|
Plagegeister aller Art und deren Bekämpfung: Win32:ZAccess-PB (Trj) im Prozess Services.exe gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.07.2013, 11:53 | #1 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Guten Tag Community, (auch wenn mein Tag nicht ganz so gut ist :P) Zuerst einmal etwas hintergrund Info von mir. Hatte gestern Probleme mit Google Chrome. Konnte auf viele websites nichtmehr zugreifen und bekam stattdessen immer die Meldung das die Sicherheitszertifikate wiederrufen wurden. IE und Firefox funktionieren weiterhin problemlos. Hatte dann eine Vollstandige Suche, mit fast 3 Stunden Dauer, von Malwarebytes Anti-Malware durchgeführt, jedoch ohne Funde. Als ich ein weiteres Programm downloaden wollte (Avast! Antivirus), sind mir seltsame Leistungseinbrüche bei der Downloadgeschwindigkeit aufgefallen. Ein blick in Netlimiter zeigte mir dann warum. Anwendung für Dienste und Controller griff mehrmals die minute auf das Internet zu und verbrauchte dabei fast meine Gesamte Internetleistung (1,4-1,7 MB/s download und 300-400 KB/s upload). Habe nach dem abgeschlossenen Download von Avast! die Internetverbindung getrennt, Avast! installiert und durchlaufen lassen. Einziger fund war C:\Windows\System32\services.exe mit dem im Titel benannten Win32:ZAccess-PB [Trj]. Zu einer reperatur war Avast! nicht fähig. Habe danach die Verbindung zum Internet wiederhergestellt und nun kommt mehrmals die minute von Avast! ein PopUp mit der Meldung das ein Zugriff erfolgreich Blockiert wurde. Prozess: Services.exe Infektion: Win32:ZAccess-PB [Trj] Objekt: C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\80000064.@ Internettraffic von Anwendung für Dienste und Controller ist nun permanent auf einem sehr geringen Wert (wenige bytes/s bis maximal 1 kb/s) Jetzt ist guter Rat teuer, "muss" das System neu aufgesetzt werden oder besteht die Chance auf eine bereinigung? Mit freundlichen Grüßen JuppSchlupp |
01.07.2013, 12:01 | #2 |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
01.07.2013, 12:39 | #3 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Danke für die schnelle Antwort, wie gewünscht Eingestellt, ausgeführt und hier der Log :P
__________________Code:
ATTFilter 13:18:48.0519 5240 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 13:18:48.0758 5240 ============================================================ 13:18:48.0758 5240 Current date / time: 2013/07/01 13:18:48.0758 13:18:48.0758 5240 SystemInfo: 13:18:48.0758 5240 13:18:48.0759 5240 OS Version: 6.0.6002 ServicePack: 2.0 13:18:48.0759 5240 Product type: Workstation 13:18:48.0759 5240 ComputerName: GAST-PC 13:18:48.0759 5240 UserName: Gast 13:18:48.0759 5240 Windows directory: C:\Windows 13:18:48.0759 5240 System windows directory: C:\Windows 13:18:48.0759 5240 Running under WOW64 13:18:48.0759 5240 Processor architecture: Intel x64 13:18:48.0759 5240 Number of processors: 4 13:18:48.0759 5240 Page size: 0x1000 13:18:48.0759 5240 Boot type: Normal boot 13:18:48.0759 5240 ============================================================ 13:18:48.0963 5240 Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:18:48.0981 5240 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:18:49.0009 5240 ============================================================ 13:18:49.0009 5240 \Device\Harddisk0\DR0: 13:18:49.0009 5240 MBR partitions: 13:18:49.0009 5240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48AA5D70 13:18:49.0009 5240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AA5DAF, BlocksNum 0x1D6E641 13:18:49.0009 5240 \Device\Harddisk1\DR1: 13:18:49.0009 5240 MBR partitions: 13:18:49.0009 5240 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82 13:18:49.0009 5240 ============================================================ 13:18:49.0033 5240 C: <-> \Device\Harddisk0\DR0\Partition1 13:18:49.0076 5240 E: <-> \Device\Harddisk1\DR1\Partition1 13:18:49.0161 5240 D: <-> \Device\Harddisk0\DR0\Partition2 13:18:49.0161 5240 ============================================================ 13:18:49.0161 5240 Initialize success 13:18:49.0161 5240 ============================================================ 13:18:55.0120 5068 ============================================================ 13:18:55.0120 5068 Scan started 13:18:55.0120 5068 Mode: Manual; SigCheck; TDLFS; 13:18:55.0120 5068 ============================================================ 13:18:55.0864 5068 ================ Scan system memory ======================== 13:18:55.0864 5068 System memory - ok 13:18:55.0864 5068 ================ Scan services ============================= 13:18:56.0017 5068 [ F146E2BA475893DD77B2370DC1211FC6 ] 97862858 C:\Windows\system32\drivers\83758499.sys 13:18:56.0114 5068 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe 13:18:56.0188 5068 AAV UpdateService - ok 13:18:56.0214 5068 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 13:18:56.0226 5068 ACPI - ok 13:18:56.0306 5068 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:18:56.0315 5068 AdobeFlashPlayerUpdateSvc - ok 13:18:56.0352 5068 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:18:56.0366 5068 adp94xx - ok 13:18:56.0402 5068 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:18:56.0413 5068 adpahci - ok 13:18:56.0439 5068 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 13:18:56.0446 5068 adpu160m - ok 13:18:56.0458 5068 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:18:56.0466 5068 adpu320 - ok 13:18:56.0496 5068 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:18:56.0516 5068 AeLookupSvc - ok 13:18:56.0555 5068 [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD C:\Windows\system32\drivers\afd.sys 13:18:56.0578 5068 AFD - ok 13:18:56.0592 5068 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:18:56.0598 5068 agp440 - ok 13:18:56.0631 5068 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys 13:18:56.0651 5068 ahcix64s - ok 13:18:56.0667 5068 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 13:18:56.0675 5068 aic78xx - ok 13:18:56.0688 5068 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 13:18:56.0714 5068 ALG - ok 13:18:56.0732 5068 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 13:18:56.0738 5068 aliide - ok 13:18:56.0751 5068 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 13:18:56.0757 5068 amdide - ok 13:18:56.0794 5068 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:18:56.0818 5068 AmdK8 - ok 13:18:56.0895 5068 [ 03E7D34FA978123760EE9DBA30930137 ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe 13:18:56.0899 5068 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning 13:18:56.0899 5068 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1) 13:18:56.0924 5068 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 13:18:56.0933 5068 Appinfo - ok 13:18:56.0964 5068 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 13:18:56.0971 5068 arc - ok 13:18:57.0014 5068 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:18:57.0021 5068 arcsas - ok 13:18:57.0143 5068 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:18:57.0150 5068 aspnet_state - ok 13:18:57.0197 5068 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 13:18:57.0203 5068 aswFsBlk - ok 13:18:57.0245 5068 [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW C:\Windows\system32\drivers\aswFW.sys 13:18:57.0252 5068 aswFW - ok 13:18:57.0286 5068 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 13:18:57.0291 5068 aswKbd - ok 13:18:57.0346 5068 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 13:18:57.0353 5068 aswMonFlt - ok 13:18:57.0402 5068 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys 13:18:57.0408 5068 aswNdis - ok 13:18:57.0438 5068 [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys 13:18:57.0446 5068 aswNdis2 - ok 13:18:57.0467 5068 [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr C:\Windows\system32\drivers\AswRdr.sys 13:18:57.0473 5068 AswRdr - ok 13:18:57.0515 5068 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 13:18:57.0521 5068 aswRvrt - ok 13:18:57.0563 5068 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 13:18:57.0585 5068 aswSnx - ok 13:18:57.0645 5068 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys 13:18:57.0656 5068 aswSP - ok 13:18:57.0707 5068 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 13:18:57.0713 5068 aswTdi - ok 13:18:57.0741 5068 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 13:18:57.0749 5068 aswVmm - ok 13:18:57.0766 5068 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:18:57.0790 5068 AsyncMac - ok 13:18:57.0817 5068 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 13:18:57.0824 5068 atapi - ok 13:18:57.0844 5068 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 13:18:57.0849 5068 AtiPcie - ok 13:18:57.0895 5068 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 13:18:57.0904 5068 atksgt - ok 13:18:57.0959 5068 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:18:57.0982 5068 AudioEndpointBuilder - ok 13:18:58.0026 5068 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:18:58.0048 5068 AudioSrv - ok 13:18:58.0190 5068 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 13:18:58.0196 5068 avast! Antivirus - ok 13:18:58.0243 5068 [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 13:18:58.0250 5068 avast! Firewall - ok 13:18:58.0298 5068 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 13:18:58.0323 5068 blbdrive - ok 13:18:58.0353 5068 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:18:58.0378 5068 bowser - ok 13:18:58.0403 5068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 13:18:58.0420 5068 BrFiltLo - ok 13:18:58.0445 5068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 13:18:58.0462 5068 BrFiltUp - ok 13:18:58.0487 5068 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 13:18:58.0512 5068 Browser - ok 13:18:58.0539 5068 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 13:18:58.0578 5068 Brserid - ok 13:18:58.0604 5068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 13:18:58.0642 5068 BrSerWdm - ok 13:18:58.0653 5068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 13:18:58.0690 5068 BrUsbMdm - ok 13:18:58.0700 5068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 13:18:58.0737 5068 BrUsbSer - ok 13:18:58.0759 5068 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:18:58.0797 5068 BTHMODEM - ok 13:18:58.0826 5068 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:18:58.0851 5068 cdfs - ok 13:18:58.0869 5068 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:18:58.0887 5068 cdrom - ok 13:18:59.0093 5068 [ DFC81DD1112338DC8500E8A3E8ADE77D ] CEDRIVER60 E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys 13:18:59.0100 5068 CEDRIVER60 - ok 13:18:59.0147 5068 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 13:18:59.0164 5068 CertPropSvc - ok 13:18:59.0177 5068 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 13:18:59.0202 5068 circlass - ok 13:18:59.0247 5068 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 13:18:59.0260 5068 CLFS - ok 13:18:59.0364 5068 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:18:59.0371 5068 clr_optimization_v2.0.50727_32 - ok 13:18:59.0443 5068 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:18:59.0449 5068 clr_optimization_v2.0.50727_64 - ok 13:18:59.0557 5068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:18:59.0564 5068 clr_optimization_v4.0.30319_32 - ok 13:18:59.0623 5068 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:18:59.0631 5068 clr_optimization_v4.0.30319_64 - ok 13:18:59.0652 5068 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:18:59.0658 5068 cmdide - ok 13:18:59.0682 5068 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 13:18:59.0688 5068 Compbatt - ok 13:18:59.0691 5068 COMSysApp - ok 13:18:59.0695 5068 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:18:59.0702 5068 crcdisk - ok 13:18:59.0727 5068 [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:18:59.0746 5068 CryptSvc - ok 13:18:59.0910 5068 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 13:18:59.0915 5068 DAUpdaterSvc - ok 13:18:59.0972 5068 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 13:19:00.0000 5068 DcomLaunch - ok 13:19:00.0024 5068 [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:19:00.0042 5068 DfsC - ok 13:19:00.0150 5068 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 13:19:00.0229 5068 DFSR - ok 13:19:00.0291 5068 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 13:19:00.0310 5068 Dhcp - ok 13:19:00.0330 5068 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 13:19:00.0338 5068 disk - ok 13:19:00.0389 5068 [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:19:00.0407 5068 Dnscache - ok 13:19:00.0447 5068 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 13:19:00.0466 5068 dot3svc - ok 13:19:00.0487 5068 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 13:19:00.0513 5068 DPS - ok 13:19:00.0538 5068 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:19:00.0555 5068 drmkaud - ok 13:19:00.0578 5068 dump_wmimmc - ok 13:19:00.0644 5068 [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:19:00.0665 5068 DXGKrnl - ok 13:19:00.0714 5068 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 13:19:00.0740 5068 E1G60 - ok 13:19:00.0768 5068 EagleX64 - ok 13:19:00.0786 5068 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 13:19:00.0804 5068 EapHost - ok 13:19:00.0859 5068 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 13:19:00.0867 5068 Ecache - ok 13:19:00.0906 5068 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:19:00.0919 5068 ehRecvr - ok 13:19:00.0973 5068 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 13:19:00.0982 5068 ehSched - ok 13:19:00.0997 5068 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 13:19:01.0005 5068 ehstart - ok 13:19:01.0032 5068 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:19:01.0044 5068 elxstor - ok 13:19:01.0084 5068 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 13:19:01.0099 5068 EMDMgmt - ok 13:19:01.0133 5068 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:19:01.0141 5068 ErrDev - ok 13:19:01.0162 5068 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 13:19:01.0184 5068 EventSystem - ok 13:19:01.0222 5068 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 13:19:01.0232 5068 exfat - ok 13:19:01.0235 5068 ezSharedSvc - ok 13:19:01.0264 5068 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:19:01.0283 5068 fastfat - ok 13:19:01.0308 5068 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:19:01.0332 5068 fdc - ok 13:19:01.0336 5068 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 13:19:01.0361 5068 fdPHost - ok 13:19:01.0381 5068 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 13:19:01.0419 5068 FDResPub - ok 13:19:01.0431 5068 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:19:01.0438 5068 FileInfo - ok 13:19:01.0461 5068 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:19:01.0485 5068 Filetrace - ok 13:19:01.0506 5068 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:19:01.0531 5068 flpydisk - ok 13:19:01.0550 5068 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:19:01.0559 5068 FltMgr - ok 13:19:01.0620 5068 [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache C:\Windows\system32\FntCache.dll 13:19:01.0647 5068 FontCache - ok 13:19:01.0755 5068 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:19:01.0761 5068 FontCache3.0.0.0 - ok 13:19:01.0773 5068 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:19:01.0791 5068 Fs_Rec - ok 13:19:01.0819 5068 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:19:01.0825 5068 gagp30kx - ok 13:19:01.0907 5068 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 13:19:01.0915 5068 GamesAppService - ok 13:19:01.0947 5068 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 13:19:01.0975 5068 gpsvc - ok 13:19:02.0055 5068 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:19:02.0061 5068 gupdate - ok 13:19:02.0071 5068 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:19:02.0077 5068 gupdatem - ok 13:19:02.0132 5068 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:19:02.0143 5068 HdAudAddService - ok 13:19:02.0242 5068 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:19:02.0273 5068 HDAudBus - ok 13:19:02.0359 5068 [ 0457348421B377D172E893573D5CFE28 ] HH9Help.sys C:\Windows\system32\drivers\HH9Help.sys 13:19:02.0365 5068 HH9Help.sys - ok 13:19:02.0386 5068 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:19:02.0424 5068 HidBth - ok 13:19:02.0448 5068 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 13:19:02.0485 5068 HidIr - ok 13:19:02.0538 5068 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 13:19:02.0556 5068 hidserv - ok 13:19:02.0566 5068 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:19:02.0584 5068 HidUsb - ok 13:19:02.0604 5068 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 13:19:02.0630 5068 hkmsvc - ok 13:19:02.0680 5068 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 13:19:02.0684 5068 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 13:19:02.0684 5068 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 13:19:02.0710 5068 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe 13:19:02.0715 5068 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning 13:19:02.0715 5068 HPBtnSrv - detected UnsignedFile.Multi.Generic (1) 13:19:02.0739 5068 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 13:19:02.0745 5068 HpCISSs - ok 13:19:02.0780 5068 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:19:02.0797 5068 HTTP - ok 13:19:02.0840 5068 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 13:19:02.0847 5068 i2omp - ok 13:19:02.0875 5068 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:19:02.0892 5068 i8042prt - ok 13:19:02.0914 5068 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 13:19:02.0924 5068 iaStorV - ok 13:19:03.0034 5068 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 13:19:03.0038 5068 IDriverT ( UnsignedFile.Multi.Generic ) - warning 13:19:03.0038 5068 IDriverT - detected UnsignedFile.Multi.Generic (1) 13:19:03.0109 5068 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:19:03.0147 5068 idsvc - ok 13:19:03.0173 5068 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:19:03.0179 5068 iirsp - ok 13:19:03.0252 5068 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 13:19:03.0275 5068 IKEEXT - ok 13:19:03.0341 5068 [ 96B0A408842B0E214EDCB41E89438999 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 13:19:03.0407 5068 IntcAzAudAddService - ok 13:19:03.0448 5068 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 13:19:03.0454 5068 intelide - ok 13:19:03.0485 5068 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:19:03.0509 5068 intelppm - ok 13:19:03.0533 5068 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:19:03.0558 5068 IPBusEnum - ok 13:19:03.0593 5068 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:19:03.0611 5068 IpFilterDriver - ok 13:19:03.0614 5068 IpInIp - ok 13:19:03.0635 5068 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 13:19:03.0659 5068 IPMIDRV - ok 13:19:03.0672 5068 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 13:19:03.0697 5068 IPNAT - ok 13:19:03.0708 5068 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:19:03.0733 5068 IRENUM - ok 13:19:03.0781 5068 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:19:03.0788 5068 isapnp - ok 13:19:03.0821 5068 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 13:19:03.0831 5068 iScsiPrt - ok 13:19:03.0853 5068 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 13:19:03.0860 5068 iteatapi - ok 13:19:03.0905 5068 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 13:19:03.0911 5068 iteraid - ok 13:19:03.0930 5068 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:19:03.0936 5068 kbdclass - ok 13:19:03.0955 5068 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:19:03.0972 5068 kbdhid - ok 13:19:03.0992 5068 [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso C:\Windows\system32\lsass.exe 13:19:04.0001 5068 KeyIso - ok 13:19:04.0015 5068 [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:19:04.0029 5068 KSecDD - ok 13:19:04.0076 5068 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:19:04.0101 5068 ksthunk - ok 13:19:04.0117 5068 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 13:19:04.0147 5068 KtmRm - ok 13:19:04.0227 5068 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 13:19:04.0238 5068 LanmanServer - ok 13:19:04.0255 5068 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:19:04.0267 5068 LanmanWorkstation - ok 13:19:04.0288 5068 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 13:19:04.0292 5068 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 13:19:04.0292 5068 LightScribeService - detected UnsignedFile.Multi.Generic (1) 13:19:04.0316 5068 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 13:19:04.0322 5068 lirsgt - ok 13:19:04.0335 5068 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:19:04.0360 5068 lltdio - ok 13:19:04.0388 5068 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:19:04.0416 5068 lltdsvc - ok 13:19:04.0440 5068 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:19:04.0465 5068 lmhosts - ok 13:19:04.0492 5068 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:19:04.0499 5068 LSI_FC - ok 13:19:04.0513 5068 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:19:04.0521 5068 LSI_SAS - ok 13:19:04.0531 5068 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:19:04.0539 5068 LSI_SCSI - ok 13:19:04.0570 5068 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 13:19:04.0596 5068 luafv - ok 13:19:04.0662 5068 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 13:19:04.0671 5068 McComponentHostService - ok 13:19:04.0689 5068 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:19:04.0698 5068 Mcx2Svc - ok 13:19:04.0751 5068 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 13:19:04.0757 5068 megasas - ok 13:19:04.0817 5068 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 13:19:04.0912 5068 MegaSR - ok 13:19:04.0951 5068 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 13:19:04.0977 5068 MMCSS - ok 13:19:05.0011 5068 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 13:19:05.0036 5068 Modem - ok 13:19:05.0085 5068 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:19:05.0109 5068 monitor - ok 13:19:05.0146 5068 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:19:05.0152 5068 mouclass - ok 13:19:05.0164 5068 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:19:05.0189 5068 mouhid - ok 13:19:05.0198 5068 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 13:19:05.0205 5068 MountMgr - ok 13:19:05.0237 5068 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 13:19:05.0244 5068 mpio - ok 13:19:05.0278 5068 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:19:05.0296 5068 mpsdrv - ok 13:19:05.0321 5068 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 13:19:05.0328 5068 Mraid35x - ok 13:19:05.0356 5068 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:19:05.0367 5068 MRxDAV - ok 13:19:05.0408 5068 [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:19:05.0418 5068 mrxsmb - ok 13:19:05.0446 5068 [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:19:05.0456 5068 mrxsmb10 - ok 13:19:05.0477 5068 [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:19:05.0486 5068 mrxsmb20 - ok 13:19:05.0510 5068 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 13:19:05.0517 5068 msahci - ok 13:19:05.0540 5068 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:19:05.0547 5068 msdsm - ok 13:19:05.0564 5068 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 13:19:05.0591 5068 MSDTC - ok 13:19:05.0617 5068 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:19:05.0643 5068 Msfs - ok 13:19:05.0657 5068 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:19:05.0663 5068 msisadrv - ok 13:19:05.0690 5068 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:19:05.0717 5068 MSiSCSI - ok 13:19:05.0720 5068 msiserver - ok 13:19:05.0748 5068 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:19:05.0774 5068 MSKSSRV - ok 13:19:05.0784 5068 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:19:05.0811 5068 MSPCLOCK - ok 13:19:05.0821 5068 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:19:05.0850 5068 MSPQM - ok 13:19:05.0876 5068 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:19:05.0888 5068 MsRPC - ok 13:19:05.0911 5068 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 13:19:05.0918 5068 mssmbios - ok 13:19:05.0928 5068 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:19:05.0954 5068 MSTEE - ok 13:19:05.0959 5068 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 13:19:05.0967 5068 Mup - ok 13:19:05.0989 5068 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 13:19:06.0017 5068 napagent - ok 13:19:06.0082 5068 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:19:06.0094 5068 NativeWifiP - ok 13:19:06.0168 5068 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:19:06.0201 5068 NDIS - ok 13:19:06.0230 5068 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:19:06.0249 5068 NdisTapi - ok 13:19:06.0278 5068 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:19:06.0303 5068 Ndisuio - ok 13:19:06.0338 5068 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:19:06.0357 5068 NdisWan - ok 13:19:06.0414 5068 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:19:06.0432 5068 NDProxy - ok 13:19:06.0461 5068 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:19:06.0487 5068 NetBIOS - ok 13:19:06.0665 5068 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 13:19:06.0684 5068 netbt - ok 13:19:06.0709 5068 [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon C:\Windows\system32\lsass.exe 13:19:06.0718 5068 Netlogon - ok 13:19:06.0947 5068 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 13:19:06.0991 5068 Netman - ok 13:19:07.0050 5068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:07.0058 