] ()
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software)
R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software)
S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.)
S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-12] ()
S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] ()
S3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
S3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
S3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
S3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
R3 TkFsFtM; C:\Windows\System32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.)
R3 TkFsFtM; C:\Windows\SysWow64\TKFsFt64.sys [22848 2011-03-28] (INCA Internet Co., Ltd.)
R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-28] (INCA Internet Co., Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [297496 2008-02-12] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 dump_wmimmc; \??\E:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S2 tandpl; System32\drivers\tandpl.sys [x]
S3 X6va005; \??\C:\Users\Gast\AppData\Local\Temp\00539A5.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 19:42 - 2013-07-01 19:42 - 00890988 ____A C:\Users\Gast\Desktop\SecurityCheck.exe
2013-07-01 19:38 - 2013-07-01 19:38 - 02347384 ____A (ESET) C:\Users\Gast\Desktop\esetsmartinstaller_enu.exe
2013-07-01 19:37 - 2013-07-01 19:37 - 00007298 ____A C:\Users\Gast\Desktop\FSS.txt
2013-07-01 19:35 - 2013-07-01 19:35 - 00356397 ____A (Farbar) C:\Users\Gast\Desktop\FSS.exe
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT
2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt
2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat
2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST
2013-07-01 13:17 - 2013-07-01 14:11 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe
2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-01 10:02 - 2013-07-01 17:10 - 00000808 ____A C:\Windows\System32\spsys.log
2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-01 00:42 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-07-01 00:41 - 2013-07-01 00:42 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-01 00:41 - 2013-07-01 00:42 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-01 00:41 - 2013-05-09 10:59 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00059144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-07-01 00:41 - 2013-05-09 10:59 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-07-01 00:41 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt
2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt
2013-07-01 00:40 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-07-01 00:40 - 2013-03-13 19:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache
2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache
2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 20:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-29 23:28 - 2013-06-30 09:54 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar
2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent
2013-06-26 12:30 - 2013-06-26 12:31 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk
2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime
2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar
2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar
2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar
2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip
2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar
2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor
2013-06-25 17:31 - 2013-06-25 17:32 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe
2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor  V4.2.rar
2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam]
2013-06-23 11:26 - 2013-06-23 11:29 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z
2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine                                                ) C:\Users\Gast\Downloads\CheatEngine63.exe
2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar
2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z
2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z
2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z
2013-06-16 14:16 - 2013-06-16 14:17 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z
2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip
2013-06-16 13:16 - 2013-06-16 13:18 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip
2013-06-16 13:15 - 2013-06-16 13:16 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip
2013-06-14 16:17 - 2013-06-16 19:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium
2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt
2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt
2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url
2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z
2013-06-09 00:02 - 2013-06-09 00:05 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip
2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality
2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url
2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip
2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip
2013-06-08 12:05 - 2013-06-08 12:06 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip

==================== One Month Modified Files and Folders =======

2013-07-02 09:44 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:44 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:43 - 2010-07-10 20:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 09:20 - 2012-08-22 17:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 02:13 - 2009-01-19 02:16 - 01695871 ____A C:\Windows\WindowsUpdate.log
2013-07-01 19:46 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt
2013-07-01 19:44 - 2010-07-10 20:06 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 19:44 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 19:42 - 2013-07-01 19:42 - 00890988 ____A C:\Users\Gast\Desktop\SecurityCheck.exe
2013-07-01 19:42 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 19:38 - 2013-07-01 19:38 - 02347384 ____A (ESET) C:\Users\Gast\Desktop\esetsmartinstaller_enu.exe
2013-07-01 19:37 - 2013-07-01 19:37 - 00007298 ____A C:\Users\Gast\Desktop\FSS.txt
2013-07-01 19:35 - 2013-07-01 19:35 - 00356397 ____A (Farbar) C:\Users\Gast\Desktop\FSS.exe
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT
2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT
2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-01 17:23 - 2012-09-03 23:49 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-01 17:23 - 2010-04-29 17:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-01 17:23 - 2009-01-07 19:49 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-01 17:18 - 2009-01-08 03:28 - 16574524 ____A C:\Windows\System32\perfh007.dat
2013-07-01 17:18 - 2009-01-08 03:28 - 05420980 ____A C:\Windows\System32\perfc007.dat
2013-07-01 17:18 - 2006-11-02 14:46 - 00006722 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 17:16 - 2010-11-12 20:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Deployment
2013-07-01 17:10 - 2013-07-01 10:02 - 00000808 ____A C:\Windows\System32\spsys.log
2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt
2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat
2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe
2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST
2013-07-01 14:13 - 2010-12-17 20:20 - 00056114 ____A C:\Windows\PFRO.log
2013-07-01 14:11 - 2013-07-01 13:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe
2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe
2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-07-01 11:25 - 2009-12-12 15:40 - 00000000 ____D C:\ProgramData\Adobe
2013-07-01 11:24 - 2010-04-08 10:31 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe
2013-07-01 10:59 - 2010-12-22 15:04 - 00000000 ____D C:\Users\Gast\Desktop\Trainer
2013-07-01 10:58 - 2011-08-13 15:12 - 00000368 ____H C:\Windows\SysWOW64\nspgpinf.nsx
2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-07-01 00:42 - 2013-07-01 00:41 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-07-01 00:42 - 2013-07-01 00:41 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-07-01 00:41 - 2009-04-23 15:22 - 00000000 ____D C:\users\Gast
2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt
2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache
2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache
2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-30 20:40 - 2011-05-20 23:52 - 00001987 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-30 14:31 - 2009-08-14 19:34 - 00044032 ____A C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-30 14:29 - 2010-03-20 09:42 - 00000000 ____D C:\Users\Gast\AppData\Roaming\vlc
2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-06-30 09:57 - 2009-09-26 23:38 - 00000000 ____D C:\Users\Gast\AppData\Roaming\BitTorrent
2013-06-30 09:54 - 2013-06-29 23:28 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar
2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent
2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\Users\Gast\AppData\Local\PMB Files
2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-27 09:22 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Skyrim
2013-06-26 12:31 - 2013-06-26 12:30 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk
2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime
2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar
2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar
2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar
2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip
2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar
2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime
2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor
2013-06-25 17:32 - 2013-06-25 17:31 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe
2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor  V4.2.rar
2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-06-25 11:34 - 2012-02-02 19:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\.minecraft
2013-06-24 10:01 - 2009-04-24 10:08 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam]
2013-06-23 11:29 - 2013-06-23 11:26 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z
2013-06-23 11:26 - 2010-12-22 15:03 - 00000000 ____D C:\Users\Gast\Desktop\Spiele
2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine                                                ) C:\Users\Gast\Downloads\CheatEngine63.exe
2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar
2013-06-21 08:48 - 2012-05-19 08:10 - 00007916 ____A C:\Users\Gast\AppData\Local\d3d9caps.dat
2013-06-20 11:10 - 2009-04-30 12:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-18 11:40 - 2010-12-10 13:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-06-16 19:10 - 2013-06-14 16:17 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium
2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z
2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z
2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z
2013-06-16 14:17 - 2013-06-16 14:16 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z
2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip
2013-06-16 13:18 - 2013-06-16 13:16 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip
2013-06-16 13:16 - 2013-06-16 13:15 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip
2013-06-14 16:29 - 2011-01-12 20:45 - 00566636 ____A C:\Windows\DirectX.log
2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt
2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt
2013-06-14 16:17 - 2009-10-25 08:56 - 00000000 ____D C:\Users\Gast\Documents\My Games
2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url
2013-06-12 17:21 - 2012-04-09 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:21 - 2011-06-01 07:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-09 00:05 - 2013-06-09 00:02 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip
2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z
2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality
2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url
2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip
2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip
2013-06-08 12:06 - 2013-06-08 12:05 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip
2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip
2013-06-05 19:24 - 2012-07-06 22:17 - 00000000 ____D C:\Users\Gast\AppData\Local\Origin

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-02 07:54

==================== End Of Log ============================
         
--- --- ---

Alt 02.07.2013, 09:29   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Standard

Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden



Da sind wir schon 2

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Windows Repair (All In One) - Download - Filepony
Installieren, laufen lassen, alle Schritte durchführen, beim Letzten Bild alles anhaken und laufen lassen.

reboot und neues FSS und FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden
anti-malware, antivirus, avast, blockiert, downloadgeschwindigkeit, firefox, google, hintergrund, internet, internetverbindung, malwarebytes, maximal, neu, popup, probleme, programm, prozess, services.exe, suche, system, system neu, system32, upload, verbindung, websites, win32, windows, zugriff




Ähnliche Themen: Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden


  1. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  2. Trojaner gefunden - trojan.Zaccess
    Log-Analyse und Auswertung - 03.09.2013 (19)
  3. backdoor.WIN32.ZAccess.mbs wurde gefunden system ausfall folge windwos nur noch über abgesicherten modus startbar
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (21)
  4. Virenalarm Win32:ZAccess-PB [Trj]
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (23)
  5. TR/Spy.ZAccess.A bei Suchlauf gefunden
    Mülltonne - 31.01.2013 (1)
  6. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  7. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  8. Backdoor.Win32.ZAccess.uru und weitere
    Log-Analyse und Auswertung - 19.07.2012 (2)
  9. Backdoor.Win32.ZAccess.mbg und Trojan.Win32.Small.bmph
    Log-Analyse und Auswertung - 10.07.2012 (28)
  10. Rootkit.win32.ZAccess.c
    Log-Analyse und Auswertung - 26.03.2012 (8)
  11. Virus.WIN32.ZAccess.c mit abnow.com
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (6)
  12. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (45)
  13. Antivir hat TR/ATRAPS.Gen2, BDS/ZAccess.Q', BDS/ZAccess.L gefunden --> SYSTEM NEU AUFSETZEN?
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (7)
  14. erst Virus.Win32.ZAccess.aml dann Virus.Win32.ZAccess.c
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (13)
  15. patchload.a , win32.PMax.gen und win32.ZAccess.e
    Plagegeister aller Art und deren Bekämpfung - 06.11.2011 (10)
  16. Trojaner Backdoor.Win32.ZAccess.ob
    Log-Analyse und Auswertung - 25.08.2011 (1)
  17. "Generic Host Prozess for Win 32 Services" - Virus?
    Log-Analyse und Auswertung - 01.01.2008 (3)

Zum Thema Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden - Guten Tag Community, (auch wenn mein Tag nicht ganz so gut ist :P) Zuerst einmal etwas hintergrund Info von mir. Hatte gestern Probleme mit Google Chrome. Konnte auf viele websites - Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden...
Archiv
Du betrachtest: Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.