5068 NetMsmqActivator - ok 13:19:07.0102 5068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:07.0109 5068 NetPipeActivator - ok 13:19:07.0156 5068 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 13:19:07.0185 5068 netprofm - ok 13:19:07.0189 5068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:07.0196 5068 NetTcpActivator - ok 13:19:07.0200 5068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:19:07.0207 5068 NetTcpPortSharing - ok 13:19:07.0222 5068 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:19:07.0229 5068 nfrd960 - ok 13:19:07.0295 5068 [ 473AB3856CA286A616998CB34762EB6D ] nHancer E:\Program Files\nHancer\nHancerService.exe 13:19:07.0298 5068 nHancer ( UnsignedFile.Multi.Generic ) - warning 13:19:07.0298 5068 nHancer - detected UnsignedFile.Multi.Generic (1) 13:19:07.0319 5068 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 13:19:07.0346 5068 NlaSvc - ok 13:19:07.0440 5068 [ C71311E06C2CF6A4E3AB84404E1BE8C3 ] nlsvc C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe 13:19:07.0455 5068 nlsvc ( UnsignedFile.Multi.Generic ) - warning 13:19:07.0455 5068 nlsvc - detected UnsignedFile.Multi.Generic (1) 13:19:07.0504 5068 [ D4E38BF6563C88445FBDFDFFE0308BAF ] nltdi C:\Windows\system32\drivers\nltdi.sys 13:19:07.0511 5068 nltdi - ok 13:19:07.0562 5068 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:19:07.0580 5068 Npfs - ok 13:19:07.0627 5068 npggsvc - ok 13:19:07.0721 5068 [ CA79C58B966C16B2CC4A3FD3F6AD5EC1 ] npkcft64 C:\Windows\SysWOW64\npkcft64.sys 13:19:07.0728 5068 npkcft64 - ok 13:19:07.0850 5068 [ 93B9A6B06C873A425AB18A834CD381D0 ] npkcmsvc C:\Windows\SysWOW64\npkcmsvc.exe 13:19:07.0859 5068 npkcmsvc - ok 13:19:07.0902 5068 [ FBAC9BDA9E3CAB742EF9D10FF23201E1 ] npkuft64 C:\Windows\SysWOW64\npkuft64.sys 13:19:07.0909 5068 npkuft64 - ok 13:19:07.0912 5068 NPPTNT2 - ok 13:19:07.0991 5068 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 13:19:08.0017 5068 nsi - ok 13:19:08.0082 5068 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:19:08.0106 5068 nsiproxy - ok 13:19:08.0446 5068 [ 213866EF6F9E75131CE844130F172ABF ] NSPService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe 13:19:08.0475 5068 NSPService - ok 13:19:08.0642 5068 [ 79BC85B1D188DADC51BA02A977BF4985 ] NSPUpdateService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe 13:19:08.0684 5068 NSPUpdateService - ok 13:19:08.0797 5068 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:19:08.0837 5068 Ntfs - ok 13:19:08.0927 5068 nTuneService - ok 13:19:08.0947 5068 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 13:19:08.0971 5068 Null - ok 13:19:09.0289 5068 [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:19:09.0568 5068 nvlddmkm - ok 13:19:09.0601 5068 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys 13:19:09.0607 5068 nvoclk64 - ok 13:19:09.0627 5068 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:19:09.0635 5068 nvraid - ok 13:19:09.0646 5068 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:19:09.0653 5068 nvstor - ok 13:19:09.0705 5068 [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc C:\Windows\system32\nvvsvc.exe 13:19:09.0727 5068 nvsvc - ok 13:19:09.0787 5068 [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 13:19:09.0814 5068 nvUpdatusService - ok 13:19:09.0841 5068 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:19:09.0848 5068 nv_agp - ok 13:19:09.0851 5068 NwlnkFlt - ok 13:19:09.0855 5068 NwlnkFwd - ok 13:19:09.0918 5068 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 13:19:09.0936 5068 ohci1394 - ok 13:19:09.0981 5068 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 13:19:10.0001 5068 p2pimsvc - ok 13:19:10.0090 5068 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 13:19:10.0182 5068 p2psvc - ok 13:19:10.0242 5068 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 13:19:10.0285 5068 Parport - ok 13:19:10.0394 5068 [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:19:10.0402 5068 partmgr - ok 13:19:10.0431 5068 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 13:19:10.0443 5068 PcaSvc - ok 13:19:10.0541 5068 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms 13:19:10.0546 5068 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning 13:19:10.0546 5068 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1) 13:19:10.0582 5068 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 13:19:10.0591 5068 pci - ok 13:19:10.0606 5068 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 13:19:10.0613 5068 pciide - ok 13:19:10.0643 5068 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 13:19:10.0651 5068 pcmcia - ok 13:19:10.0691 5068 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:19:10.0738 5068 PEAUTH - ok 13:19:10.0815 5068 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:19:10.0841 5068 PerfHost - ok 13:19:10.0882 5068 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 13:19:10.0958 5068 pla - ok 13:19:11.0017 5068 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:19:11.0038 5068 PlugPlay - ok 13:19:11.0090 5068 PnkBstrA - ok 13:19:11.0140 5068 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 13:19:11.0160 5068 PNRPAutoReg - ok 13:19:11.0215 5068 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 13:19:11.0234 5068 PNRPsvc - ok 13:19:11.0295 5068 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:19:11.0319 5068 PolicyAgent - ok 13:19:11.0399 5068 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:19:11.0417 5068 PptpMiniport - ok 13:19:11.0424 5068 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys 13:19:11.0449 5068 Processor - ok 13:19:11.0489 5068 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 13:19:11.0511 5068 ProfSvc - ok 13:19:11.0533 5068 [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:19:11.0543 5068 ProtectedStorage - ok 13:19:11.0576 5068 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys 13:19:11.0584 5068 Ps2 - ok 13:19:11.0626 5068 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 13:19:11.0646 5068 PSched - ok 13:19:11.0680 5068 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:19:11.0713 5068 ql2300 - ok 13:19:11.0748 5068 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:19:11.0756 5068 ql40xx - ok 13:19:11.0793 5068 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 13:19:11.0806 5068 QWAVE - ok 13:19:11.0816 5068 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:19:11.0827 5068 QWAVEdrv - ok 13:19:11.0834 5068 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:19:11.0860 5068 RasAcd - ok 13:19:11.0873 5068 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 13:19:11.0900 5068 RasAuto - ok 13:19:11.0927 5068 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:19:11.0946 5068 Rasl2tp - ok 13:19:11.0952 5068 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 13:19:11.0973 5068 RasMan - ok 13:19:12.0016 5068 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:19:12.0034 5068 RasPppoe - ok 13:19:12.0054 5068 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:19:12.0064 5068 RasSstp - ok 13:19:12.0125 5068 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:19:12.0145 5068 rdbss - ok 13:19:12.0172 5068 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:19:12.0196 5068 RDPCDD - ok 13:19:12.0228 5068 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 13:19:12.0255 5068 rdpdr - ok 13:19:12.0267 5068 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:19:12.0292 5068 RDPENCDD - ok 13:19:12.0316 5068 [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:19:12.0336 5068 RDPWD - ok 13:19:12.0370 5068 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:19:12.0396 5068 RemoteAccess - ok 13:19:12.0449 5068 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:19:12.0470 5068 RemoteRegistry - ok 13:19:12.0489 5068 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 13:19:12.0499 5068 RpcLocator - ok 13:19:12.0555 5068 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 13:19:12.0583 5068 RpcSs - ok 13:19:12.0617 5068 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:19:12.0642 5068 rspndr - ok 13:19:12.0676 5068 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 13:19:12.0692 5068 RTL8169 - ok 13:19:12.0700 5068 [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs C:\Windows\system32\lsass.exe 13:19:12.0710 5068 SamSs - ok 13:19:12.0735 5068 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:19:12.0742 5068 sbp2port - ok 13:19:12.0794 5068 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:19:12.0815 5068 SCardSvr - ok 13:19:12.0846 5068 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 13:19:12.0869 5068 Schedule - ok 13:19:12.0921 5068 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 13:19:12.0939 5068 SCPolicySvc - ok 13:19:12.0977 5068 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:19:12.0988 5068 SDRSVC - ok 13:19:12.0995 5068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:19:13.0033 5068 secdrv - ok 13:19:13.0038 5068 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 13:19:13.0065 5068 seclogon - ok 13:19:13.0072 5068 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 13:19:13.0099 5068 SENS - ok 13:19:13.0118 5068 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 13:19:13.0157 5068 Serenum - ok 13:19:13.0179 5068 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 13:19:13.0219 5068 Serial - ok 13:19:13.0244 5068 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:19:13.0269 5068 sermouse - ok 13:19:13.0289 5068 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 13:19:13.0316 5068 SessionEnv - ok 13:19:13.0349 5068 [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys 13:19:13.0356 5068 sfdrv01 - ok 13:19:13.0369 5068 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:19:13.0394 5068 sffdisk - ok 13:19:13.0405 5068 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:19:13.0430 5068 sffp_mmc - ok 13:19:13.0441 5068 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:19:13.0465 5068 sffp_sd - ok 13:19:13.0491 5068 [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys 13:19:13.0497 5068 sfhlp02 - ok 13:19:13.0509 5068 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 13:19:13.0547 5068 sfloppy - ok 13:19:13.0575 5068 [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04 C:\Windows\system32\drivers\sfsync04.sys 13:19:13.0581 5068 sfsync04 - ok 13:19:13.0645 5068 [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:19:13.0667 5068 ShellHWDetection - ok 13:19:13.0678 5068 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 13:19:13.0685 5068 SiSRaid2 - ok 13:19:13.0700 5068 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:19:13.0707 5068 SiSRaid4 - ok 13:19:13.0775 5068 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate E:\Program Files (x86)\Skype\Updater\Updater.exe 13:19:13.0782 5068 SkypeUpdate - ok 13:19:13.0860 5068 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 13:19:13.0931 5068 slsvc - ok 13:19:13.0966 5068 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 13:19:13.0986 5068 SLUINotify - ok 13:19:14.0057 5068 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:19:14.0075 5068 Smb - ok 13:19:14.0100 5068 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:19:14.0110 5068 SNMPTRAP - ok 13:19:14.0128 5068 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 13:19:14.0136 5068 spldr - ok 13:19:14.0193 5068 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 13:19:14.0205 5068 Spooler - ok 13:19:14.0259 5068 [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd C:\Windows\System32\Drivers\sptd.sys 13:19:14.0260 5068 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF 13:19:14.0261 5068 sptd ( LockedFile.Multi.Generic ) - warning 13:19:14.0261 5068 sptd - detected LockedFile.Multi.Generic (1) 13:19:14.0324 5068 [ 8CD33A47CA02C79038B669F31F95BDAC ] srv C:\Windows\system32\DRIVERS\srv.sys 13:19:14.0338 5068 srv - ok 13:19:14.0410 5068 [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:19:14.0420 5068 srv2 - ok 13:19:14.0427 5068 [ 2B8C340F830C465F514D966F7E6A822F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:19:14.0437 5068 srvnet - ok 13:19:14.0442 5068 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:19:14.0470 5068 SSDPSRV - ok 13:19:14.0508 5068 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:19:14.0520 5068 SstpSvc - ok 13:19:14.0554 5068 Steam Client Service - ok 13:19:14.0598 5068 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 13:19:14.0616 5068 stisvc - ok 13:19:14.0664 5068 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 13:19:14.0670 5068 swenum - ok 13:19:14.0723 5068 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 13:19:14.0749 5068 swprv - ok 13:19:14.0768 5068 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 13:19:14.0775 5068 Symc8xx - ok 13:19:14.0807 5068 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 13:19:14.0813 5068 Sym_hi - ok 13:19:14.0826 5068 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 13:19:14.0833 5068 Sym_u3 - ok 13:19:14.0890 5068 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 13:19:14.0922 5068 SysMain - ok 13:19:14.0927 5068 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:19:14.0941 5068 TabletInputService - ok 13:19:14.0959 5068 tandpl - ok 13:19:15.0130 5068 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:19:15.0152 5068 TapiSrv - ok 13:19:15.0219 5068 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 13:19:15.0246 5068 TBS - ok 13:19:15.0288 5068 [ 0011810B5211FDACD784DE585262ECFE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:19:15.0320 5068 Tcpip - ok 13:19:15.0439 5068 [ 0011810B5211FDACD784DE585262ECFE ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 13:19:15.0551 5068 Tcpip6 - ok 13:19:15.0606 5068 [ CE3AE2BA7A076F0ADE9F48C598C1D15D ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:19:15.0615 5068 tcpipreg - ok 13:19:15.0632 5068 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:19:15.0656 5068 TDPIPE - ok 13:19:15.0681 5068 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:19:15.0705 5068 TDTCP - ok 13:19:15.0749 5068 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:19:15.0768 5068 tdx - ok 13:19:15.0778 5068 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 13:19:15.0785 5068 TermDD - ok 13:19:15.0830 5068 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 13:19:15.0856 5068 TermService - ok 13:19:15.0887 5068 [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes C:\Windows\system32\shsvcs.dll 13:19:15.0909 5068 Themes - ok 13:19:15.0934 5068 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 13:19:15.0960 5068 THREADORDER - ok 13:19:16.0003 5068 [ 49916F9CE160399B868176298D7D1B18 ] TKCtrl C:\Windows\system32\TKCtrl2k64.sys 13:19:16.0011 5068 TKCtrl - ok 13:19:16.0036 5068 [ D2DF92451F2F5D381171C2AAC50AD352 ] TKFsAvM C:\Windows\system32\TKFsAv64.sys 13:19:16.0046 5068 TKFsAvM - ok 13:19:16.0085 5068 [ B62AE84BAFC7581FE3BF72B1BAFF7EB4 ] TkFsFtM C:\Windows\system32\TKFsFt64.sys 13:19:16.0093 5068 TkFsFtM - ok 13:19:16.0129 5068 [ 9638CBC32E752C61BE3D2AC5F128A572 ] TKFWFV C:\Windows\system32\TKFWFV64.sys 13:19:16.0136 5068 TKFWFV - ok 13:19:16.0173 5068 [ 39211E00F15B399938A1222064157061 ] TKFWVT C:\Windows\system32\TKFWVT64.sys 13:19:16.0182 5068 TKFWVT - ok 13:19:16.0219 5068 [ A653DE4BB01789B987B1B67C253EF5AE ] TkIdsVt C:\Windows\system32\TkIdsVt64.sys 13:19:16.0228 5068 TkIdsVt - ok 13:19:16.0233 5068 [ C78246370A8E2BA691A33DB2655FB77A ] TKPcFt C:\Windows\system32\TKPcFtCb64.sys 13:19:16.0241 5068 TKPcFt - ok 13:19:16.0257 5068 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 13:19:16.0284 5068 TrkWks - ok 13:19:16.0349 5068 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:19:16.0367 5068 TrustedInstaller - ok 13:19:16.0389 5068 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:19:16.0413 5068 tssecsrv - ok 13:19:16.0435 5068 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 13:19:16.0444 5068 tunmp - ok 13:19:16.0473 5068 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:19:16.0482 5068 tunnel - ok 13:19:16.0502 5068 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:19:16.0509 5068 uagp35 - ok 13:19:16.0541 5068 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:19:16.0561 5068 udfs - ok 13:19:16.0568 5068 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:19:16.0594 5068 UI0Detect - ok 13:19:16.0617 5068 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:19:16.0624 5068 uliagpkx - ok 13:19:16.0648 5068 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 13:19:16.0657 5068 uliahci - ok 13:19:16.0692 5068 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 13:19:16.0699 5068 UlSata - ok 13:19:16.0727 5068 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 13:19:16.0735 5068 ulsata2 - ok 13:19:16.0757 5068 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:19:16.0782 5068 umbus - ok 13:19:16.0828 5068 UpdateCenterService - ok 13:19:16.0839 5068 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 13:19:16.0870 5068 upnphost - ok 13:19:16.0941 5068 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:19:16.0959 5068 usbccgp - ok 13:19:16.0979 5068 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:19:17.0018 5068 usbcir - ok 13:19:17.0046 5068 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:19:17.0064 5068 usbehci - ok 13:19:17.0100 5068 [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 13:19:17.0106 5068 usbfilter - ok 13:19:17.0117 5068 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:19:17.0137 5068 usbhub - ok 13:19:17.0143 5068 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 13:19:17.0160 5068 usbohci - ok 13:19:17.0189 5068 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:19:17.0214 5068 usbprint - ok 13:19:17.0217 5068 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:19:17.0235 5068 USBSTOR - ok 13:19:17.0250 5068 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 13:19:17.0268 5068 usbuhci - ok 13:19:17.0279 5068 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 13:19:17.0298 5068 UxSms - ok 13:19:17.0334 5068 [ 43D018A3ACBA1DCB0BD336476E122B69 ] VC9SecS E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe 13:19:17.0341 5068 VC9SecS - ok 13:19:17.0411 5068 [ 53606539DE7E6225211F576A6EBFBA39 ] vcd9bus C:\Windows\system32\DRIVERS\vcd9bus.sys 13:19:17.0417 5068 vcd9bus - ok 13:19:17.0465 5068 [ 689917FB02D3005CE98DB1FEA8A81E5C ] vdrv9000 C:\Windows\system32\DRIVERS\vdrv9000.sys 13:19:17.0471 5068 vdrv9000 - ok 13:19:17.0519 5068 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 13:19:17.0544 5068 vds - ok 13:19:17.0583 5068 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:19:17.0607 5068 vga - ok 13:19:17.0611 5068 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 13:19:17.0636 5068 VgaSave - ok 13:19:17.0652 5068 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 13:19:17.0658 5068 viaide - ok 13:19:17.0699 5068 [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm C:\Windows\system32\Treiber\vmm.sys 13:19:17.0708 5068 vmm - ok 13:19:17.0721 5068 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:19:17.0729 5068 volmgr - ok 13:19:17.0782 5068 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:19:17.0795 5068 volmgrx - ok 13:19:17.0809 5068 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:19:17.0819 5068 volsnap - ok 13:19:17.0853 5068 [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys 13:19:17.0859 5068 VPCNetS2 - ok 13:19:17.0885 5068 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:19:17.0893 5068 vsmraid - ok 13:19:17.0942 5068 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 13:19:18.0005 5068 VSS - ok 13:19:18.0048 5068 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 13:19:18.0072 5068 W32Time - ok 13:19:18.0093 5068 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:19:18.0131 5068 WacomPen - ok 13:19:18.0175 5068 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 13:19:18.0193 5068 Wanarp - ok 13:19:18.0196 5068 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:19:18.0214 5068 Wanarpv6 - ok 13:19:18.0228 5068 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:19:18.0247 5068 wcncsvc - ok 13:19:18.0259 5068 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:19:18.0279 5068 WcsPlugInService - ok 13:19:18.0303 5068 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 13:19:18.0309 5068 Wd - ok 13:19:18.0351 5068 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:19:18.0372 5068 Wdf01000 - ok 13:19:18.0401 5068 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:19:18.0428 5068 WdiServiceHost - ok 13:19:18.0431 5068 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:19:18.0458 5068 WdiSystemHost - ok 13:19:18.0472 5068 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 13:19:18.0485 5068 WebClient - ok 13:19:18.0491 5068 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:19:18.0519 5068 Wecsvc - ok 13:19:18.0529 5068 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:19:18.0549 5068 wercplsupport - ok 13:19:18.0558 5068 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 13:19:18.0579 5068 WerSvc - ok 13:19:18.0584 5068 WinHttpAutoProxySvc - ok 13:19:18.0662 5068 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:19:18.0682 5068 Winmgmt - ok 13:19:18.0742 5068 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll 13:19:18.0776 5068 WinRM - ok 13:19:18.0821 5068 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 13:19:18.0841 5068 Wlansvc - ok 13:19:18.0986 5068 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:19:19.0049 5068 wlidsvc - ok 13:19:19.0066 5068 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:19:19.0074 5068 WmiAcpi - ok 13:19:19.0129 5068 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:19:19.0148 5068 wmiApSrv - ok 13:19:19.0151 5068 WMPNetworkSvc - ok 13:19:19.0161 5068 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:19:19.0173 5068 WPCSvc - ok 13:19:19.0218 5068 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:19:19.0229 5068 WPDBusEnum - ok 13:19:19.0367 5068 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:19:19.0410 5068 WPFFontCache_v0400 - ok 13:19:19.0430 5068 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:19:19.0454 5068 ws2ifsl - ok 13:19:19.0457 5068 WSearch - ok 13:19:19.0500 5068 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:19:19.0525 5068 WUDFRd - ok 13:19:19.0534 5068 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:19:19.0561 5068 wudfsvc - ok 13:19:19.0643 5068 X6va005 - ok 13:19:19.0679 5068 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 13:19:19.0684 5068 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 13:19:19.0687 5068 ================ Scan global =============================== 13:19:19.0714 5068 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 13:19:19.0759 5068 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll 13:19:19.0775 5068 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll 13:19:19.0821 5068 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe 13:19:19.0825 5068 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected 13:19:19.0825 5068 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0) 13:19:19.0826 5068 ================ Scan MBR ================================== 13:19:19.0854 5068 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0 13:19:20.0256 5068 \Device\Harddisk0\DR0 - ok 13:19:20.0280 5068 [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1 13:19:20.0359 5068 \Device\Harddisk1\DR1 - ok 13:19:20.0360 5068 ================ Scan VBR ================================== 13:19:20.0362 5068 [ 27E9362AA78875B12248F97C95836487 ] \Device\Harddisk0\DR0\Partition1 13:19:20.0363 5068 \Device\Harddisk0\DR0\Partition1 - ok 13:19:20.0365 5068 [ 219370FB1439A3125D7F9E6F8724A60C ] \Device\Harddisk0\DR0\Partition2 13:19:20.0366 5068 \Device\Harddisk0\DR0\Partition2 - ok 13:19:20.0369 5068 [ 960CDE92622C58C393F6E4FC501C8B8C ] \Device\Harddisk1\DR1\Partition1 13:19:20.0370 5068 \Device\Harddisk1\DR1\Partition1 - ok 13:19:20.0370 5068 ============================================================ 13:19:20.0370 5068 Scan finished 13:19:20.0370 5068 ============================================================ 13:19:20.0377 5364 Detected object count: 10 13:19:20.0377 5364 Actual detected object count: 10 13:19:33.0641 5364 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0641 5364 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0642 5364 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0642 5364 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0643 5364 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0643 5364 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0644 5364 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0644 5364 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0645 5364 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0645 5364 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0646 5364 nHancer ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0646 5364 nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0647 5364 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0647 5364 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0648 5364 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user 13:19:33.0648 5364 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:19:33.0649 5364 sptd ( LockedFile.Multi.Generic ) - skipped by user 13:19:33.0649 5364 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 13:19:33.0650 5364 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user 13:19:33.0650 5364 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip 13:19:38.0579 5416 Deinitialize success |
01.07.2013, 13:06 | #4 | |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefundenZitat:
Neuen Scan mit TDSSKiller, das Log ebenfalls bitte posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.07.2013, 13:34 | #5 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Soooo, durchlaufen gelassen, hier der Log: Code:
ATTFilter 14:10:53.0573 5600 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:10:53.0829 5600 ============================================================ 14:10:53.0829 5600 Current date / time: 2013/07/01 14:10:53.0829 14:10:53.0829 5600 SystemInfo: 14:10:53.0829 5600 14:10:53.0829 5600 OS Version: 6.0.6002 ServicePack: 2.0 14:10:53.0829 5600 Product type: Workstation 14:10:53.0829 5600 ComputerName: GAST-PC 14:10:53.0829 5600 UserName: Gast 14:10:53.0829 5600 Windows directory: C:\Windows 14:10:53.0829 5600 System windows directory: C:\Windows 14:10:53.0829 5600 Running under WOW64 14:10:53.0829 5600 Processor architecture: Intel x64 14:10:53.0829 5600 Number of processors: 4 14:10:53.0829 5600 Page size: 0x1000 14:10:53.0829 5600 Boot type: Normal boot 14:10:53.0829 5600 ============================================================ 14:10:54.0060 5600 Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:10:54.0083 5600 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:10:54.0115 5600 ============================================================ 14:10:54.0115 5600 \Device\Harddisk0\DR0: 14:10:54.0116 5600 MBR partitions: 14:10:54.0116 5600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48AA5D70 14:10:54.0116 5600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AA5DAF, BlocksNum 0x1D6E641 14:10:54.0116 5600 \Device\Harddisk1\DR1: 14:10:54.0116 5600 MBR partitions: 14:10:54.0116 5600 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82 14:10:54.0116 5600 ============================================================ 14:10:54.0145 5600 C: <-> \Device\Harddisk0\DR0\Partition1 14:10:54.0186 5600 E: <-> \Device\Harddisk1\DR1\Partition1 14:10:54.0282 5600 D: <-> \Device\Harddisk0\DR0\Partition2 14:10:54.0282 5600 ============================================================ 14:10:54.0282 5600 Initialize success 14:10:54.0282 5600 ============================================================ 14:11:00.0560 5240 ============================================================ 14:11:00.0560 5240 Scan started 14:11:00.0560 5240 Mode: Manual; SigCheck; TDLFS; 14:11:00.0560 5240 ============================================================ 14:11:01.0569 5240 ================ Scan system memory ======================== 14:11:01.0569 5240 System memory - ok 14:11:01.0569 5240 ================ Scan services ============================= 14:11:01.0721 5240 [ F146E2BA475893DD77B2370DC1211FC6 ] 97862858 C:\Windows\system32\drivers\83758499.sys 14:11:01.0819 5240 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe 14:11:01.0893 5240 AAV UpdateService - ok 14:11:01.0935 5240 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:11:01.0947 5240 ACPI - ok 14:11:02.0027 5240 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:11:02.0036 5240 AdobeFlashPlayerUpdateSvc - ok 14:11:02.0081 5240 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:11:02.0096 5240 adp94xx - ok 14:11:02.0132 5240 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:11:02.0143 5240 adpahci - ok 14:11:02.0168 5240 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:11:02.0175 5240 adpu160m - ok 14:11:02.0187 5240 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:11:02.0195 5240 adpu320 - ok 14:11:02.0225 5240 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:11:02.0245 5240 AeLookupSvc - ok 14:11:02.0285 5240 [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD C:\Windows\system32\drivers\afd.sys 14:11:02.0307 5240 AFD - ok 14:11:02.0321 5240 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:11:02.0328 5240 agp440 - ok 14:11:02.0360 5240 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys 14:11:02.0381 5240 ahcix64s - ok 14:11:02.0397 5240 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:11:02.0404 5240 aic78xx - ok 14:11:02.0418 5240 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 14:11:02.0443 5240 ALG - ok 14:11:02.0461 5240 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 14:11:02.0467 5240 aliide - ok 14:11:02.0481 5240 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 14:11:02.0487 5240 amdide - ok 14:11:02.0523 5240 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:11:02.0548 5240 AmdK8 - ok 14:11:02.0608 5240 [ 03E7D34FA978123760EE9DBA30930137 ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe 14:11:02.0612 5240 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning 14:11:02.0612 5240 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1) 14:11:02.0637 5240 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 14:11:02.0646 5240 Appinfo - ok 14:11:02.0660 5240 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 14:11:02.0667 5240 arc - ok 14:11:02.0694 5240 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:11:02.0701 5240 arcsas - ok 14:11:02.0823 5240 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:11:02.0830 5240 aspnet_state - ok 14:11:02.0860 5240 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 14:11:02.0866 5240 aswFsBlk - ok 14:11:02.0908 5240 [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW C:\Windows\system32\drivers\aswFW.sys 14:11:02.0915 5240 aswFW - ok 14:11:02.0948 5240 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 14:11:02.0954 5240 aswKbd - ok 14:11:03.0009 5240 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 14:11:03.0016 5240 aswMonFlt - ok 14:11:03.0065 5240 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys 14:11:03.0070 5240 aswNdis - ok 14:11:03.0109 5240 [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys 14:11:03.0118 5240 aswNdis2 - ok 14:11:03.0138 5240 [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr C:\Windows\system32\drivers\AswRdr.sys 14:11:03.0144 5240 AswRdr - ok 14:11:03.0186 5240 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 14:11:03.0192 5240 aswRvrt - ok 14:11:03.0234 5240 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 14:11:03.0256 5240 aswSnx - ok 14:11:03.0324 5240 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys 14:11:03.0336 5240 aswSP - ok 14:11:03.0378 5240 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 14:11:03.0384 5240 aswTdi - ok 14:11:03.0413 5240 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 14:11:03.0420 5240 aswVmm - ok 14:11:03.0462 5240 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:11:03.0486 5240 AsyncMac - ok 14:11:03.0513 5240 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 14:11:03.0520 5240 atapi - ok 14:11:03.0540 5240 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 14:11:03.0545 5240 AtiPcie - ok 14:11:03.0591 5240 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 14:11:03.0600 5240 atksgt - ok 14:11:03.0664 5240 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:11:03.0687 5240 AudioEndpointBuilder - ok 14:11:03.0730 5240 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:11:03.0753 5240 AudioSrv - ok 14:11:03.0903 5240 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 14:11:03.0909 5240 avast! Antivirus - ok 14:11:03.0956 5240 [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 14:11:03.0963 5240 avast! Firewall - ok 14:11:04.0011 5240 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:11:04.0036 5240 blbdrive - ok 14:11:04.0074 5240 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:11:04.0099 5240 bowser - ok 14:11:04.0124 5240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:11:04.0141 5240 BrFiltLo - ok 14:11:04.0175 5240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:11:04.0192 5240 BrFiltUp - ok 14:11:04.0216 5240 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 14:11:04.0241 5240 Browser - ok 14:11:04.0269 5240 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 14:11:04.0307 5240 Brserid - ok 14:11:04.0342 5240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:11:04.0380 5240 BrSerWdm - ok 14:11:04.0391 5240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:11:04.0428 5240 BrUsbMdm - ok 14:11:04.0438 5240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:11:04.0475 5240 BrUsbSer - ok 14:11:04.0497 5240 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:11:04.0535 5240 BTHMODEM - ok 14:11:04.0563 5240 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:11:04.0589 5240 cdfs - ok 14:11:04.0616 5240 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:11:04.0633 5240 cdrom - ok 14:11:04.0837 5240 [ DFC81DD1112338DC8500E8A3E8ADE77D ] CEDRIVER60 E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys 14:11:04.0844 5240 CEDRIVER60 - ok 14:11:04.0893 5240 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 14:11:04.0911 5240 CertPropSvc - ok 14:11:04.0923 5240 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 14:11:04.0948 5240 circlass - ok 14:11:04.0993 5240 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 14:11:05.0006 5240 CLFS - ok 14:11:05.0102 5240 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:11:05.0109 5240 clr_optimization_v2.0.50727_32 - ok 14:11:05.0172 5240 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:11:05.0179 5240 clr_optimization_v2.0.50727_64 - ok 14:11:05.0278 5240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:11:05.0285 5240 clr_optimization_v4.0.30319_32 - ok 14:11:05.0336 5240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:11:05.0343 5240 clr_optimization_v4.0.30319_64 - ok 14:11:05.0365 5240 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:11:05.0370 5240 cmdide - ok 14:11:05.0403 5240 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:11:05.0409 5240 Compbatt - ok 14:11:05.0413 5240 COMSysApp - ok 14:11:05.0417 5240 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:11:05.0423 5240 crcdisk - ok 14:11:05.0448 5240 [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:11:05.0468 5240 CryptSvc - ok 14:11:05.0629 5240 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 14:11:05.0634 5240 DAUpdaterSvc - ok 14:11:05.0693 5240 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 14:11:05.0722 5240 DcomLaunch - ok 14:11:05.0754 5240 [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:11:05.0772 5240 DfsC - ok 14:11:05.0880 5240 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 14:11:05.0958 5240 DFSR - ok 14:11:06.0020 5240 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:11:06.0040 5240 Dhcp - ok 14:11:06.0060 5240 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 14:11:06.0067 5240 disk - ok 14:11:06.0118 5240 [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:11:06.0137 5240 Dnscache - ok 14:11:06.0176 5240 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 14:11:06.0196 5240 dot3svc - ok 14:11:06.0216 5240 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 14:11:06.0242 5240 DPS - ok 14:11:06.0268 5240 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:11:06.0285 5240 drmkaud - ok 14:11:06.0307 5240 dump_wmimmc - ok 14:11:06.0365 5240 [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:11:06.0388 5240 DXGKrnl - ok 14:11:06.0460 5240 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 14:11:06.0486 5240 E1G60 - ok 14:11:06.0514 5240 EagleX64 - ok 14:11:06.0532 5240 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 14:11:06.0551 5240 EapHost - ok 14:11:06.0605 5240 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 14:11:06.0613 5240 Ecache - ok 14:11:06.0652 5240 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:11:06.0665 5240 ehRecvr - ok 14:11:06.0711 5240 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 14:11:06.0720 5240 ehSched - ok 14:11:06.0735 5240 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 14:11:06.0743 5240 ehstart - ok 14:11:06.0769 5240 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:11:06.0782 5240 elxstor - ok 14:11:06.0822 5240 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:11:06.0837 5240 EMDMgmt - ok 14:11:06.0871 5240 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:11:06.0878 5240 ErrDev - ok 14:11:06.0933 5240 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 14:11:06.0956 5240 EventSystem - ok 14:11:07.0027 5240 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 14:11:07.0037 5240 exfat - ok 14:11:07.0040 5240 ezSharedSvc - ok 14:11:07.0069 5240 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:11:07.0089 5240 fastfat - ok 14:11:07.0121 5240 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:11:07.0145 5240 fdc - ok 14:11:07.0149 5240 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 14:11:07.0174 5240 fdPHost - ok 14:11:07.0194 5240 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 14:11:07.0234 5240 FDResPub - ok 14:11:07.0244 5240 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:11:07.0250 5240 FileInfo - ok 14:11:07.0274 5240 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:11:07.0298 5240 Filetrace - ok 14:11:07.0327 5240 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:11:07.0352 5240 flpydisk - ok 14:11:07.0371 5240 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:11:07.0381 5240 FltMgr - ok 14:11:07.0441 5240 [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache C:\Windows\system32\FntCache.dll 14:11:07.0467 5240 FontCache - ok 14:11:07.0576 5240 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:11:07.0582 5240 FontCache3.0.0.0 - ok 14:11:07.0595 5240 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:11:07.0612 5240 Fs_Rec - ok 14:11:07.0640 5240 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:11:07.0646 5240 gagp30kx - ok 14:11:07.0720 5240 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 14:11:07.0728 5240 GamesAppService - ok 14:11:07.0760 5240 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 14:11:07.0787 5240 gpsvc - ok 14:11:07.0892 5240 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:11:07.0899 5240 gupdate - ok 14:11:07.0909 5240 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:11:07.0915 5240 gupdatem - ok 14:11:07.0953 5240 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:11:07.0964 5240 HdAudAddService - ok 14:11:08.0022 5240 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:11:08.0052 5240 HDAudBus - ok 14:11:08.0130 5240 [ 0457348421B377D172E893573D5CFE28 ] HH9Help.sys C:\Windows\system32\drivers\HH9Help.sys 14:11:08.0136 5240 HH9Help.sys - ok 14:11:08.0157 5240 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:11:08.0195 5240 HidBth - ok 14:11:08.0227 5240 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 14:11:08.0265 5240 HidIr - ok 14:11:08.0317 5240 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 14:11:08.0335 5240 hidserv - ok 14:11:08.0346 5240 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:11:08.0363 5240 HidUsb - ok 14:11:08.0384 5240 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 14:11:08.0410 5240 hkmsvc - ok 14:11:08.0476 5240 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 14:11:08.0480 5240 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 14:11:08.0480 5240 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 14:11:08.0506 5240 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe 14:11:08.0511 5240 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning 14:11:08.0511 5240 HPBtnSrv - detected UnsignedFile.Multi.Generic (1) 14:11:08.0535 5240 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:11:08.0541 5240 HpCISSs - ok 14:11:08.0576 5240 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:11:08.0593 5240 HTTP - ok 14:11:08.0636 5240 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:11:08.0642 5240 i2omp - ok 14:11:08.0679 5240 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:11:08.0697 5240 i8042prt - ok 14:11:08.0727 5240 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:11:08.0737 5240 iaStorV - ok 14:11:08.0838 5240 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 14:11:08.0843 5240 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:11:08.0843 5240 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:11:08.0913 5240 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:11:08.0934 5240 idsvc - ok 14:11:08.0977 5240 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:11:08.0984 5240 iirsp - ok 14:11:09.0056 5240 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 14:11:09.0080 5240 IKEEXT - ok 14:11:09.0145 5240 [ 96B0A408842B0E214EDCB41E89438999 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 14:11:09.0211 5240 IntcAzAudAddService - ok 14:11:09.0252 5240 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 14:11:09.0259 5240 intelide - ok 14:11:09.0281 5240 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:11:09.0306 5240 intelppm - ok 14:11:09.0329 5240 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:11:09.0355 5240 IPBusEnum - ok 14:11:09.0389 5240 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:11:09.0407 5240 IpFilterDriver - ok 14:11:09.0410 5240 IpInIp - ok 14:11:09.0464 5240 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:11:09.0489 5240 IPMIDRV - ok 14:11:09.0501 5240 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:11:09.0527 5240 IPNAT - ok 14:11:09.0546 5240 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:11:09.0571 5240 IRENUM - ok 14:11:09.0619 5240 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:11:09.0625 5240 isapnp - ok 14:11:09.0659 5240 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:11:09.0668 5240 iScsiPrt - ok 14:11:09.0691 5240 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:11:09.0697 5240 iteatapi - ok 14:11:09.0743 5240 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:11:09.0749 5240 iteraid - ok 14:11:09.0767 5240 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:11:09.0774 5240 kbdclass - ok 14:11:09.0793 5240 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:11:09.0810 5240 kbdhid - ok 14:11:09.0830 5240 [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso C:\Windows\system32\lsass.exe 14:11:09.0839 5240 KeyIso - ok 14:11:09.0852 5240 [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:11:09.0867 5240 KSecDD - ok 14:11:09.0881 5240 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:11:09.0905 5240 ksthunk - ok 14:11:09.0921 5240 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 14:11:09.0952 5240 KtmRm - ok 14:11:10.0040 5240 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:11:10.0051 5240 LanmanServer - ok 14:11:10.0068 5240 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:11:10.0080 5240 LanmanWorkstation - ok 14:11:10.0101 5240 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 14:11:10.0105 5240 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:11:10.0105 5240 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:11:10.0129 5240 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 14:11:10.0135 5240 lirsgt - ok 14:11:10.0148 5240 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:11:10.0173 5240 lltdio - ok 14:11:10.0201 5240 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:11:10.0229 5240 lltdsvc - ok 14:11:10.0252 5240 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:11:10.0278 5240 lmhosts - ok 14:11:10.0305 5240 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:11:10.0312 5240 LSI_FC - ok 14:11:10.0326 5240 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:11:10.0334 5240 LSI_SAS - ok 14:11:10.0352 5240 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:11:10.0360 5240 LSI_SCSI - ok 14:11:10.0391 5240 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 14:11:10.0417 5240 luafv - ok 14:11:10.0483 5240 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 14:11:10.0492 5240 McComponentHostService - ok 14:11:10.0510 5240 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:11:10.0519 5240 Mcx2Svc - ok 14:11:10.0563 5240 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 14:11:10.0570 5240 megasas - ok 14:11:10.0596 5240 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:11:10.0609 5240 MegaSR - ok 14:11:10.0631 5240 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 14:11:10.0656 5240 MMCSS - ok 14:11:10.0682 5240 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 14:11:10.0706 5240 Modem - ok 14:11:10.0739 5240 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:11:10.0764 5240 monitor - ok 14:11:10.0775 5240 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:11:10.0782 5240 mouclass - ok 14:11:10.0794 5240 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:11:10.0819 5240 mouhid - ok 14:11:10.0828 5240 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:11:10.0834 5240 MountMgr - ok 14:11:10.0866 5240 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 14:11:10.0873 5240 mpio - ok 14:11:10.0916 5240 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:11:10.0934 5240 mpsdrv - ok 14:11:10.0959 5240 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:11:10.0965 5240 Mraid35x - ok 14:11:10.0993 5240 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:11:11.0004 5240 MRxDAV - ok 14:11:11.0046 5240 [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:11:11.0055 5240 mrxsmb - ok 14:11:11.0083 5240 [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:11:11.0094 5240 mrxsmb10 - ok 14:11:11.0114 5240 [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:11:11.0123 5240 mrxsmb20 - ok 14:11:11.0148 5240 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 14:11:11.0155 5240 msahci - ok 14:11:11.0169 5240 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:11:11.0176 5240 msdsm - ok 14:11:11.0194 5240 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 14:11:11.0220 5240 MSDTC - ok 14:11:11.0247 5240 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:11:11.0272 5240 Msfs - ok 14:11:11.0286 5240 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:11:11.0293 5240 msisadrv - ok 14:11:11.0319 5240 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:11:11.0346 5240 MSiSCSI - ok 14:11:11.0349 5240 msiserver - ok 14:11:11.0378 5240 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:11:11.0407 5240 MSKSSRV - ok 14:11:11.0430 5240 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:11:11.0455 5240 MSPCLOCK - ok 14:11:11.0468 5240 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:11:11.0492 5240 MSPQM - ok 14:11:11.0513 5240 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:11:11.0523 5240 MsRPC - ok 14:11:11.0557 5240 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:11:11.0564 5240 mssmbios - ok 14:11:11.0574 5240 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:11:11.0598 5240 MSTEE - ok 14:11:11.0602 5240 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 14:11:11.0609 5240 Mup - ok 14:11:11.0627 5240 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 14:11:11.0652 5240 napagent - ok 14:11:11.0711 5240 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:11:11.0722 5240 NativeWifiP - ok 14:11:11.0780 5240 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:11:11.0799 5240 NDIS - ok 14:11:11.0818 5240 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:11:11.0836 5240 NdisTapi - ok 14:11:11.0857 5240 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:11:11.0882 5240 Ndisuio - ok 14:11:11.0917 5240 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:11:11.0936 5240 NdisWan - ok 14:11:11.0943 5240 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:11:11.0961 5240 NDProxy - ok 14:11:11.0974 5240 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:11:11.0999 5240 NetBIOS - ok 14:11:12.0052 5240 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:11:12.0072 5240 netbt - ok 14:11:12.0080 5240 [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon C:\Windows\system32\lsass.exe 14:11:12.0090 5240 Netlogon - ok 14:11:12.0110 5240 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 14:11:12.0141 5240 Netman - ok 14:11:12.0205 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:11:12.0212 5240 NetMsmqActivator - ok 14:11:12.0263 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:11:12.0270 5240 NetPipeActivator - ok 14:11:12.0293 5240 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 14:11:12.0321 5240 netprofm - ok 14:11:12.0325 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:11:12.0332 5240 NetTcpActivator - ok 14:11:12.0335 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:11:12.0342 5240 NetTcpPortSharing - ok 14:11:12.0369 5240 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:11:12.0375 5240 nfrd960 - ok 14:11:12.0455 5240 [ 473AB3856CA286A616998CB34762EB6D ] nHancer E:\Program Files\nHancer\nHancerService.exe 14:11:12.0459 5240 nHancer ( UnsignedFile.Multi.Generic ) - warning 14:11:12.0459 5240 nHancer - detected UnsignedFile.Multi.Generic (1) 14:11:12.0480 5240 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 14:11:12.0508 5240 NlaSvc - ok 14:11:12.0578 5240 [ C71311E06C2CF6A4E3AB84404E1BE8C3 ] nlsvc C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe 14:11:12.0593 5240 nlsvc ( UnsignedFile.Multi.Generic ) - warning 14:11:12.0593 5240 nlsvc - detected UnsignedFile.Multi.Generic (1) 14:11:12.0642 5240 [ D4E38BF6563C88445FBDFDFFE0308BAF ] nltdi C:\Windows\system32\drivers\nltdi.sys 14:11:12.0649 5240 nltdi - ok 14:11:12.0670 5240 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:11:12.0688 5240 Npfs - ok 14:11:12.0732 5240 npggsvc - ok 14:11:12.0792 5240 [ CA79C58B966C16B2CC4A3FD3F6AD5EC1 ] npkcft64 C:\Windows\SysWOW64\npkcft64.sys 14:11:12.0799 5240 npkcft64 - ok 14:11:12.0821 5240 [ 93B9A6B06C873A425AB18A834CD381D0 ] npkcmsvc C:\Windows\SysWOW64\npkcmsvc.exe 14:11:12.0830 5240 npkcmsvc - ok 14:11:12.0848 5240 [ FBAC9BDA9E3CAB742EF9D10FF23201E1 ] npkuft64 C:\Windows\SysWOW64\npkuft64.sys 14:11:12.0855 5240 npkuft64 - ok 14:11:12.0858 5240 NPPTNT2 - ok 14:11:12.0871 5240 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 14:11:12.0897 5240 nsi - ok 14:11:12.0903 5240 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:11:12.0928 5240 nsiproxy - ok 14:11:12.0983 5240 [ 213866EF6F9E75131CE844130F172ABF ] NSPService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe 14:11:12.0998 5240 NSPService - ok 14:11:13.0047 5240 [ 79BC85B1D188DADC51BA02A977BF4985 ] NSPUpdateService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe 14:11:13.0074 5240 NSPUpdateService - ok 14:11:13.0149 5240 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:11:13.0234 5240 Ntfs - ok 14:11:13.0331 5240 nTuneService - ok 14:11:13.0343 5240 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 14:11:13.0368 5240 Null - ok 14:11:13.0560 5240 [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:11:13.0815 5240 nvlddmkm - ok 14:11:13.0847 5240 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys 14:11:13.0853 5240 nvoclk64 - ok 14:11:13.0873 5240 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:11:13.0881 5240 nvraid - ok 14:11:13.0892 5240 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:11:13.0899 5240 nvstor - ok 14:11:13.0960 5240 [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc C:\Windows\system32\nvvsvc.exe 14:11:13.0981 5240 nvsvc - ok 14:11:14.0041 5240 [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 14:11:14.0085 5240 nvUpdatusService - ok 14:11:14.0128 5240 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:11:14.0136 5240 nv_agp - ok 14:11:14.0139 5240 NwlnkFlt - ok 14:11:14.0142 5240 NwlnkFwd - ok 14:11:14.0189 5240 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:11:14.0207 5240 ohci1394 - ok 14:11:14.0253 5240 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:11:14.0273 5240 p2pimsvc - ok 14:11:14.0336 5240 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 14:11:14.0356 5240 p2psvc - ok 14:11:14.0388 5240 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 14:11:14.0427 5240 Parport - ok 14:11:14.0440 5240 [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:11:14.0448 5240 partmgr - ok 14:11:14.0477 5240 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 14:11:14.0489 5240 PcaSvc - ok 14:11:14.0637 5240 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms 14:11:14.0643 5240 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning 14:11:14.0643 5240 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1) 14:11:14.0662 5240 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 14:11:14.0670 5240 pci - ok 14:11:14.0686 5240 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 14:11:14.0693 5240 pciide - ok 14:11:14.0722 5240 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:11:14.0730 5240 pcmcia - ok 14:11:14.0771 5240 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:11:14.0818 5240 PEAUTH - ok 14:11:14.0895 5240 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:11:14.0921 5240 PerfHost - ok 14:11:14.0961 5240 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 14:11:14.0998 5240 pla - ok 14:11:15.0055 5240 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:11:15.0077 5240 PlugPlay - ok 14:11:15.0093 5240 PnkBstrA - ok 14:11:15.0136 5240 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:11:15.0156 5240 PNRPAutoReg - ok 14:11:15.0211 5240 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:11:15.0231 5240 PNRPsvc - ok 14:11:15.0291 5240 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:11:15.0316 5240 PolicyAgent - ok 14:11:15.0387 5240 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:11:15.0405 5240 PptpMiniport - ok 14:11:15.0412 5240 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys 14:11:15.0437 5240 Processor - ok 14:11:15.0477 5240 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 14:11:15.0497 5240 ProfSvc - ok 14:11:15.0513 5240 [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:11:15.0522 5240 ProtectedStorage - ok 14:11:15.0555 5240 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys 14:11:15.0562 5240 Ps2 - ok 14:11:15.0597 5240 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:11:15.0615 5240 PSched - ok 14:11:15.0643 5240 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:11:15.0670 5240 ql2300 - ok 14:11:15.0710 5240 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:11:15.0718 5240 ql40xx - ok 14:11:15.0747 5240 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 14:11:15.0761 5240 QWAVE - ok 14:11:15.0770 5240 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:11:15.0780 5240 QWAVEdrv - ok 14:11:15.0789 5240 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:11:15.0814 5240 RasAcd - ok 14:11:15.0819 5240 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 14:11:15.0848 5240 RasAuto - ok 14:11:15.0873 5240 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:11:15.0892 5240 Rasl2tp - ok 14:11:15.0898 5240 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 14:11:15.0919 5240 RasMan - ok 14:11:15.0962 5240 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:11:15.0980 5240 RasPppoe - ok 14:11:16.0001 5240 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:11:16.0010 5240 RasSstp - ok 14:11:16.0038 5240 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:11:16.0058 5240 rdbss - ok 14:11:16.0068 5240 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:11:16.0093 5240 RDPCDD - ok 14:11:16.0124 5240 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:11:16.0151 5240 rdpdr - ok 14:11:16.0154 5240 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:11:16.0180 5240 RDPENCDD - ok 14:11:16.0204 5240 [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:11:16.0223 5240 RDPWD - ok 14:11:16.0257 5240 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:11:16.0284 5240 RemoteAccess - ok 14:11:16.0337 5240 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:11:16.0358 5240 RemoteRegistry - ok 14:11:16.0377 5240 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 14:11:16.0386 5240 RpcLocator - ok 14:11:16.0459 5240 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 14:11:16.0488 5240 RpcSs - ok 14:11:16.0521 5240 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:11:16.0546 5240 rspndr - ok 14:11:16.0622 5240 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 14:11:16.0638 5240 RTL8169 - ok 14:11:16.0646 5240 [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs C:\Windows\system32\lsass.exe 14:11:16.0655 5240 SamSs - ok 14:11:16.0681 5240 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:11:16.0688 5240 sbp2port - ok 14:11:16.0740 5240 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:11:16.0760 5240 SCardSvr - ok 14:11:16.0791 5240 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 14:11:16.0814 5240 Schedule - ok 14:11:16.0867 5240 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:11:16.0885 5240 SCPolicySvc - ok 14:11:16.0906 5240 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:11:16.0917 5240 SDRSVC - ok 14:11:16.0924 5240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:11:16.0962 5240 secdrv - ok 14:11:16.0967 5240 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 14:11:16.0994 5240 seclogon - ok 14:11:17.0001 5240 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 14:11:17.0028 5240 SENS - ok 14:11:17.0048 5240 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:11:17.0086 5240 Serenum - ok 14:11:17.0109 5240 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 14:11:17.0147 5240 Serial - ok 14:11:17.0182 5240 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:11:17.0207 5240 sermouse - ok 14:11:17.0227 5240 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 14:11:17.0254 5240 SessionEnv - ok 14:11:17.0287 5240 [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys 14:11:17.0293 5240 sfdrv01 - ok 14:11:17.0307 5240 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:11:17.0332 5240 sffdisk - ok 14:11:17.0343 5240 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:11:17.0368 5240 sffp_mmc - ok 14:11:17.0378 5240 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:11:17.0403 5240 sffp_sd - ok 14:11:17.0429 5240 [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys 14:11:17.0435 5240 sfhlp02 - ok 14:11:17.0447 5240 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:11:17.0485 5240 sfloppy - ok 14:11:17.0513 5240 [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04 C:\Windows\system32\drivers\sfsync04.sys 14:11:17.0519 5240 sfsync04 - ok 14:11:17.0575 5240 [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:11:17.0597 5240 ShellHWDetection - ok 14:11:17.0608 5240 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:11:17.0614 5240 SiSRaid2 - ok 14:11:17.0630 5240 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:11:17.0637 5240 SiSRaid4 - ok 14:11:17.0694 5240 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate E:\Program Files (x86)\Skype\Updater\Updater.exe 14:11:17.0701 5240 SkypeUpdate - ok 14:11:17.0781 5240 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 14:11:17.0860 5240 slsvc - ok 14:11:17.0929 5240 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:11:17.0948 5240 SLUINotify - ok 14:11:18.0003 5240 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:11:18.0021 5240 Smb - ok 14:11:18.0029 5240 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:11:18.0040 5240 SNMPTRAP - ok 14:11:18.0058 5240 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 14:11:18.0065 5240 spldr - ok 14:11:18.0122 5240 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 14:11:18.0135 5240 Spooler - ok 14:11:18.0189 5240 [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd C:\Windows\System32\Drivers\sptd.sys 14:11:18.0189 5240 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF 14:11:18.0190 5240 sptd ( LockedFile.Multi.Generic ) - warning 14:11:18.0190 5240 sptd - detected LockedFile.Multi.Generic (1) 14:11:18.0254 5240 [ 8CD33A47CA02C79038B669F31F95BDAC ] srv C:\Windows\system32\DRIVERS\srv.sys 14:11:18.0267 5240 srv - ok 14:11:18.0331 5240 [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:11:18.0341 5240 srv2 - ok 14:11:18.0346 5240 [ 2B8C340F830C465F514D966F7E6A822F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:11:18.0355 5240 srvnet - ok 14:11:18.0360 5240 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:11:18.0388 5240 SSDPSRV - ok 14:11:18.0421 5240 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:11:18.0432 5240 SstpSvc - ok 14:11:18.0467 5240 Steam Client Service - ok 14:11:18.0510 5240 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 14:11:18.0528 5240 stisvc - ok 14:11:18.0577 5240 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:11:18.0583 5240 swenum - ok 14:11:18.0636 5240 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 14:11:18.0661 5240 swprv - ok 14:11:18.0706 5240 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:11:18.0712 5240 Symc8xx - ok 14:11:18.0744 5240 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:11:18.0751 5240 Sym_hi - ok 14:11:18.0763 5240 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:11:18.0770 5240 Sym_u3 - ok 14:11:18.0829 5240 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 14:11:18.0882 5240 SysMain - ok 14:11:18.0886 5240 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:11:18.0899 5240 TabletInputService - ok 14:11:18.0931 5240 tandpl - ok 14:11:18.0982 5240 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:11:19.0003 5240 TapiSrv - ok 14:11:19.0016 5240 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 14:11:19.0042 5240 TBS - ok 14:11:19.0085 5240 [ 0011810B5211FDACD784DE585262ECFE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:11:19.0116 5240 Tcpip - ok 14:11:19.0176 5240 [ 0011810B5211FDACD784DE585262ECFE ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:11:19.0208 5240 Tcpip6 - ok 14:11:19.0277 5240 [ CE3AE2BA7A076F0ADE9F48C598C1D15D ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:11:19.0286 5240 tcpipreg - ok 14:11:19.0303 5240 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:11:19.0328 5240 TDPIPE - ok 14:11:19.0352 5240 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:11:19.0376 5240 TDTCP - ok 14:11:19.0412 5240 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:11:19.0430 5240 tdx - ok 14:11:19.0440 5240 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:11:19.0448 5240 TermDD - ok 14:11:19.0492 5240 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 14:11:19.0518 5240 TermService - ok 14:11:19.0533 5240 [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes C:\Windows\system32\shsvcs.dll 14:11:19.0555 5240 Themes - ok 14:11:19.0572 5240 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 14:11:19.0598 5240 THREADORDER - ok 14:11:19.0641 5240 [ 49916F9CE160399B868176298D7D1B18 ] TKCtrl C:\Windows\system32\TKCtrl2k64.sys 14:11:19.0649 5240 TKCtrl - ok 14:11:19.0674 5240 [ D2DF92451F2F5D381171C2AAC50AD352 ] TKFsAvM C:\Windows\system32\TKFsAv64.sys 14:11:19.0684 5240 TKFsAvM - ok 14:11:19.0723 5240 [ B62AE84BAFC7581FE3BF72B1BAFF7EB4 ] TkFsFtM C:\Windows\system32\TKFsFt64.sys 14:11:19.0730 5240 TkFsFtM - ok 14:11:19.0767 5240 [ 9638CBC32E752C61BE3D2AC5F128A572 ] TKFWFV C:\Windows\system32\TKFWFV64.sys 14:11:19.0774 5240 TKFWFV - ok 14:11:19.0811 5240 [ 39211E00F15B399938A1222064157061 ] TKFWVT C:\Windows\system32\TKFWVT64.sys 14:11:19.0820 5240 TKFWVT - ok 14:11:19.0857 5240 [ A653DE4BB01789B987B1B67C253EF5AE ] TkIdsVt C:\Windows\system32\TkIdsVt64.sys 14:11:19.0866 5240 TkIdsVt - ok 14:11:19.0871 5240 [ C78246370A8E2BA691A33DB2655FB77A ] TKPcFt C:\Windows\system32\TKPcFtCb64.sys 14:11:19.0879 5240 TKPcFt - ok 14:11:19.0895 5240 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 14:11:19.0922 5240 TrkWks - ok 14:11:19.0987 5240 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:11:20.0005 5240 TrustedInstaller - ok 14:11:20.0026 5240 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:11:20.0051 5240 tssecsrv - ok 14:11:20.0081 5240 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:11:20.0090 5240 tunmp - ok 14:11:20.0119 5240 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:11:20.0128 5240 tunnel - ok 14:11:20.0149 5240 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:11:20.0156 5240 uagp35 - ok 14:11:20.0187 5240 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:11:20.0207 5240 udfs - ok 14:11:20.0214 5240 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:11:20.0241 5240 UI0Detect - ok 14:11:20.0263 5240 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:11:20.0270 5240 uliagpkx - ok 14:11:20.0294 5240 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:11:20.0303 5240 uliahci - ok 14:11:20.0330 5240 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:11:20.0337 5240 UlSata - ok 14:11:20.0357 5240 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:11:20.0365 5240 ulsata2 - ok 14:11:20.0386 5240 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:11:20.0412 5240 umbus - ok 14:11:20.0457 5240 UpdateCenterService - ok 14:11:20.0469 5240 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 14:11:20.0526 5240 upnphost - ok 14:11:20.0587 5240 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:11:20.0605 5240 usbccgp - ok 14:11:20.0625 5240 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:11:20.0664 5240 usbcir - ok 14:11:20.0693 5240 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:11:20.0710 5240 usbehci - ok 14:11:20.0730 5240 [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 14:11:20.0736 5240 usbfilter - ok 14:11:20.0747 5240 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:11:20.0767 5240 usbhub - ok 14:11:20.0781 5240 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:11:20.0798 5240 usbohci - ok 14:11:20.0827 5240 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:11:20.0853 5240 usbprint - ok 14:11:20.0857 5240 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:11:20.0875 5240 USBSTOR - ok 14:11:20.0888 5240 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:11:20.0906 5240 usbuhci - ok 14:11:20.0925 5240 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 14:11:20.0945 5240 UxSms - ok 14:11:20.0995 5240 [ 43D018A3ACBA1DCB0BD336476E122B69 ] VC9SecS E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe 14:11:21.0002 5240 VC9SecS - ok 14:11:21.0074 5240 [ 53606539DE7E6225211F576A6EBFBA39 ] vcd9bus C:\Windows\system32\DRIVERS\vcd9bus.sys 14:11:21.0080 5240 vcd9bus - ok 14:11:21.0136 5240 [ 689917FB02D3005CE98DB1FEA8A81E5C ] vdrv9000 C:\Windows\system32\DRIVERS\vdrv9000.sys 14:11:21.0142 5240 vdrv9000 - ok 14:11:21.0199 5240 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 14:11:21.0223 5240 vds - ok 14:11:21.0246 5240 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:11:21.0270 5240 vga - ok 14:11:21.0274 5240 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:11:21.0299 5240 VgaSave - ok 14:11:21.0314 5240 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 14:11:21.0321 5240 viaide - ok 14:11:21.0370 5240 [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm C:\Windows\system32\Treiber\vmm.sys 14:11:21.0383 5240 vmm - ok 14:11:21.0401 5240 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:11:21.0408 5240 volmgr - ok 14:11:21.0494 5240 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:11:21.0508 5240 volmgrx - ok 14:11:21.0522 5240 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:11:21.0532 5240 volsnap - ok 14:11:21.0566 5240 [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys 14:11:21.0572 5240 VPCNetS2 - ok 14:11:21.0589 5240 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:11:21.0597 5240 vsmraid - ok 14:11:21.0647 5240 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 14:11:21.0687 5240 VSS - ok 14:11:21.0753 5240 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 14:11:21.0777 5240 W32Time - ok 14:11:21.0806 5240 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:11:21.0845 5240 WacomPen - ok 14:11:21.0887 5240 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:11:21.0906 5240 Wanarp - ok 14:11:21.0909 5240 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:11:21.0927 5240 Wanarpv6 - ok 14:11:21.0941 5240 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:11:21.0960 5240 wcncsvc - ok 14:11:21.0972 5240 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:11:21.0992 5240 WcsPlugInService - ok 14:11:22.0016 5240 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 14:11:22.0022 5240 Wd - ok 14:11:22.0064 5240 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:11:22.0085 5240 Wdf01000 - ok 14:11:22.0114 5240 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:11:22.0142 5240 WdiServiceHost - ok 14:11:22.0145 5240 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:11:22.0172 5240 WdiSystemHost - ok 14:11:22.0185 5240 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 14:11:22.0198 5240 WebClient - ok 14:11:22.0204 5240 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:11:22.0232 5240 Wecsvc - ok 14:11:22.0242 5240 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:11:22.0262 5240 wercplsupport - ok 14:11:22.0271 5240 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 14:11:22.0292 5240 WerSvc - ok 14:11:22.0297 5240 WinHttpAutoProxySvc - ok 14:11:22.0367 5240 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:11:22.0386 5240 Winmgmt - ok 14:11:22.0447 5240 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll 14:11:22.0505 5240 WinRM - ok 14:11:22.0551 5240 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:11:22.0570 5240 Wlansvc - ok 14:11:22.0715 5240 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:11:22.0778 5240 wlidsvc - ok 14:11:22.0795 5240 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:11:22.0803 5240 WmiAcpi - ok 14:11:22.0858 5240 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:11:22.0877 5240 wmiApSrv - ok 14:11:22.0886 5240 WMPNetworkSvc - ok 14:11:22.0899 5240 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:11:22.0911 5240 WPCSvc - ok 14:11:22.0956 5240 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:11:22.0967 5240 WPDBusEnum - ok 14:11:23.0105 5240 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:11:23.0127 5240 WPFFontCache_v0400 - ok 14:11:23.0159 5240 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:11:23.0184 5240 ws2ifsl - ok 14:11:23.0187 5240 WSearch - ok 14:11:23.0230 5240 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:11:23.0255 5240 WUDFRd - ok 14:11:23.0263 5240 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:11:23.0291 5240 wudfsvc - ok 14:11:23.0363 5240 X6va005 - ok 14:11:23.0392 5240 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 14:11:23.0397 5240 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 14:11:23.0400 5240 ================ Scan global =============================== 14:11:23.0427 5240 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 14:11:23.0480 5240 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll 14:11:23.0496 5240 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll 14:11:23.0542 5240 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe 14:11:23.0546 5240 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected 14:11:23.0546 5240 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0) 14:11:23.0547 5240 ================ Scan MBR ================================== 14:11:23.0575 5240 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0 14:11:23.0977 5240 \Device\Harddisk0\DR0 - ok 14:11:23.0999 5240 [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1 14:11:24.0079 5240 \Device\Harddisk1\DR1 - ok 14:11:24.0079 5240 ================ Scan VBR ================================== 14:11:24.0081 5240 [ 27E9362AA78875B12248F97C95836487 ] \Device\Harddisk0\DR0\Partition1 14:11:24.0082 5240 \Device\Harddisk0\DR0\Partition1 - ok 14:11:24.0084 5240 [ 219370FB1439A3125D7F9E6F8724A60C ] \Device\Harddisk0\DR0\Partition2 14:11:24.0086 5240 \Device\Harddisk0\DR0\Partition2 - ok 14:11:24.0087 5240 [ 960CDE92622C58C393F6E4FC501C8B8C ] \Device\Harddisk1\DR1\Partition1 14:11:24.0089 5240 \Device\Harddisk1\DR1\Partition1 - ok 14:11:24.0089 5240 ============================================================ 14:11:24.0089 5240 Scan finished 14:11:24.0089 5240 ============================================================ 14:11:24.0096 5036 Detected object count: 10 14:11:24.0096 5036 Actual detected object count: 10 14:11:34.0182 5036 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0182 5036 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0183 5036 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0184 5036 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0184 5036 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0185 5036 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0185 5036 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0186 5036 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0186 5036 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0187 5036 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0188 5036 nHancer ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0188 5036 nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0189 5036 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0189 5036 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0190 5036 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:34.0190 5036 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:34.0191 5036 sptd ( LockedFile.Multi.Generic ) - skipped by user 14:11:34.0191 5036 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 14:11:34.0233 5036 C:\Windows\system32\services.exe - copied to quarantine 14:11:37.0369 5036 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine 14:11:37.0384 5036 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine 14:11:37.0402 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\@ - copied to quarantine 14:11:37.0403 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@ - copied to quarantine 14:11:37.0404 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde - copied to quarantine 14:11:37.0406 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287 - copied to quarantine 14:11:37.0407 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000004.@ - copied to quarantine 14:11:37.0421 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000008.@ - copied to quarantine 14:11:37.0426 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\000000cb.@ - copied to quarantine 14:11:37.0440 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\80000000.@ - copied to quarantine 14:11:40.0065 5036 Backup copy not found, trying to cure infected file.. 14:11:40.0066 5036 Cure success, using it.. 14:11:40.0123 5036 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot 14:11:40.0123 5036 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot 14:11:40.0129 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\@ - will be deleted on reboot 14:11:40.0130 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000004.@ - will be deleted on reboot 14:11:40.0130 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\00000008.@ - will be deleted on reboot 14:11:40.0131 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\000000cb.@ - will be deleted on reboot 14:11:40.0131 5036 C:\Windows\installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U\80000000.@ - will be deleted on reboot 14:11:40.0134 5036 C:\Windows\system32\services.exe - will be cured on reboot 14:11:40.0134 5036 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure 14:12:10.0004 1932 Deinitialize success |
01.07.2013, 13:35 | #6 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Und nen 2. Post, angeblich war alles in einen zu packen 12k Zeichen zu lang :/ Den vom Programm gewünschten Reboot ausgeführt und beim hochfahren eine ganze weile einen schwarzen Bildschirm gehabt. Mauzeiger war sicht- und bewegbar. Lief dann aber nach mehreren minuten alles normal weiter. Tdsskiller.exe hatte sich dann automatisch gestartet und hier der 2. log nach erneutem Scan: Code:
ATTFilter 14:19:54.0032 3124 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:19:54.0500 3124 ============================================================ 14:19:54.0500 3124 Current date / time: 2013/07/01 14:19:54.0500 14:19:54.0500 3124 SystemInfo: 14:19:54.0500 3124 14:19:54.0500 3124 OS Version: 6.0.6002 ServicePack: 2.0 14:19:54.0500 3124 Product type: Workstation 14:19:54.0500 3124 ComputerName: GAST-PC 14:19:54.0500 3124 UserName: Gast 14:19:54.0500 3124 Windows directory: C:\Windows 14:19:54.0500 3124 System windows directory: C:\Windows 14:19:54.0500 3124 Running under WOW64 14:19:54.0500 3124 Processor architecture: Intel x64 14:19:54.0500 3124 Number of processors: 4 14:19:54.0500 3124 Page size: 0x1000 14:19:54.0500 3124 Boot type: Normal boot 14:19:54.0500 3124 ============================================================ 14:20:07.0385 3124 BG loaded 14:20:07.0962 3124 Drive \Device\Harddisk0\DR0 - Size: 0x9502F90000 (596.05 Gb), SectorSize: 0x200, Cylinders: 0x12FF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:20:07.0994 3124 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:20:08.0025 3124 ============================================================ 14:20:08.0025 3124 \Device\Harddisk0\DR0: 14:20:08.0025 3124 MBR partitions: 14:20:08.0025 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48AA5D70 14:20:08.0025 3124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AA5DAF, BlocksNum 0x1D6E641 14:20:08.0025 3124 \Device\Harddisk1\DR1: 14:20:08.0025 3124 MBR partitions: 14:20:08.0025 3124 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82 14:20:08.0025 3124 ============================================================ 14:20:08.0103 3124 C: <-> \Device\Harddisk0\DR0\Partition1 14:20:08.0150 3124 E: <-> \Device\Harddisk1\DR1\Partition1 14:20:08.0337 3124 D: <-> \Device\Harddisk0\DR0\Partition2 14:20:08.0337 3124 ============================================================ 14:20:08.0337 3124 Initialize success 14:20:08.0337 3124 ============================================================ 14:26:07.0959 2704 ============================================================ 14:26:07.0959 2704 Scan started 14:26:07.0959 2704 Mode: Manual; 14:26:07.0959 2704 ============================================================ 14:26:09.0194 2704 ================ Scan system memory ======================== 14:26:09.0194 2704 System memory - ok 14:26:09.0194 2704 ================ Scan services ============================= 14:26:09.0282 2704 Scan interrupted by user! 14:26:09.0282 2704 ================ Scan global =============================== 14:26:09.0282 2704 Scan interrupted by user! 14:26:09.0282 2704 ================ Scan MBR ================================== 14:26:09.0282 2704 Scan interrupted by user! 14:26:09.0282 2704 ================ Scan VBR ================================== 14:26:09.0282 2704 Scan interrupted by user! 14:26:09.0282 2704 ============================================================ 14:26:09.0282 2704 Scan finished 14:26:09.0282 2704 ============================================================ 14:26:09.0288 3528 Detected object count: 0 14:26:09.0288 3528 Actual detected object count: 0 14:26:16.0642 4312 ============================================================ 14:26:16.0642 4312 Scan started 14:26:16.0642 4312 Mode: Manual; SigCheck; TDLFS; 14:26:16.0642 4312 ============================================================ 14:26:17.0322 4312 ================ Scan system memory ======================== 14:26:17.0322 4312 System memory - ok 14:26:17.0322 4312 ================ Scan services ============================= 14:26:17.0761 4312 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe 14:26:17.0841 4312 AAV UpdateService - ok 14:26:17.0953 4312 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:26:17.0965 4312 ACPI - ok 14:26:18.0061 4312 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:26:18.0070 4312 AdobeFlashPlayerUpdateSvc - ok 14:26:18.0115 4312 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:26:18.0141 4312 adp94xx - ok 14:26:18.0199 4312 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:26:18.0213 4312 adpahci - ok 14:26:18.0276 4312 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:26:18.0284 4312 adpu160m - ok 14:26:18.0313 4312 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:26:18.0322 4312 adpu320 - ok 14:26:18.0368 4312 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:26:18.0405 4312 AeLookupSvc - ok 14:26:18.0480 4312 [ 12415CCFD3E7CEC55B5184E67B039FE4 ] AFD C:\Windows\system32\drivers\afd.sys 14:26:18.0502 4312 AFD - ok 14:26:18.0522 4312 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:26:18.0529 4312 agp440 - ok 14:26:18.0552 4312 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys 14:26:18.0602 4312 ahcix64s - ok 14:26:18.0622 4312 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:26:18.0631 4312 aic78xx - ok 14:26:18.0644 4312 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 14:26:18.0669 4312 ALG - ok 14:26:18.0712 4312 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 14:26:18.0718 4312 aliide - ok 14:26:18.0731 4312 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 14:26:18.0738 4312 amdide - ok 14:26:18.0765 4312 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:26:18.0814 4312 AmdK8 - ok 14:26:18.0859 4312 [ 03E7D34FA978123760EE9DBA30930137 ] AMD_RAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe 14:26:18.0863 4312 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning 14:26:18.0863 4312 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1) 14:26:18.0871 4312 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 14:26:18.0880 4312 Appinfo - ok 14:26:18.0894 4312 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 14:26:18.0902 4312 arc - ok 14:26:18.0928 4312 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:26:18.0935 4312 arcsas - ok 14:26:19.0090 4312 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:26:19.0097 4312 aspnet_state - ok 14:26:19.0144 4312 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 14:26:19.0150 4312 aswFsBlk - ok 14:26:19.0217 4312 [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW C:\Windows\system32\drivers\aswFW.sys 14:26:19.0224 4312 aswFW - ok 14:26:19.0274 4312 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 14:26:19.0280 4312 aswKbd - ok 14:26:19.0335 4312 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 14:26:19.0341 4312 aswMonFlt - ok 14:26:19.0382 4312 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys 14:26:19.0388 4312 aswNdis - ok 14:26:19.0460 4312 [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys 14:26:19.0468 4312 aswNdis2 - ok 14:26:19.0497 4312 [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr C:\Windows\system32\drivers\AswRdr.sys 14:26:19.0503 4312 AswRdr - ok 14:26:19.0553 4312 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 14:26:19.0560 4312 aswRvrt - ok 14:26:19.0601 4312 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 14:26:19.0671 4312 aswSnx - ok 14:26:19.0716 4312 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys 14:26:19.0728 4312 aswSP - ok 14:26:19.0787 4312 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 14:26:19.0793 4312 aswTdi - ok 14:26:19.0872 4312 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 14:26:19.0907 4312 aswVmm - ok 14:26:19.0929 4312 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:26:19.0973 4312 AsyncMac - ok 14:26:19.0989 4312 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 14:26:19.0996 4312 atapi - ok 14:26:20.0015 4312 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 14:26:20.0021 4312 AtiPcie - ok 14:26:20.0066 4312 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 14:26:20.0076 4312 atksgt - ok 14:26:20.0131 4312 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:26:20.0154 4312 AudioEndpointBuilder - ok 14:26:20.0298 4312 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:26:20.0321 4312 AudioSrv - ok 14:26:20.0570 4312 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 14:26:20.0576 4312 avast! Antivirus - ok 14:26:20.0631 4312 [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 14:26:20.0638 4312 avast! Firewall - ok 14:26:20.0695 4312 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:26:20.0740 4312 blbdrive - ok 14:26:20.0783 4312 [ 8B2B19031D0AEADE6E1B933DF1ACBA7E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:26:20.0808 4312 bowser - ok 14:26:20.0833 4312 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:26:20.0851 4312 BrFiltLo - ok 14:26:20.0875 4312 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:26:20.0911 4312 BrFiltUp - ok 14:26:20.0950 4312 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 14:26:20.0976 4312 Browser - ok 14:26:21.0036 4312 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 14:26:21.0090 4312 Brserid - ok 14:26:21.0126 4312 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:26:21.0165 4312 BrSerWdm - ok 14:26:21.0174 4312 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:26:21.0213 4312 BrUsbMdm - ok 14:26:21.0230 4312 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:26:21.0268 4312 BrUsbSer - ok 14:26:21.0306 4312 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:26:21.0344 4312 BTHMODEM - ok 14:26:21.0372 4312 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:26:21.0398 4312 cdfs - ok 14:26:21.0450 4312 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:26:21.0467 4312 cdrom - ok 14:26:21.0664 4312 [ DFC81DD1112338DC8500E8A3E8ADE77D ] CEDRIVER60 E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys 14:26:21.0672 4312 CEDRIVER60 - ok 14:26:21.0710 4312 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 14:26:21.0728 4312 CertPropSvc - ok 14:26:21.0765 4312 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 14:26:21.0793 4312 circlass - ok 14:26:21.0835 4312 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 14:26:21.0852 4312 CLFS - ok 14:26:21.0944 4312 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:26:21.0952 4312 clr_optimization_v2.0.50727_32 - ok 14:26:22.0023 4312 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:26:22.0030 4312 clr_optimization_v2.0.50727_64 - ok 14:26:22.0163 4312 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:26:22.0170 4312 clr_optimization_v4.0.30319_32 - ok 14:26:22.0270 4312 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:26:22.0277 4312 clr_optimization_v4.0.30319_64 - ok 14:26:22.0298 4312 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:26:22.0305 4312 cmdide - ok 14:26:22.0329 4312 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:26:22.0335 4312 Compbatt - ok 14:26:22.0339 4312 COMSysApp - ok 14:26:22.0343 4312 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:26:22.0349 4312 crcdisk - ok 14:26:22.0374 4312 [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:26:22.0393 4312 CryptSvc - ok 14:26:22.0598 4312 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 14:26:22.0603 4312 DAUpdaterSvc - ok 14:26:22.0877 4312 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 14:26:22.0919 4312 DcomLaunch - ok 14:26:22.0957 4312 [ 36CD31121F228E7E79BAE60AA45764C6 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:26:22.0975 4312 DfsC - ok 14:26:23.0097 4312 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 14:26:23.0199 4312 DFSR - ok 14:26:23.0329 4312 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:26:23.0348 4312 Dhcp - ok 14:26:23.0369 4312 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 14:26:23.0377 4312 disk - ok 14:26:23.0447 4312 [ 21D16B37257370975C7457C3A5EFA530 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:26:23.0466 4312 Dnscache - ok 14:26:23.0586 4312 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 14:26:23.0606 4312 dot3svc - ok 14:26:23.0717 4312 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 14:26:23.0743 4312 DPS - ok 14:26:23.0793 4312 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:26:23.0811 4312 drmkaud - ok 14:26:23.0833 4312 dump_wmimmc - ok 14:26:24.0180 4312 [ 1D96E28EBCD96AD1B44A3FD02CA6433D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:26:24.0209 4312 DXGKrnl - ok 14:26:24.0278 4312 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 14:26:24.0317 4312 E1G60 - ok 14:26:24.0332 4312 EagleX64 - ok 14:26:24.0357 4312 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 14:26:24.0376 4312 EapHost - ok 14:26:24.0439 4312 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 14:26:24.0451 4312 Ecache - ok 14:26:24.0495 4312 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:26:24.0507 4312 ehRecvr - ok 14:26:24.0603 4312 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 14:26:24.0613 4312 ehSched - ok 14:26:24.0669 4312 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 14:26:24.0677 4312 ehstart - ok 14:26:24.0703 4312 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:26:24.0718 4312 elxstor - ok 14:26:24.0755 4312 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:26:24.0807 4312 EMDMgmt - ok 14:26:24.0855 4312 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:26:24.0876 4312 ErrDev - ok 14:26:24.0945 4312 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 14:26:24.0977 4312 EventSystem - ok 14:26:25.0061 4312 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 14:26:25.0088 4312 exfat - ok 14:26:25.0091 4312 ezSharedSvc - ok 14:26:25.0127 4312 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:26:25.0148 4312 fastfat - ok 14:26:25.0180 4312 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:26:25.0205 4312 fdc - ok 14:26:25.0226 4312 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 14:26:25.0251 4312 fdPHost - ok 14:26:25.0278 4312 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 14:26:25.0316 4312 FDResPub - ok 14:26:25.0369 4312 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:26:25.0378 4312 FileInfo - ok 14:26:25.0399 4312 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:26:25.0424 4312 Filetrace - ok 14:26:25.0444 4312 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:26:25.0469 4312 flpydisk - ok 14:26:25.0538 4312 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:26:25.0547 4312 FltMgr - ok 14:26:25.0634 4312 [ FDF5F06EFC8F98BAC5FE8B216F93AA5E ] FontCache C:\Windows\system32\FntCache.dll 14:26:25.0687 4312 FontCache - ok 14:26:25.0785 4312 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:26:25.0790 4312 FontCache3.0.0.0 - ok 14:26:25.0837 4312 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:26:25.0854 4312 Fs_Rec - ok 14:26:25.0882 4312 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:26:25.0898 4312 gagp30kx - ok 14:26:26.0057 4312 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 14:26:26.0082 4312 GamesAppService - ok 14:26:26.0127 4312 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 14:26:26.0180 4312 gpsvc - ok 14:26:26.0259 4312 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:26:26.0267 4312 gupdate - ok 14:26:26.0276 4312 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:26:26.0283 4312 gupdatem - ok 14:26:26.0320 4312 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:26:26.0335 4312 HdAudAddService - ok 14:26:26.0380 4312 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:26:26.0430 4312 HDAudBus - ok 14:26:26.0497 4312 [ 0457348421B377D172E893573D5CFE28 ] HH9Help.sys C:\Windows\system32\drivers\HH9Help.sys 14:26:26.0503 4312 HH9Help.sys - ok 14:26:26.0524 4312 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:26:26.0562 4312 HidBth - ok 14:26:26.0603 4312 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 14:26:26.0660 4312 HidIr - ok 14:26:26.0701 4312 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 14:26:26.0719 4312 hidserv - ok 14:26:26.0794 4312 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:26:26.0812 4312 HidUsb - ok 14:26:26.0926 4312 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 14:26:26.0952 4312 hkmsvc - ok 14:26:27.0093 4312 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 14:26:27.0097 4312 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 14:26:27.0097 4312 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 14:26:27.0127 4312 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe 14:26:27.0132 4312 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning 14:26:27.0132 4312 HPBtnSrv - detected UnsignedFile.Multi.Generic (1) 14:26:27.0160 4312 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:26:27.0167 4312 HpCISSs - ok 14:26:27.0226 4312 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:26:27.0243 4312 HTTP - ok 14:26:27.0286 4312 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:26:27.0299 4312 i2omp - ok 14:26:27.0330 4312 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:26:27.0348 4312 i8042prt - ok 14:26:27.0419 4312 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:26:27.0452 4312 iaStorV - ok 14:26:27.0556 4312 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 14:26:27.0560 4312 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:26:27.0560 4312 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:26:27.0681 4312 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:26:27.0716 4312 idsvc - ok 14:26:27.0761 4312 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:26:27.0790 4312 iirsp - ok 14:26:27.0865 4312 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 14:26:27.0889 4312 IKEEXT - ok 14:26:27.0971 4312 [ 96B0A408842B0E214EDCB41E89438999 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 14:26:28.0090 4312 IntcAzAudAddService - ok 14:26:28.0161 4312 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 14:26:28.0168 4312 intelide - ok 14:26:28.0190 4312 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:26:28.0215 4312 intelppm - ok 14:26:28.0304 4312 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:26:28.0330 4312 IPBusEnum - ok 14:26:28.0365 4312 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:26:28.0427 4312 IpFilterDriver - ok 14:26:28.0430 4312 IpInIp - ok 14:26:28.0448 4312 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:26:28.0474 4312 IPMIDRV - ok 14:26:28.0496 4312 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:26:28.0522 4312 IPNAT - ok 14:26:28.0538 4312 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:26:28.0564 4312 IRENUM - ok 14:26:28.0611 4312 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:26:28.0618 4312 isapnp - ok 14:26:28.0668 4312 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:26:28.0677 4312 iScsiPrt - ok 14:26:28.0700 4312 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:26:28.0707 4312 iteatapi - ok 14:26:28.0751 4312 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:26:28.0758 4312 iteraid - ok 14:26:28.0776 4312 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:26:28.0783 4312 kbdclass - ok 14:26:28.0876 4312 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:26:28.0894 4312 kbdhid - ok 14:26:28.0955 4312 [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso C:\Windows\system32\lsass.exe 14:26:28.0965 4312 KeyIso - ok 14:26:29.0215 4312 [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:26:29.0260 4312 KSecDD - ok 14:26:29.0314 4312 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:26:29.0339 4312 ksthunk - ok 14:26:29.0380 4312 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 14:26:29.0411 4312 KtmRm - ok 14:26:29.0533 4312 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:26:29.0544 4312 LanmanServer - ok 14:26:29.0571 4312 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:26:29.0583 4312 LanmanWorkstation - ok 14:26:29.0643 4312 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 14:26:29.0647 4312 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:26:29.0647 4312 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:26:29.0680 4312 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 14:26:29.0686 4312 lirsgt - ok 14:26:29.0707 4312 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:26:29.0731 4312 lltdio - ok 14:26:29.0970 4312 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:26:30.0030 4312 lltdsvc - ok 14:26:30.0044 4312 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:26:30.0070 4312 lmhosts - ok 14:26:30.0146 4312 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:26:30.0155 4312 LSI_FC - ok 14:26:30.0193 4312 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:26:30.0202 4312 LSI_SAS - ok 14:26:30.0219 4312 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:26:30.0228 4312 LSI_SCSI - ok 14:26:30.0260 4312 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 14:26:30.0285 4312 luafv - ok 14:26:30.0401 4312 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 14:26:30.0409 4312 McComponentHostService - ok 14:26:30.0452 4312 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:26:30.0462 4312 Mcx2Svc - ok 14:26:30.0505 4312 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 14:26:30.0512 4312 megasas - ok 14:26:30.0538 4312 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:26:30.0554 4312 MegaSR - ok 14:26:30.0598 4312 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 14:26:30.0624 4312 MMCSS - ok 14:26:30.0649 4312 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 14:26:30.0674 4312 Modem - ok 14:26:30.0706 4312 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:26:30.0731 4312 monitor - ok 14:26:30.0742 4312 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:26:30.0749 4312 mouclass - ok 14:26:30.0761 4312 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:26:30.0785 4312 mouhid - ok 14:26:30.0795 4312 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:26:30.0802 4312 MountMgr - ok 14:26:30.0833 4312 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 14:26:30.0841 4312 mpio - ok 14:26:30.0875 4312 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:26:30.0894 4312 mpsdrv - ok 14:26:30.0918 4312 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:26:30.0924 4312 Mraid35x - ok 14:26:30.0952 4312 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:26:30.0964 4312 MRxDAV - ok 14:26:31.0005 4312 [ D58D129E26705E83A4DEBA7177EB7972 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:26:31.0014 4312 mrxsmb - ok 14:26:31.0042 4312 [ D5BE5C14E0F1DC489F5BB2A67983F630 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:26:31.0053 4312 mrxsmb10 - ok 14:26:31.0073 4312 [ 09A2990C3B293C212816C9BC0D7C200E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:26:31.0082 4312 mrxsmb20 - ok 14:26:31.0107 4312 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 14:26:31.0114 4312 msahci - ok 14:26:31.0136 4312 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:26:31.0144 4312 msdsm - ok 14:26:31.0186 4312 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 14:26:31.0213 4312 MSDTC - ok 14:26:31.0239 4312 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:26:31.0264 4312 Msfs - ok 14:26:31.0278 4312 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:26:31.0285 4312 msisadrv - ok 14:26:31.0311 4312 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:26:31.0339 4312 MSiSCSI - ok 14:26:31.0342 4312 msiserver - ok 14:26:31.0378 4312 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:26:31.0403 4312 MSKSSRV - ok 14:26:31.0414 4312 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:26:31.0439 4312 MSPCLOCK - ok 14:26:31.0468 4312 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:26:31.0493 4312 MSPQM - ok 14:26:31.0513 4312 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:26:31.0525 4312 MsRPC - ok 14:26:31.0558 4312 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:26:31.0564 4312 mssmbios - ok 14:26:31.0574 4312 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:26:31.0599 4312 MSTEE - ok 14:26:31.0603 4312 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 14:26:31.0611 4312 Mup - ok 14:26:31.0628 4312 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 14:26:31.0652 4312 napagent - ok 14:26:31.0695 4312 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:26:31.0707 4312 NativeWifiP - ok 14:26:31.0814 4312 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:26:31.0836 4312 NDIS - ok 14:26:31.0852 4312 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:26:31.0870 4312 NdisTapi - ok 14:26:31.0891 4312 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:26:31.0917 4312 Ndisuio - ok 14:26:31.0943 4312 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:26:31.0961 4312 NdisWan - ok 14:26:31.0969 4312 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:26:31.0987 4312 NDProxy - ok 14:26:32.0000 4312 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:26:32.0025 4312 NetBIOS - ok 14:26:32.0078 4312 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:26:32.0097 4312 netbt - ok 14:26:32.0105 4312 [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon C:\Windows\system32\lsass.exe 14:26:32.0114 4312 Netlogon - ok 14:26:32.0136 4312 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 14:26:32.0166 4312 Netman - ok 14:26:32.0230 4312 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:26:32.0238 4312 NetMsmqActivator - ok 14:26:32.0280 4312 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:26:32.0287 4312 NetPipeActivator - ok 14:26:32.0310 4312 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 14:26:32.0338 4312 netprofm - ok 14:26:32.0342 4312 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:26:32.0348 4312 NetTcpActivator - ok 14:26:32.0352 4312 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:26:32.0359 4312 NetTcpPortSharing - ok 14:26:32.0386 4312 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:26:32.0393 4312 nfrd960 - ok 14:26:32.0466 4312 [ 473AB3856CA286A616998CB34762EB6D ] nHancer E:\Program Files\nHancer\nHancerService.exe 14:26:32.0469 4312 nHancer ( UnsignedFile.Multi.Generic ) - warning 14:26:32.0469 4312 nHancer - detected UnsignedFile.Multi.Generic (1) 14:26:32.0506 4312 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 14:26:32.0533 4312 NlaSvc - ok 14:26:32.0595 4312 [ C71311E06C2CF6A4E3AB84404E1BE8C3 ] nlsvc C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe 14:26:32.0611 4312 nlsvc ( UnsignedFile.Multi.Generic ) - warning 14:26:32.0611 4312 nlsvc - detected UnsignedFile.Multi.Generic (1) 14:26:32.0659 4312 [ D4E38BF6563C88445FBDFDFFE0308BAF ] nltdi C:\Windows\system32\drivers\nltdi.sys 14:26:32.0667 4312 nltdi - ok 14:26:32.0687 4312 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:26:32.0705 4312 Npfs - ok 14:26:32.0740 4312 npggsvc - ok 14:26:32.0801 4312 [ CA79C58B966C16B2CC4A3FD3F6AD5EC1 ] npkcft64 C:\Windows\SysWOW64\npkcft64.sys 14:26:32.0809 4312 npkcft64 - ok 14:26:32.0830 4312 [ 93B9A6B06C873A425AB18A834CD381D0 ] npkcmsvc C:\Windows\SysWOW64\npkcmsvc.exe 14:26:32.0838 4312 npkcmsvc - ok 14:26:32.0857 4312 [ FBAC9BDA9E3CAB742EF9D10FF23201E1 ] npkuft64 C:\Windows\SysWOW64\npkuft64.sys 14:26:32.0865 4312 npkuft64 - ok 14:26:32.0868 4312 NPPTNT2 - ok 14:26:32.0880 4312 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 14:26:32.0906 4312 nsi - ok 14:26:32.0920 4312 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:26:32.0945 4312 nsiproxy - ok 14:26:33.0039 4312 [ 213866EF6F9E75131CE844130F172ABF ] NSPService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe 14:26:33.0053 4312 NSPService - ok 14:26:33.0130 4312 [ 79BC85B1D188DADC51BA02A977BF4985 ] NSPUpdateService C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe 14:26:33.0172 4312 NSPUpdateService - ok 14:26:33.0241 4312 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:26:33.0290 4312 Ntfs - ok 14:26:33.0348 4312 nTuneService - ok 14:26:33.0360 4312 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 14:26:33.0385 4312 Null - ok 14:26:33.0577 4312 [ C9FC4C5A7EBE09A40C7DC37C04542900 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:26:33.0864 4312 nvlddmkm - ok 14:26:33.0906 4312 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys 14:26:33.0912 4312 nvoclk64 - ok 14:26:33.0932 4312 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:26:33.0941 4312 nvraid - ok 14:26:33.0951 4312 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:26:33.0958 4312 nvstor - ok 14:26:34.0010 4312 [ 7056BD6DE1DBF6B8665038AF35D9E146 ] nvsvc C:\Windows\system32\nvvsvc.exe 14:26:34.0039 4312 nvsvc - ok 14:26:34.0092 4312 [ 1B6FA911436D227B24554C33BC68B774 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 14:26:34.0137 4312 nvUpdatusService - ok 14:26:34.0162 4312 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:26:34.0170 4312 nv_agp - ok 14:26:34.0173 4312 NwlnkFlt - ok 14:26:34.0176 4312 NwlnkFwd - ok 14:26:34.0207 4312 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:26:34.0226 4312 ohci1394 - ok 14:26:34.0270 4312 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:26:34.0312 4312 p2pimsvc - ok 14:26:34.0345 4312 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 14:26:34.0365 4312 p2psvc - ok 14:26:34.0397 4312 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 14:26:34.0436 4312 Parport - ok 14:26:34.0449 4312 [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:26:34.0458 4312 partmgr - ok 14:26:34.0486 4312 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 14:26:34.0498 4312 PcaSvc - ok 14:26:34.0588 4312 [ 7204F835A4355D1AB2853E57C9FF177C ] PCD5SRVC{8AAF211B-043E02A9-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms 14:26:34.0595 4312 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning 14:26:34.0595 4312 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1) 14:26:34.0612 4312 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 14:26:34.0621 4312 pci - ok 14:26:34.0636 4312 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 14:26:34.0643 4312 pciide - ok 14:26:34.0681 4312 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:26:34.0690 4312 pcmcia - ok 14:26:34.0729 4312 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:26:34.0778 4312 PEAUTH - ok 14:26:34.0854 4312 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:26:34.0882 4312 PerfHost - ok 14:26:34.0928 4312 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 14:26:35.0024 4312 pla - ok 14:26:35.0097 4312 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:26:35.0119 4312 PlugPlay - ok 14:26:35.0145 4312 PnkBstrA - ok 14:26:35.0220 4312 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:26:35.0242 4312 PNRPAutoReg - ok 14:26:35.0287 4312 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:26:35.0307 4312 PNRPsvc - ok 14:26:35.0375 4312 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:26:35.0412 4312 PolicyAgent - ok 14:26:35.0504 4312 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:26:35.0522 4312 PptpMiniport - ok 14:26:35.0579 4312 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys 14:26:35.0604 4312 Processor - ok 14:26:35.0644 4312 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 14:26:35.0665 4312 ProfSvc - ok 14:26:35.0680 4312 [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:26:35.0689 4312 ProtectedStorage - ok 14:26:35.0722 4312 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys 14:26:35.0730 4312 Ps2 - ok 14:26:35.0764 4312 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:26:35.0782 4312 PSched - ok 14:26:35.0810 4312 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:26:35.0855 4312 ql2300 - ok 14:26:35.0894 4312 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:26:35.0902 4312 ql40xx - ok 14:26:35.0948 4312 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 14:26:35.0961 4312 QWAVE - ok 14:26:35.0971 4312 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:26:35.0981 4312 QWAVEdrv - ok 14:26:35.0989 4312 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:26:36.0014 4312 RasAcd - ok 14:26:36.0028 4312 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 14:26:36.0055 4312 RasAuto - ok 14:26:36.0074 4312 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:26:36.0093 4312 Rasl2tp - ok 14:26:36.0099 4312 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 14:26:36.0121 4312 RasMan - ok 14:26:36.0163 4312 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:26:36.0180 4312 RasPppoe - ok 14:26:36.0201 4312 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:26:36.0212 4312 RasSstp - ok 14:26:36.0239 4312 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:26:36.0258 4312 rdbss - ok 14:26:36.0269 4312 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:26:36.0293 4312 RDPCDD - ok 14:26:36.0324 4312 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:26:36.0353 4312 rdpdr - ok 14:26:36.0356 4312 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:26:36.0382 4312 RDPENCDD - ok 14:26:36.0404 4312 [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:26:36.0425 4312 RDPWD - ok 14:26:36.0458 4312 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:26:36.0484 4312 RemoteAccess - ok 14:26:36.0537 4312 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:26:36.0558 4312 RemoteRegistry - ok 14:26:36.0577 4312 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 14:26:36.0587 4312 RpcLocator - ok 14:26:36.0643 4312 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 14:26:36.0672 4312 RpcSs - ok 14:26:36.0705 4312 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:26:36.0730 4312 rspndr - ok 14:26:36.0765 4312 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 14:26:36.0780 4312 RTL8169 - ok 14:26:36.0788 4312 [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs C:\Windows\system32\lsass.exe 14:26:36.0798 4312 SamSs - ok 14:26:36.0823 4312 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:26:36.0831 4312 sbp2port - ok 14:26:36.0883 4312 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:26:36.0903 4312 SCardSvr - ok 14:26:36.0933 4312 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 14:26:36.0956 4312 Schedule - ok 14:26:36.0959 4312 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:26:36.0977 4312 SCPolicySvc - ok 14:26:37.0023 4312 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:26:37.0034 4312 SDRSVC - ok 14:26:37.0041 4312 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:26:37.0079 4312 secdrv - ok 14:26:37.0085 4312 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 14:26:37.0111 4312 seclogon - ok 14:26:37.0118 4312 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 14:26:37.0146 4312 SENS - ok 14:26:37.0165 4312 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:26:37.0204 4312 Serenum - ok 14:26:37.0226 4312 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 14:26:37.0265 4312 Serial - ok 14:26:37.0291 4312 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:26:37.0334 4312 sermouse - ok 14:26:37.0361 4312 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 14:26:37.0387 4312 SessionEnv - ok 14:26:37.0421 4312 [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys 14:26:37.0427 4312 sfdrv01 - ok 14:26:37.0441 4312 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:26:37.0465 4312 sffdisk - ok 14:26:37.0477 4312 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:26:37.0502 4312 sffp_mmc - ok 14:26:37.0512 4312 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:26:37.0537 4312 sffp_sd - ok 14:26:37.0563 4312 [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys 14:26:37.0569 4312 sfhlp02 - ok 14:26:37.0581 4312 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:26:37.0619 4312 sfloppy - ok 14:26:37.0646 4312 [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04 C:\Windows\system32\drivers\sfsync04.sys 14:26:37.0653 4312 sfsync04 - ok 14:26:37.0709 4312 [ 2AD15758174DCC7993FF3C00A955DD66 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:26:37.0730 4312 ShellHWDetection - ok 14:26:37.0742 4312 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:26:37.0749 4312 SiSRaid2 - ok 14:26:37.0763 4312 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:26:37.0771 4312 SiSRaid4 - ok 14:26:37.0838 4312 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate E:\Program Files (x86)\Skype\Updater\Updater.exe 14:26:37.0845 4312 SkypeUpdate - ok 14:26:37.0914 4312 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 14:26:37.0990 4312 slsvc - ok 14:26:38.0021 4312 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:26:38.0040 4312 SLUINotify - ok 14:26:38.0095 4312 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:26:38.0113 4312 Smb - ok 14:26:38.0121 4312 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:26:38.0132 4312 SNMPTRAP - ok 14:26:38.0150 4312 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 14:26:38.0157 4312 spldr - ok 14:26:38.0214 4312 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 14:26:38.0227 4312 Spooler - ok 14:26:38.0281 4312 [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd C:\Windows\System32\Drivers\sptd.sys 14:26:38.0281 4312 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF 14:26:38.0282 4312 sptd ( LockedFile.Multi.Generic ) - warning 14:26:38.0282 4312 sptd - detected LockedFile.Multi.Generic (1) 14:26:38.0346 4312 [ 8CD33A47CA02C79038B669F31F95BDAC ] srv C:\Windows\system32\DRIVERS\srv.sys 14:26:38.0360 4312 srv - ok 14:26:38.0432 4312 [ 1BEDF533096C56E70F87E3E3EE02CAF5 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:26:38.0442 4312 srv2 - ok 14:26:38.0446 4312 [ 2B8C340F830C465F514D966F7E6A822F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:26:38.0455 4312 srvnet - ok 14:26:38.0460 4312 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:26:38.0488 4312 SSDPSRV - ok 14:26:38.0513 4312 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:26:38.0525 4312 SstpSvc - ok 14:26:38.0559 4312 Steam Client Service - ok 14:26:38.0603 4312 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 14:26:38.0645 4312 stisvc - ok 14:26:38.0685 4312 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:26:38.0691 4312 swenum - ok 14:26:38.0745 4312 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 14:26:38.0769 4312 swprv - ok 14:26:38.0806 4312 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:26:38.0813 4312 Symc8xx - ok 14:26:38.0837 4312 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:26:38.0843 4312 Sym_hi - ok 14:26:38.0856 4312 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:26:38.0862 4312 Sym_u3 - ok 14:26:38.0920 4312 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 14:26:38.0952 4312 SysMain - ok 14:26:38.0956 4312 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:26:38.0968 4312 TabletInputService - ok 14:26:38.0998 4312 tandpl - ok 14:26:39.0049 4312 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:26:39.0071 4312 TapiSrv - ok 14:26:39.0083 4312 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 14:26:39.0110 4312 TBS - ok 14:26:39.0152 4312 [ 0011810B5211FDACD784DE585262ECFE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:26:39.0230 4312 Tcpip - ok 14:26:39.0275 4312 [ 0011810B5211FDACD784DE585262ECFE ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:26:39.0312 4312 Tcpip6 - ok 14:26:39.0361 4312 [ CE3AE2BA7A076F0ADE9F48C598C1D15D ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:26:39.0371 4312 tcpipreg - ok 14:26:39.0387 4312 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:26:39.0413 4312 TDPIPE - ok 14:26:39.0436 4312 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:26:39.0461 4312 TDTCP - ok 14:26:39.0513 4312 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:26:39.0531 4312 tdx - ok 14:26:39.0541 4312 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:26:39.0548 4312 TermDD - ok 14:26:39.0593 4312 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 14:26:39.0645 4312 TermService - ok 14:26:39.0692 4312 [ 2AD15758174DCC7993FF3C00A955DD66 ] Themes C:\Windows\system32\shsvcs.dll 14:26:39.0713 4312 Themes - ok 14:26:39.0731 4312 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 14:26:39.0757 4312 THREADORDER - ok 14:26:39.0799 4312 [ 49916F9CE160399B868176298D7D1B18 ] TKCtrl C:\Windows\system32\TKCtrl2k64.sys 14:26:39.0808 4312 TKCtrl - ok 14:26:39.0833 4312 [ D2DF92451F2F5D381171C2AAC50AD352 ] TKFsAvM C:\Windows\system32\TKFsAv64.sys 14:26:39.0843 4312 TKFsAvM - ok 14:26:39.0881 4312 [ B62AE84BAFC7581FE3BF72B1BAFF7EB4 ] TkFsFtM C:\Windows\system32\TKFsFt64.sys 14:26:39.0889 4312 TkFsFtM - ok 14:26:39.0925 4312 [ 9638CBC32E752C61BE3D2AC5F128A572 ] TKFWFV C:\Windows\system32\TKFWFV64.sys 14:26:39.0933 4312 TKFWFV - ok 14:26:39.0970 4312 [ 39211E00F15B399938A1222064157061 ] TKFWVT C:\Windows\system32\TKFWVT64.sys 14:26:39.0979 4312 TKFWVT - ok 14:26:40.0016 4312 [ A653DE4BB01789B987B1B67C253EF5AE ] TkIdsVt C:\Windows\system32\TkIdsVt64.sys 14:26:40.0024 4312 TkIdsVt - ok 14:26:40.0030 4312 [ C78246370A8E2BA691A33DB2655FB77A ] TKPcFt C:\Windows\system32\TKPcFtCb64.sys 14:26:40.0037 4312 TKPcFt - ok 14:26:40.0053 4312 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 14:26:40.0081 4312 TrkWks - ok 14:26:40.0146 4312 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:26:40.0163 4312 TrustedInstaller - ok 14:26:40.0185 4312 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:26:40.0211 4312 tssecsrv - ok 14:26:40.0232 4312 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:26:40.0241 4312 tunmp - ok 14:26:40.0270 4312 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:26:40.0278 4312 tunnel - ok 14:26:40.0316 4312 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:26:40.0326 4312 uagp35 - ok 14:26:40.0354 4312 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:26:40.0377 4312 udfs - ok 14:26:40.0383 4312 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:26:40.0411 4312 UI0Detect - ok 14:26:40.0430 4312 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:26:40.0438 4312 uliagpkx - ok 14:26:40.0461 4312 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:26:40.0472 4312 uliahci - ok 14:26:40.0497 4312 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:26:40.0505 4312 UlSata - ok 14:26:40.0532 4312 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:26:40.0541 4312 ulsata2 - ok 14:26:40.0562 4312 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:26:40.0588 4312 umbus - ok 14:26:40.0675 4312 UpdateCenterService - ok 14:26:40.0877 4312 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 14:26:40.0928 4312 upnphost - ok 14:26:40.0962 4312 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:26:40.0980 4312 usbccgp - ok 14:26:41.0001 4312 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:26:41.0061 4312 usbcir - ok 14:26:41.0101 4312 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:26:41.0119 4312 usbehci - ok 14:26:41.0139 4312 [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 14:26:41.0144 4312 usbfilter - ok 14:26:41.0155 4312 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:26:41.0175 4312 usbhub - ok 14:26:41.0214 4312 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:26:41.0232 4312 usbohci - ok 14:26:41.0302 4312 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:26:41.0336 4312 usbprint - ok 14:26:41.0340 4312 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:26:41.0359 4312 USBSTOR - ok 14:26:41.0372 4312 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:26:41.0390 4312 usbuhci - ok 14:26:41.0409 4312 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 14:26:41.0429 4312 UxSms - ok 14:26:41.0489 4312 [ 43D018A3ACBA1DCB0BD336476E122B69 ] VC9SecS E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe 14:26:41.0495 4312 VC9SecS - ok 14:26:41.0550 4312 [ 53606539DE7E6225211F576A6EBFBA39 ] vcd9bus C:\Windows\system32\DRIVERS\vcd9bus.sys 14:26:41.0555 4312 vcd9bus - ok 14:26:41.0556 4312 Suspicious service (NoAccess): vdrv9000 14:26:41.0603 4312 [ 689917FB02D3005CE98DB1FEA8A81E5C ] vdrv9000 C:\Windows\system32\DRIVERS\vdrv9000.sys 14:26:41.0605 4312 vdrv9000 ( LockedService.Multi.Generic ) - warning 14:26:41.0605 4312 vdrv9000 - detected LockedService.Multi.Generic (1) 14:26:41.0657 4312 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 14:26:41.0682 4312 vds - ok 14:26:41.0704 4312 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:26:41.0730 4312 vga - ok 14:26:41.0733 4312 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:26:41.0758 4312 VgaSave - ok 14:26:41.0798 4312 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 14:26:41.0805 4312 viaide - ok 14:26:41.0846 4312 [ C6F8FBDE19960E0B172CD76D2677F5E2 ] vmm C:\Windows\system32\Treiber\vmm.sys 14:26:41.0855 4312 vmm - ok 14:26:41.0868 4312 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:26:41.0876 4312 volmgr - ok 14:26:41.0928 4312 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:26:41.0944 4312 volmgrx - ok 14:26:41.0956 4312 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:26:41.0967 4312 volsnap - ok 14:26:42.0000 4312 [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys 14:26:42.0006 4312 VPCNetS2 - ok 14:26:42.0023 4312 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:26:42.0032 4312 vsmraid - ok 14:26:42.0089 4312 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 14:26:42.0129 4312 VSS - ok 14:26:42.0178 4312 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 14:26:42.0202 4312 W32Time - ok 14:26:42.0231 4312 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:26:42.0270 4312 WacomPen - ok 14:26:42.0338 4312 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:26:42.0356 4312 Wanarp - ok 14:26:42.0361 4312 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:26:42.0379 4312 Wanarpv6 - ok 14:26:42.0400 4312 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:26:42.0418 4312 wcncsvc - ok 14:26:42.0472 4312 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:26:42.0492 4312 WcsPlugInService - ok 14:26:42.0516 4312 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 14:26:42.0523 4312 Wd - ok 14:26:42.0556 4312 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:26:42.0589 4312 Wdf01000 - ok 14:26:42.0606 4312 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:26:42.0633 4312 WdiServiceHost - ok 14:26:42.0636 4312 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:26:42.0664 4312 WdiSystemHost - ok 14:26:42.0694 4312 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 14:26:42.0707 4312 WebClient - ok 14:26:42.0712 4312 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:26:42.0741 4312 Wecsvc - ok 14:26:42.0751 4312 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:26:42.0771 4312 wercplsupport - ok 14:26:42.0780 4312 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 14:26:42.0800 4312 WerSvc - ok 14:26:42.0806 4312 WinHttpAutoProxySvc - ok 14:26:42.0884 4312 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:26:42.0904 4312 Winmgmt - ok 14:26:42.0955 4312 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll 14:26:43.0008 4312 WinRM - ok 14:26:43.0051 4312 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:26:43.0071 4312 Wlansvc - ok 14:26:43.0208 4312 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:26:43.0275 4312 wlidsvc - ok 14:26:43.0312 4312 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:26:43.0321 4312 WmiAcpi - ok 14:26:43.0375 4312 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:26:43.0395 4312 wmiApSrv - ok 14:26:43.0403 4312 WMPNetworkSvc - ok 14:26:43.0416 4312 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:26:43.0428 4312 WPCSvc - ok 14:26:43.0473 4312 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:26:43.0485 4312 WPDBusEnum - ok 14:26:43.0622 4312 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:26:43.0663 4312 WPFFontCache_v0400 - ok 14:26:43.0693 4312 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:26:43.0721 4312 ws2ifsl - ok 14:26:43.0724 4312 WSearch - ok 14:26:43.0755 4312 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:26:43.0783 4312 WUDFRd - ok 14:26:43.0797 4312 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:26:43.0826 4312 wudfsvc - ok 14:26:43.0897 4312 X6va005 - ok 14:26:43.0934 4312 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 14:26:43.0940 4312 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 14:26:43.0942 4312 ================ Scan global =============================== 14:26:43.0961 4312 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 14:26:44.0013 4312 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll 14:26:44.0055 4312 [ 36F234FD1AA7BAE559BB1C483FC76286 ] C:\Windows\system32\winsrv.dll 14:26:44.0117 4312 [ F8DCE3BED869F69C9F7C562B943BC255 ] C:\Windows\system32\services.exe 14:26:44.0122 4312 [Global] - ok 14:26:44.0122 4312 ================ Scan MBR ================================== 14:26:44.0151 4312 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0 14:26:44.0544 4312 \Device\Harddisk0\DR0 - ok 14:26:44.0568 4312 [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1 14:26:44.0647 4312 \Device\Harddisk1\DR1 - ok 14:26:44.0648 4312 ================ Scan VBR ================================== 14:26:44.0650 4312 [ 27E9362AA78875B12248F97C95836487 ] \Device\Harddisk0\DR0\Partition1 14:26:44.0651 4312 \Device\Harddisk0\DR0\Partition1 - ok 14:26:44.0653 4312 [ 219370FB1439A3125D7F9E6F8724A60C ] \Device\Harddisk0\DR0\Partition2 14:26:44.0654 4312 \Device\Harddisk0\DR0\Partition2 - ok 14:26:44.0656 4312 [ 960CDE92622C58C393F6E4FC501C8B8C ] \Device\Harddisk1\DR1\Partition1 14:26:44.0657 4312 \Device\Harddisk1\DR1\Partition1 - ok 14:26:44.0657 4312 ============================================================ 14:26:44.0657 4312 Scan finished 14:26:44.0657 4312 ============================================================ 14:26:44.0664 3084 Detected object count: 10 14:26:44.0664 3084 Actual detected object count: 10 14:26:57.0618 3084 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0618 3084 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0619 3084 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0619 3084 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0620 3084 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0620 3084 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0621 3084 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0621 3084 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0622 3084 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0622 3084 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0623 3084 nHancer ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0623 3084 nHancer ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0624 3084 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0624 3084 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0625 3084 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user 14:26:57.0625 3084 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:26:57.0626 3084 sptd ( LockedFile.Multi.Generic ) - skipped by user 14:26:57.0626 3084 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 14:26:57.0627 3084 vdrv9000 ( LockedService.Multi.Generic ) - skipped by user 14:26:57.0627 3084 vdrv9000 ( LockedService.Multi.Generic ) - User select action: Skip 14:27:01.0777 3180 Deinitialize success Kurzer Edit: Mir fällt gerade auf, das Avast! seit dem Reboot nichts mehr von Services.exe blocken will. |
01.07.2013, 13:41 | #7 |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Supi Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.07.2013, 14:00 | #8 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03 Ran by Gast (administrator) on 01-07-2013 14:45:50 Running from C:\Users\Gast\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkcmsvc.exe (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe (INCA Internet Co.,Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe (Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe () C:\Windows\SysWOW64\WinMsgBalloonServer.exe () C:\Windows\SysWOW64\WinMsgBalloonClient.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Windows\SysWOW64\BeepApp.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\SysWOW64\conime.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\vc9play.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9Tray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard) HKCU\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [EADM] "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x] HKCU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 MountPoints2: {139f4f8e-2e9f-11e0-b50d-002421172082} - L:\OblivionLauncher.exe MountPoints2: {139f4f9c-2e9f-11e0-b50d-002421172082} - M:\setup.exe MountPoints2: {164bed90-1e7b-11e0-aa79-002421172082} - L:\OblivionLauncher.exe MountPoints2: {3f05954f-e5bd-11dd-9d91-806e6f6e6963} - F:\autorun.exe MountPoints2: {e273aac0-cbc4-11de-ade2-002421172082} - K:\Autorun.exe HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro) HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.) HKLM-x32\...\Run: [VC9Player] "E:\Program Files (x86)\Virtual CD v9\System\VC9Play.exe" [x] HKLM-x32\...\Run: [nProtect GameGuard Personal 3.0] "E:\Program Files (x86)\INCAInternet\nProtect GameGuard Personal 3.0\nProtect GameGuard Personal 3.0\nspmain.exe" -tray [x] HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-03-28] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM SearchScopes: DefaultScope {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de SearchScopes: HKLM - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKLM - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 SearchScopes: HKLM-x32 - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKLM-x32 - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 SearchScopes: HKLM-x32 - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de HKCU SearchScopes: DefaultScope {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 SearchScopes: HKCU - {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKCU - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 SearchScopes: HKCU - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: CescrtHlpr Object - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [51656 2009-05-22] (EasyBits Software Corp.) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default FF user.js: detected! => C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\user.js FF SearchEngine: Facemoods Search FF Homepage: hxxp://start.facemoods.com/?a=ddrnw FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\DTToolbar@toolbarnet.com FF Extension: Facemoods - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\ffxtlbr@Facemoods.com FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF Extension: DownloadHelper - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: ZoneAlarm-Sicherheit Community Toolbar - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: hxxp://start.facemoods.com/?a=ddrnw CHR RestoreOnStartup: "hxxp://start.facemoods.com/?a=ddrnw" CHR DefaultSearchURL: (facemoods) - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 CHR DefaultSuggestURL: (facemoods) - "suggest_url": "" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File CHR Plugin: (Skype Toolbars) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.) CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.6.1_0\plugins/npProductDetectPlugin.dll (Hewlett-Packard) CHR Plugin: (Adobe Acrobat) - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll No File CHR Plugin: (Unity Player) - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0 CHR Extension: (Funmoods) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\2.1.0_0 CHR Extension: (Skype Click to Call) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0 CHR Extension: (HP Product Detection Plugin) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.6.1_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (Gmail) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software) S4 DAUpdaterSvc; E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare) S2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 nHancer; E:\Program Files\nHancer\nHancerService.exe [39424 2010-05-02] (KSE - Korndörfer Software Engineering) R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [817152 2010-03-25] (Locktime Software) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3813096 2010-06-20] (INCA Internet Co., Ltd.) R2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [191008 2010-08-22] (INCA Internet Co., Ltd.) R2 NSPService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe [581248 2011-09-16] (INCA Internet Co., Ltd.) R2 NSPUpdateService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [1252840 2012-10-25] (INCA Internet Co.,Ltd.) R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] () S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies) R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA) R2 VC9SecS; E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe [132424 2009-04-21] (H+H Software GmbH) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-12] () S3 CEDRIVER60; E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] () S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH) S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-12] () R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software) R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software) S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.) S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.) S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.) S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce)) R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce)) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-12] () S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] () R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.) R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.) R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.) R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.) R3 TkFsFtM; C:\Windows\System32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.) R3 TkFsFtM; C:\Windows\SysWow64\TKFsFt64.sys [22848 2011-03-28] (INCA Internet Co., Ltd.) R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-28] (INCA Internet Co., Ltd.) S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.) S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.) R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.) R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.) R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.) R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.) R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH) R1 vmm; C:\Windows\system32\Treiber\vmm.sys [297496 2008-02-12] (Microsoft Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) S3 dump_wmimmc; \??\E:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x] S2 tandpl; System32\drivers\tandpl.sys [x] S3 X6va005; \??\C:\Users\Gast\AppData\Local\Temp\00539A5.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST 2013-07-01 13:17 - 2013-07-01 14:11 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe 2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe 2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-01 10:02 - 2013-07-01 11:06 - 00000552 ____A C:\Windows\System32\spsys.log 2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-07-01 00:42 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-07-01 00:41 - 2013-07-01 00:42 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-07-01 00:41 - 2013-07-01 00:42 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-07-01 00:41 - 2013-05-09 10:59 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00059144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys 2013-07-01 00:41 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt 2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt 2013-07-01 00:40 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-07-01 00:40 - 2013-03-13 19:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache 2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache 2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-30 20:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2013-06-29 23:28 - 2013-06-30 09:54 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar 2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent 2013-06-26 12:30 - 2013-06-26 12:31 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk 2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime 2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar 2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar 2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar 2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip 2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar 2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor 2013-06-25 17:31 - 2013-06-25 17:32 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe 2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor V4.2.rar 2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam] 2013-06-23 11:26 - 2013-06-23 11:29 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z 2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine ) C:\Users\Gast\Downloads\CheatEngine63.exe 2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar 2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z 2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z 2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z 2013-06-16 14:16 - 2013-06-16 14:17 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z 2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip 2013-06-16 13:16 - 2013-06-16 13:18 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip 2013-06-16 13:15 - 2013-06-16 13:16 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip 2013-06-14 16:17 - 2013-06-16 19:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium 2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt 2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt 2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url 2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z 2013-06-09 00:02 - 2013-06-09 00:05 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip 2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality 2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url 2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip 2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip 2013-06-08 12:05 - 2013-06-08 12:06 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip 2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z 2013-06-01 15:26 - 2013-06-01 15:28 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z 2013-06-01 15:20 - 2013-06-01 15:22 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z 2013-06-01 15:20 - 2013-06-01 15:21 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z 2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z 2013-06-01 15:19 - 2013-06-01 15:20 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z 2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z 2013-06-01 15:16 - 2013-06-01 15:17 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z 2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar ==================== One Month Modified Files and Folders ======= 2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST 2013-07-01 14:43 - 2010-07-10 20:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-01 14:24 - 2009-01-08 03:28 - 16557272 ____A C:\Windows\System32\perfh007.dat 2013-07-01 14:24 - 2009-01-08 03:28 - 05415116 ____A C:\Windows\System32\perfc007.dat 2013-07-01 14:24 - 2006-11-02 14:46 - 00006722 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-01 14:22 - 2010-11-12 20:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Deployment 2013-07-01 14:21 - 2012-08-22 17:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-01 14:18 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt 2013-07-01 14:14 - 2010-07-10 20:06 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-01 14:14 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 14:13 - 2010-12-17 20:20 - 00056114 ____A C:\Windows\PFRO.log 2013-07-01 14:13 - 2009-09-24 16:32 - 00380928 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2013-07-01 14:13 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-01 14:13 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-01 14:12 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-01 14:11 - 2013-07-01 13:17 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe 2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe 2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-01 11:25 - 2009-12-12 15:40 - 00000000 ____D C:\ProgramData\Adobe 2013-07-01 11:24 - 2010-04-08 10:31 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe 2013-07-01 11:06 - 2013-07-01 10:02 - 00000552 ____A C:\Windows\System32\spsys.log 2013-07-01 10:59 - 2010-12-22 15:04 - 00000000 ____D C:\Users\Gast\Desktop\Trainer 2013-07-01 10:58 - 2011-08-13 15:12 - 00000368 ____H C:\Windows\SysWOW64\nspgpinf.nsx 2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-07-01 00:42 - 2013-07-01 00:41 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-07-01 00:42 - 2013-07-01 00:41 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-07-01 00:41 - 2009-04-23 15:22 - 00000000 ____D C:\users\Gast 2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt 2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache 2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache 2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-30 20:40 - 2011-05-20 23:52 - 00001987 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-30 14:31 - 2009-08-14 19:34 - 00044032 ____A C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-30 14:29 - 2010-03-20 09:42 - 00000000 ____D C:\Users\Gast\AppData\Roaming\vlc 2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2013-06-30 09:57 - 2009-09-26 23:38 - 00000000 ____D C:\Users\Gast\AppData\Roaming\BitTorrent 2013-06-30 09:54 - 2013-06-29 23:28 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar 2013-06-30 02:05 - 2009-01-19 02:16 - 01694584 ____A C:\Windows\WindowsUpdate.log 2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent 2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\Users\Gast\AppData\Local\PMB Files 2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-27 09:22 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Skyrim 2013-06-26 12:31 - 2013-06-26 12:30 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk 2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime 2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar 2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar 2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar 2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip 2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar 2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor 2013-06-25 17:32 - 2013-06-25 17:31 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe 2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor V4.2.rar 2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2013-06-25 11:34 - 2012-02-02 19:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\.minecraft 2013-06-24 10:01 - 2009-04-24 10:08 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam] 2013-06-23 11:29 - 2013-06-23 11:26 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z 2013-06-23 11:26 - 2010-12-22 15:03 - 00000000 ____D C:\Users\Gast\Desktop\Spiele 2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine ) C:\Users\Gast\Downloads\CheatEngine63.exe 2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar 2013-06-21 08:48 - 2012-05-19 08:10 - 00007916 ____A C:\Users\Gast\AppData\Local\d3d9caps.dat 2013-06-20 11:10 - 2009-04-30 12:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-06-18 11:40 - 2010-12-10 13:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2013-06-16 19:10 - 2013-06-14 16:17 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium 2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z 2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z 2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z 2013-06-16 14:17 - 2013-06-16 14:16 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z 2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip 2013-06-16 13:18 - 2013-06-16 13:16 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip 2013-06-16 13:16 - 2013-06-16 13:15 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip 2013-06-14 16:29 - 2011-01-12 20:45 - 00566636 ____A C:\Windows\DirectX.log 2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt 2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt 2013-06-14 16:17 - 2009-10-25 08:56 - 00000000 ____D C:\Users\Gast\Documents\My Games 2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url 2013-06-12 17:21 - 2012-04-09 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 17:21 - 2011-06-01 07:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 00:05 - 2013-06-09 00:02 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip 2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z 2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality 2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url 2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip 2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip 2013-06-08 12:06 - 2013-06-08 12:05 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip 2013-06-05 19:24 - 2012-07-06 22:17 - 00000000 ____D C:\Users\Gast\AppData\Local\Origin 2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z 2013-06-01 15:28 - 2013-06-01 15:26 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z 2013-06-01 15:22 - 2013-06-01 15:20 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z 2013-06-01 15:21 - 2013-06-01 15:20 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z 2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z 2013-06-01 15:20 - 2013-06-01 15:19 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z 2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z 2013-06-01 15:17 - 2013-06-01 15:16 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z 2013-06-01 10:34 - 2013-05-31 21:13 - 00000000 ____D C:\Users\Gast\Desktop\Dont Starve 2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar ZeroAccess: C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3} C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@ C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287 C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\76603ac3 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-09-24 16:32] - [2013-07-01 14:13] - 0380928 ____A (Microsoft Corporation) F8DCE3BED869F69C9F7C562B943BC255 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-01 14:24 ==================== End Of Log ============================ --- --- --- --- --- --- und Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2013 03 Ran by Gast at 2013-07-01 14:46:58 Running from C:\Users\Gast\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 1.8.4) 12noon Display Changer (x32 Version: 4.3.1.0) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AAVUpdateManager (x32 Version: 18.00.0000) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5) Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636) AMD USB Audio Driver Filter (x32 Version: 1.0.7.0031) ANNO 2070 (x32 Version: 1.0.0.0) APB Reloaded (x32) ArtMoney SE v7.31 (x32 Version: 7.31) AutoIt v3.3.6.1 (x32) avast! Internet Security (x32 Version: 8.0.1489.0) Battlelog Web Plugins (x32 Version: 1.122.0) BILD-Steuer 2012 (x32 Version: 17.10) BioShock 2 (x32 Version: 1.0.0003.131) BioShock 2 (x32 Version: 1.00.0000) BioShock Infinite Deutsch-Patch 1.0 (x32 Version: 1.0) BitTorrent (x32) Borderlands (x32) Borderlands 2 (x32) BOSS (x32 Version: 2.1.1) BULLFROG GAMEPAD (x32 Version: 2002.10.8) Call of Duty: Black Ops II - Multiplayer (x32) Call of Duty: Black Ops II - Zombies (x32) Call of Duty: Black Ops II (x32) CCleaner (Version: 3.01) Cheat Engine 6.0 (x32) Cheat Engine 6.3 (x32) Cheatbook 07.2009 (x32) Comfort Keys Lite 4.3.3.0 (x32 Version: 4.3) Command & Conquer 3 (x32 Version: 1.00.0000) Command & Conquer™ Alarmstufe Rot 3 (x32 Version: 1.0.1.0) Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0) Company of Heroes (x32 Version: 2.602.0) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6425.1000) Conquest of the New World Deluxe (x32) Crysis(R) (x32 Version: 1.20.0000) Crysis® 2 (x32 Version: 1.0.0.0) Curse Client (HKCU Version: 4.0.1.104) CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111) DAEMON Tools Toolbar (x32 Version: 1.1.3.0244) Dawn of War - Dark Crusade (x32 Version: 1.00.0000) Dead Island (x32) Dead Island Ryder White DLC (x32) Dead Space™ 2 (x32 Version: 1.0.942.0) Diablo III (x32 Version: 1.0.8.16603) DivX-Setup (x32 Version: 2.6.1.28) Dragon Age 2 DLC Pack 1 1.00 (x32) Dragon Age II (x32 Version: 1.03) Dragon Age II DLC PACK 1 (x32) Dragon Age: Origins (x32 Version: 1.04) Dungeon Siege III (x32) Empire Earth II (x32) Empire Earth II Gold Edition (x32) EoD ver 1.0.0.0 (x32 Version: 1.0.0) ESN Sonar (x32 Version: 0.70.0) ESN Sonar (x32 Version: 0.70.4) EVEREST Home Edition v2.20 (x32 Version: 2.20) Explorer Suite III Fable - The Lost Chapters (x32 Version: 1.00.0000) Fable III (x32 Version: 1.0.0000.131) Fable III (x32 Version: 1.0.0001.131) FableTLCMod - Fable Explorer (x32 Version: 1.1.0.0) Facemoods Toolbar (x32) Fallout 3 (x32 Version: 1.00.0000) Fallout Mod Manager 0.11.9 (x32) Fallout Mod Manager 0.13.21 (x32) Fallout New Vegas (x32 Version: v7) Fallout New Vegas (x32) Far Cry 3 (x32 Version: 1.01) FEAR (x32 Version: 1.00.0000) FOOK2 (x32 Version: v1.0) Free Video Downloader & Converter 1.0.1 (x32 Version: 1.0.1) Free Video to MP3 Converter version 4.0 (x32) Free YouTube Download 2.7 (x32) Gibbed's RED Tools version r21 (x32 Version: r21) Google Chrome (x32 Version: 27.0.1453.116) Google Earth (x32 Version: 5.2.1.1588) Google Update Helper (x32 Version: 1.3.21.145) Grand Ages Rome 1.11 (x32 Version: 1.11) Guild 2 Patch 1.4 (x32 Version: 1.0.0) Guild Wars 2 (x32) Hardware Diagnose Tools (Version: 5.1.4976.17) Hex-Editor MX (x32 Version: 6.0) HijackThis 2.0.2 (x32 Version: 2.0.2) HP Active Support Library (x32 Version: 3.1.9.1) HP Customer Experience Enhancements (x32 Version: 5.7.0.2784) HP Demo (x32 Version: 1.00.0000) HP Easy Backup (x32 Version: 1.0.7.0) HP MediaSmart DVD (x32 Version: 2.0.2213) HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2217) HP MediaSmart SmartMenu (Version: 2.0.8) HP On-Screen Cap/Num/Scroll Lock Indicator HP Picasso Media Center Add-In (x32 Version: 9.1.7.0) HP Product Detection (x32 Version: 10.7.9.0) HP Recovery Manager RSS (x32 Version: 91.0.0.10) HP Total Care Advisor (x32 Version: 2.4.5106.2815) HP Total Care Setup (x32 Version: 1.1.1983.2818) HP Update (x32 Version: 4.000.012.001) HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2) ICQ7.6 (x32 Version: 7.6) IrfanView (remove only) (x32) Java 7 Update 21 (x32 Version: 7.0.210) Java Auto Updater (x32 Version: 2.1.9.5) Java(TM) 6 Update 22 (x32 Version: 6.0.220) Java(TM) 6 Update 31 (x32 Version: 6.0.310) Java(TM) 6 Update 7 (x32 Version: 1.6.0.70) JDownloader 0.9 (x32 Version: 0.9) K-Lite Codec Pack 4.0.0 (Full) (x32 Version: 4.0.0) LabelPrint (x32 Version: 2.5.0904) League of Legends (x32 Version: 1.02.0000) LightScribe System Software 1.14.25.1 (x32 Version: 1.14.25.1) Loadout (x32) Magic Desktop (x32) Magic ISO Maker v5.4 (build 0239) (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Marvel Heroes (x32) Mass Effect (x32 Version: 1.00) Mass Effect 2 (x32 Version: 1.02) McAfee Security Scan Plus (x32 Version: 3.0.318.3) MegaChecksum V1.3.0.2b (x32) MegaTrainer eXperience V1.1.5.3 (x32) MegaTrainer XL V1.5.8.0 (x32) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 1.1 Security Update (KB2416447) (x32) Microsoft .NET Framework 1.1 Security Update (KB979906) (x32) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Games for Windows - LIVE (x32 Version: 3.4.54.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6425.1000) Microsoft Silverlight (x32 Version: 5.0.61118.0) Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Mozilla Firefox 11.0 (x86 de) (HKCU Version: 11.0) Mozilla Firefox 7.0.1 (x86 de) (x32 Version: 7.0.1) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) muvee Reveal (x32 Version: 7.0.35.7315) My HP Games (x32 Version: 1.0.0.62) NetLimiter 2 Monitor (remove only) (x32) Nexus Mod Manager (Version: 0.44.10) nHancer (Version: 2.5.0900) nHancer (x32 Version: 2.5.0900) NirSoft BlueScreenView (x32) Notepad++ (x32 Version: 6.3.1) nProtect GameGuard Personal 3.0 (x32 Version: 3.00.0000) nProtect KeyCrypt (x32) nProtect Security Platform (x32 Version: 3.00.0000) NVIDIA Drivers (Version: 1.10) NVIDIA Grafiktreiber 310.64 (Version: 310.64) NVIDIA Install Application (Version: 2.1002.95.599) NVIDIA Performance (x32 Version: 6.5) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA System Monitor (x32 Version: 6.5) NVIDIA System Update (x32 Version: 3.00) NVIDIA Systemsteuerung 310.64 (Version: 310.64) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) Oblivion (x32 Version: 1.00.0000) OpenAL (x32) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Optimierte Multimedia-Tastatur-Lösung (x32 Version: 1.0.9.2) Origin (x32 Version: 8.6.0.357) Pando Media Booster (x32 Version: 2.6.0.7) Pflanzen gegen Zombies (x32) Power2Go (x32 Version: 6.0.2112) PowerDirector (x32 Version: 7.0.2202) PunkBuster Services (x32 Version: 0.993) Python 2.5.2 (x32 Version: 2.5.2150) RAD Video Tools (x32) RAIDXpert (x32 Version: 2.4.1540.18) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6101) Risen - ModStarter 1.3.2.1 (Online Mods DB version) (x32) Risen (x32 Version: 1.00.0000) RTPatch Update (x32) Saints Row The Third (x32) Silent Storm (x32 Version: 1.2) Sins of a Solar Empire Rebellion (c) Stardock version 1 (x32 Version: 1) Skype Click to Call (x32 Version: 5.9.9216) Skype™ 5.10 (x32 Version: 5.10.115) Sniper Elite V2 (x32) SpellForce 2 - Dragon Storm (x32 Version: 1.0.0) SPORE Creature Creator Trial Edition (x32 Version: 1.00.0000) Star Wars: The Old Republic (x32 Version: 1.00) StarCraft II (x32 Version: 2.0.6.25180) Steam (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) System Requirements Lab (x32 Version: 4.1.72.0) System Requirements Lab (x32) System Requirements Lab CYRI (x32 Version: 5.0.6.0) TeamExtreme Minecraft Installer 1.3.2 (x32) TeamSpeak 3 Client TechPowerUp GPU-Z (x32) Testversion von Microsoft Office Home and Student 2007 The Elder Scrolls V Hearthfire DLC für die DEU & ENG Version 1.00 (x32) The Elder Scrolls V Skyrim - Dawnguard DLC Deutsche Version PLus UPDATE 10 1.00 (x32) The Elder Scrolls V Skyrim Creation-Kit (1.6.89.0) 1.6.89.0 (x32) The Elder Scrolls V Skyrim Dragonborn DLC Deutsche Version 1.00 (x32 Version: 1.00) The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Deutsche Version 1.00 (x32) The Elder Scrolls V Skyrim Update 12 (1.9.29.0.8) Deutsche Version 1.9.29.0.8 (x32 Version: 1.9.29.0.8) The Elder Scrolls V Skyrim Update 13 (1.9.32.0.8) Deutsche Version 1.9.32.0.8 (x32 Version: 1.9.32.0.8) The Elder Scrolls V Skyrim Update 9 (1.6.89.0.6) Deutsche Version 1.00 (x32) The Secret World (x32 Version: 1.0.0) The Witcher (x32 Version: 1.00.0000) The Witcher 2 (x32 Version: 1.00.0000) The Witcher Grafikmods 1.0 (x32) Unepic (x32) Uninstall 1.0.0.1 (x32) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update Installer for WildTangent Games App (x32) Uplay (x32 Version: 2.0) Vampires Dawn II: Ancient Blood (MP3) (x32 Version: Vampires Dawn 2 - Version 1.23 (MP3)) Vampires Dawn: Reign of Blood (x32 Version: Vampires Dawn: Reign of Blood 1.31) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Virtual CD v9 (x32 Version: 9.30.1) VLC media player 1.0.5 (x32 Version: 1.0.5) War Leaders - Clash of Nations (x32 Version: 1.0) Warframe (x32) Warhammer 40000 Dawn of War II - Retribution (x32) Warhammer® 40,000™: Dawn of War® II (x32) WildTangent Games App (HP Games) (x32 Version: 4.0.10.5) Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Live OneCare safety scanner (x32 Version: 1.0.0.0) Windows Live OneCare safety scanner (x32) WinRAR World of Warcraft (x32 Version: 4.3.4.15595) XCOM Enemy Unknown Deutsch Patch Version 1.0 (x32 Version: 1.0) X-Ray SDK v0.4 (x32) ==================== Restore Points ========================= 04-05-2013 11:16:03 Geplanter Prüfpunkt 06-05-2013 19:48:55 Geplanter Prüfpunkt 07-05-2013 18:21:28 Geplanter Prüfpunkt 11-05-2013 19:28:11 Geplanter Prüfpunkt 18-05-2013 19:17:34 Geplanter Prüfpunkt 22-05-2013 15:19:54 DirectX wurde installiert 22-05-2013 15:21:49 Installed Ubisoft Game Launcher 29-05-2013 19:16:00 Geplanter Prüfpunkt 02-06-2013 05:59:21 Geplanter Prüfpunkt 04-06-2013 20:00:38 Geplanter Prüfpunkt 07-06-2013 05:50:37 Geplanter Prüfpunkt 08-06-2013 17:14:35 DirectX wurde installiert 08-06-2013 17:22:19 DirectX wurde installiert 08-06-2013 18:40:38 DirectX wurde installiert 09-06-2013 06:14:07 DirectX wurde installiert 09-06-2013 09:04:36 DirectX wurde installiert 09-06-2013 11:50:29 DirectX wurde installiert 09-06-2013 14:01:03 DirectX wurde installiert 09-06-2013 16:44:42 DirectX wurde installiert 09-06-2013 19:18:09 DirectX wurde installiert 10-06-2013 12:35:27 DirectX wurde installiert 10-06-2013 16:33:58 DirectX wurde installiert 12-06-2013 14:34:08 DirectX wurde installiert 14-06-2013 08:07:37 Geplanter Prüfpunkt 14-06-2013 14:16:38 DirectX wurde installiert 14-06-2013 14:22:42 DirectX wurde installiert 14-06-2013 14:29:35 DirectX wurde installiert 16-06-2013 11:03:00 Geplanter Prüfpunkt 17-06-2013 07:39:54 Geplanter Prüfpunkt 18-06-2013 11:15:41 Geplanter Prüfpunkt 20-06-2013 21:18:44 Geplanter Prüfpunkt 21-06-2013 21:37:23 Geplanter Prüfpunkt 23-06-2013 11:59:06 Geplanter Prüfpunkt 28-06-2013 11:55:58 Geplanter Prüfpunkt 29-06-2013 21:11:37 Geplanter Prüfpunkt 30-06-2013 22:39:14 avast! Internet Security Setup 30-06-2013 22:41:19 Gerätetreiber-Paketinstallation: ALWIL Software Netzwerkadapter 30-06-2013 22:41:35 Gerätetreiber-Paketinstallation: ALWIL Software Netzwerkdienst ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {14898C57-3FAC-44F1-8281-963723F6B95C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10] (Google Inc.) Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {330C7223-A603-443F-B256-45872B811200} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {509552E1-8DCE-4540-AEFD-192AF314238D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08] (Hewlett-Packard) Task: {607AB94E-BB4D-4FFD-99AA-889207306C9D} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] () Task: {6CECA62A-A3EF-47AF-9211-74CC52CD9B49} - System32\Tasks\{D9D43378-CBDC-4BF6-9161-D2EB654A99E7} => C:\Program Files (x86)\Skype\Phone\Skype.exe No File Task: {6D3FC05A-109E-4B69-BCA1-5EE76B4E5EF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10] (Google Inc.) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {9A7B43EC-9D60-4120-99C5-51B037F8B068} - System32\Tasks\HP Health Check => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {A0186FDB-46EB-4A6D-976C-13AA9F3B55DE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-24] (Microsoft Corporation) Task: {A5B9099E-8987-4D87-ABE9-2486D80534F3} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {B19913F3-E7C7-4796-8F3C-441F98C9ADAF} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-10-20] () Task: {B774125C-EA2A-4276-B248-F3A681D5F756} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10] (PC-Doctor, Inc.) Task: {C1D57579-FF07-4909-920A-A8825CC1815B} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard) Task: {E8938192-BEB5-47A1-B6E9-E05867831492} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F13F5A98-8CD3-412D-A223-7492B1D4D99E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {F63B1B8B-12F4-4E17-AF4C-AE6527B59A9D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf) (User: ) Description: WmiApRplWmiApRpl8 Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf) (User: ) Description: Performance16 Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf) (User: ) Description: Performance16 Error: (07/01/2013 02:19:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 02:14:47 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f, Prozess-ID 0x1360, Anwendungsstartzeit iexplore.exe0. Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f, Prozess-ID 0x10f0, Anwendungsstartzeit iexplore.exe0. Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f, Prozess-ID 0xb7c, Anwendungsstartzeit iexplore.exe0. Error: (07/01/2013 11:25:13 AM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel 0x4ccf92fb, fehlerhaftes Modul IEFRAME.dll, Version 8.0.6001.18999, Zeitstempel 0x4ccfa857, Ausnahmecode 0xc0000005, Fehleroffset 0x00125c4f, Prozess-ID 0x4f8, Anwendungsstartzeit iexplore.exe0. Error: (07/01/2013 11:17:00 AM) (Source: LoadPerf) (User: ) Description: WmiApRplWmiApRpl8 System errors: ============= Error: (07/01/2013 02:25:03 PM) (Source: Service Control Manager) (User: ) Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts Error: (07/01/2013 02:24:59 PM) (Source: Service Control Manager) (User: ) Description: PnkBstrA1 Error: (07/01/2013 02:21:12 PM) (Source: Service Control Manager) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (07/01/2013 02:21:12 PM) (Source: Service Control Manager) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: ) Description: i8042prt Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: ) Description: nHancer Support%%1053 Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: ) Description: 30000nHancer Support Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (07/01/2013 02:19:24 PM) (Source: Service Control Manager) (User: ) Description: HP Easy Backup Button Service%%1053 Microsoft Office Sessions: ========================= Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf)(User: ) Description: WmiApRplWmiApRpl8 Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf)(User: ) Description: Performance16 Error: (07/01/2013 02:24:46 PM) (Source: LoadPerf)(User: ) Description: Performance16 Error: (07/01/2013 02:19:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 02:14:47 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: ) Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4f136001ce763cc5642627 Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: ) Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4f10f001ce763c81e7b0b7 Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: ) Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4fb7c01ce763bd680e7f7 Error: (07/01/2013 11:25:13 AM) (Source: Application Error)(User: ) Description: iexplore.exe8.0.6001.189994ccf92fbIEFRAME.dll8.0.6001.189994ccfa857c000000500125c4f4f801ce763bbe613767 Error: (07/01/2013 11:17:00 AM) (Source: LoadPerf)(User: ) Description: WmiApRplWmiApRpl8 CodeIntegrity Errors: =================================== Date: 2013-07-01 11:38:30.748 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:30.638 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:30.529 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:30.419 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:30.308 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:30.198 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:30.087 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:29.975 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:29.865 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-01 11:38:29.755 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\~GLH0023.TMP" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 8183.2 MB Available physical RAM: 5820.14 MB Total Pagefile: 20353.73 MB Available Pagefile: 17785.06 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:581.32 GB) (Free:28.88 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.72 GB) (Free:2.02 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] Drive e: (HP2) (Fixed) (Total:596.17 GB) (Free:31.79 GB) NTFS (Disk=1 Partition=1) Drive f: (SWTORDE1) (CDROM) (Total:7.78 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=581 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=15 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 596 GB) (Disk ID: 23318F0E) Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
01.07.2013, 14:17 | #9 |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Die Dateien sind normal, die verschwinden wieder wenn man sie wieder versteckt Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess: C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3} C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@ C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287 C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\76603ac3
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.07.2013, 14:24 | #10 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Und schon ist es erledigt und hier dein log :P Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013 03 Ran by Gast at 2013-07-01 15:22:42 Run:1 Running from C:\Users\Gast\Desktop Boot Mode: Normal ============================================== C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3} => Moved successfully. C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L => File/Directory not found. C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\U => File/Directory not found. C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\00000004.@ => File/Directory not found. C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\201d3dde => File/Directory not found. C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\6715e287 => File/Directory not found. C:\Windows\Installer\{aef1204e-0c8f-9030-91d9-b05cf39086b3}\L\76603ac3 => File/Directory not found. ==== End of Fixlog ==== |
01.07.2013, 16:00 | #11 |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.07.2013, 16:41 | #12 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Here we go again :P ADW Code:
ATTFilter # AdwCleaner v2.303 - Datei am 01/07/2013 um 17:08:02 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # Benutzer : Gast - GAST-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Gast\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\Gast\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\searchplugins\daemon-search.xml Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Gelöscht mit Neustart : C:\Program Files (x86)\Conduit Gelöscht mit Neustart : C:\Program Files (x86)\DAEMON Tools Toolbar Gelöscht mit Neustart : C:\Program Files (x86)\facemoods.com Gelöscht mit Neustart : C:\ProgramData\Trymedia Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Temp\Conduit Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Temp\CT2613550 Gelöscht mit Neustart : C:\Users\Gast\AppData\Local\Temp\OCS Gelöscht mit Neustart : C:\Users\Gast\AppData\LocalLow\boost_interprocess Gelöscht mit Neustart : C:\Users\Gast\AppData\LocalLow\Conduit Gelöscht mit Neustart : C:\Users\Gast\AppData\LocalLow\facemoods.com Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\dvdvideosoftiehelpers Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Conduit Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\ConduitCommon Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\CT2613550 Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\DTToolbar@toolbarnet.com Gelöscht mit Neustart : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\extensions\ffxtlbr@Facemoods.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\facemoods.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\facemoods.com Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18999 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.facemoods.com/?a=ddrnw&f=2 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v7.0.1 (de) Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\prefs.js C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\user.js ... Gelöscht ! Gelöscht : user_pref("CT2613550..clientLogIsEnabled", false); Gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Gelöscht : user_pref("CT2613550.BrowserCompStateIsOpen_130040893173399876", true); Gelöscht : user_pref("CT2613550.BrowserCompStateIsOpen_130100883130261291", true); Gelöscht : user_pref("CT2613550.CTID", "ct2613550"); Gelöscht : user_pref("CT2613550.CurrentServerDate", "30-6-2013"); Gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200"); Gelöscht : user_pref("CT2613550.DownloadReferralCookieData", ""); Gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Sun Jun 30 2013 21:09:10 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602533", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602539", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602545", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602551", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602557", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602563", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602569", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602575", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602581", "Sat Jul 02 2011 23:26:13 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602587", "Sat Jul 02 2011 23:26:13 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602593", "Sat Jul 02 2011 23:26:13 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602599", "Sat Jul 02 2011 23:26:14 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602605", "Sat Jul 02 2011 23:26:14 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602611", "Sat Jul 02 2011 23:26:14 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602617", "Sat Jul 02 2011 23:26:14 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602623", "Sat Jul 02 2011 23:26:14 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedPollDate129254982599602629", "Sat Jul 02 2011 23:26:14 GMT+0200"); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602545", 5); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602551", 5); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602575", 2); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602599", 30); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602605", 5); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602617", 30); Gelöscht : user_pref("CT2613550.FeedTTL129254982599602629", 2); Gelöscht : user_pref("CT2613550.FirstServerDate", "21-12-2010"); Gelöscht : user_pref("CT2613550.FirstTime", true); Gelöscht : user_pref("CT2613550.FirstTimeFF3", true); Gelöscht : user_pref("CT2613550.FirstTimeSettingsDone", true); Gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true); Gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440); Gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true); Gelöscht : user_pref("CT2613550.Initialize", true); Gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true); Gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3); Gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration"); Gelöscht : user_pref("CT2613550.InstalledDate", "Tue Dec 21 2010 00:54:14 GMT+0100"); Gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true); Gelöscht : user_pref("CT2613550.IsGrouping", false); Gelöscht : user_pref("CT2613550.IsMulticommunity", false); Gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false); Gelöscht : user_pref("CT2613550.IsOpenUninstallPage", true); Gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Dec 21 2010 00:54:27 GMT+0100"); Gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440); Gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Gelöscht : user_pref("CT2613550.LastLogin_2.7.1.3", "Sat Jul 02 2011 23:26:12 GMT+0200"); Gelöscht : user_pref("CT2613550.LastLogin_3.10.0.1", "Wed Jun 06 2012 21:37:45 GMT+0200"); Gelöscht : user_pref("CT2613550.LastLogin_3.13.0.6", "Sun Dec 30 2012 00:56:26 GMT+0100"); Gelöscht : user_pref("CT2613550.LastLogin_3.16.0.3", "Sun Jun 30 2013 21:09:22 GMT+0200"); Gelöscht : user_pref("CT2613550.LastLogin_3.7.0.6", "Thu Jan 12 2012 19:27:51 GMT+0100"); Gelöscht : user_pref("CT2613550.LastLogin_3.8.1.0", "Tue Feb 28 2012 23:59:12 GMT+0100"); Gelöscht : user_pref("CT2613550.LastLogin_3.9.0.3", "Mon Apr 09 2012 01:52:08 GMT+0200"); Gelöscht : user_pref("CT2613550.LatestVersion", "3.18.0.7"); Gelöscht : user_pref("CT2613550.Locale", "de-de"); Gelöscht : user_pref("CT2613550.LoginCache", 4); Gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83"); Gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295"); Gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", false); Gelöscht : user_pref("CT2613550.RadioIsPodcast", false); Gelöscht : user_pref("CT2613550.RadioMediaID", "8546"); Gelöscht : user_pref("CT2613550.RadioMediaType", "Media Player"); Gelöscht : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546"); Gelöscht : user_pref("CT2613550.RadioShrinkedFromSetup", false); Gelöscht : user_pref("CT2613550.RadioStationName", "Radio%208"); Gelöscht : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u"); Gelöscht : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true); Gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...] Gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true); Gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440); Gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Sun Jun 30 2013 21:09:09 GMT+0200"); Gelöscht : user_pref("CT2613550.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Tue Dec 21 2010 00:54:14 GMT+0100"); Gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1291812328"); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Dec 21 2010 00:54:14 GMT+0100"); Gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257"); Gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false); Gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550"); Gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Gelöscht : user_pref("CT2613550.UserID", "UN26862688284037837"); Gelöscht : user_pref("CT2613550.ValidationData_Search", 0); Gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 2); Gelöscht : user_pref("CT2613550.WeatherNetwork", ""); Gelöscht : user_pref("CT2613550.WeatherPollDate", "Sun Jun 30 2013 21:09:22 GMT+0200"); Gelöscht : user_pref("CT2613550.WeatherUnit", "C"); Gelöscht : user_pref("CT2613550.alertChannelId", "1006347"); Gelöscht : user_pref("CT2613550.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E2025203[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e.:2z527", "2423"); Gelöscht : user_pref("CT2613550.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e06cg5el8:", "6E6D6A706D736C736F76"); Gelöscht : user_pref("CT2613550.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473707673797279757C242F4B4947[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Gelöscht : user_pref("CT2613550.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...] Gelöscht : user_pref("CT2613550.backendstorage./9b-0?3g>d", "3A6D3D696F6F6C737A7570447A2079757E4E254E204E222A7E[...] Gelöscht : user_pref("CT2613550.backendstorage./9b-0?3g@6:5;", ""); Gelöscht : user_pref("CT2613550.backendstorage./9b-0?3gfa7ef", "2B2E2C3D"); Gelöscht : user_pref("CT2613550.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...] Gelöscht : user_pref("CT2613550.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Gelöscht : user_pref("CT2613550.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...] Gelöscht : user_pref("CT2613550.backendstorage./9b5ba==9cjag", "3D6A40716E6F41727A4477457246477E767E4B7921"); Gelöscht : user_pref("CT2613550.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A706D736C736F76757578"); Gelöscht : user_pref("CT2613550.backendstorage./9b9643g3/9e", "6A"); Gelöscht : user_pref("CT2613550.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D"); Gelöscht : user_pref("CT2613550.backendstorage./9b<:222h64<", "393F352F3E"); Gelöscht : user_pref("CT2613550.backendstorage./9b<:222h64<l8daj", "6D70706F76746F7974782A7972727D75757C20"); Gelöscht : user_pref("CT2613550.backendstorage./9b=+03eh8h8j?:", "4443"); Gelöscht : user_pref("CT2613550.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Gelöscht : user_pref("CT2613550.backendstorage./9b?b0d:8aj62<h", "6D"); Gelöscht : user_pref("CT2613550.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...] Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appsdefaultenabled", "66616C7365"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_couponbuddy", "6F6666"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_easytobook", "6F6666"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6666"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_pricegong", "6F6666"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstate_windowshopper", "6F6666"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_appstatereporttime", "31333732363139333732353334"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...] Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_currentversion", "312E382E302E34"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_eventscache", "7B2265343239346364612D656361372D346435622D[...] Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_first_time", "31"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_gadgetopen", "30"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_lastlogintime", "31333732363139333638373938"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...] Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A227375636365656465[...] Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_showclosebutton", "74727565"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_showwelcomegadget", "74727565"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_user_approval_interacted", "31"); Gelöscht : user_pref("CT2613550.backendstorage.mam_gk_userid", "38376266653564352D323736342D343533312D393633652[...] Gelöscht : user_pref("CT2613550.backendstorage.pg_enable", "74727565"); Gelöscht : user_pref("CT2613550.backendstorage.searchappstate", "31"); Gelöscht : user_pref("CT2613550.backendstorage.searchapptracking", "73656E74"); Gelöscht : user_pref("CT2613550.backendstorage.sf_just_installed", "46414C5345"); Gelöscht : user_pref("CT2613550.backendstorage.sf_status", "454E41424C4544"); Gelöscht : user_pref("CT2613550.clientLogIsEnabled", true); Gelöscht : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Gelöscht : user_pref("CT2613550.components.1000082", true); Gelöscht : user_pref("CT2613550.components.1000234", true); Gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR"); Gelöscht : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 832); Gelöscht : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true); Gelöscht : user_pref("CT2613550.ct2613550.InvalidateCache", false); Gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de"); Gelöscht : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Sun Jun 30 2013 21:09:11 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3"); Gelöscht : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0"); Gelöscht : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Jun 30 2013 21:09:24 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120); Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Sun Jun 30 2013 21:09:10 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1372576959"); Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sun Jun 30 2013 21:09:10 GMT+0200"); Gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1331806000"); Gelöscht : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sun Jun 30 2013 21:09:24 GMT+0200[...] Gelöscht : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200"[...] Gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Sun Jun 30 2013 21:09:22 GMT+0200"[...] Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true); Gelöscht : user_pref("CT2613550.initDone", true); Gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", false); Gelöscht : user_pref("CT2613550.isFirstRadioInstallation", false); Gelöscht : user_pref("CT2613550.myStuffEnabled", true); Gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400); Gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440); Gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129[...] Gelöscht : user_pref("CT2613550.revertSettingsEnabled", true); Gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10); Gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true); Gelöscht : user_pref("CT2613550.testingCtid", ""); Gelöscht : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Gelöscht : user_pref("CT2613550.usagesFlag", 2); Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Gast\\AppData\\Roaming\\Mozilla\\Fi[...] Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3"); Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 06 2012 21:37:43 GMT+0200"); Gelöscht : user_pref("CommunityToolbar.globalUserId", "67480c02-f04b-4ca3-b5e3-3c8e8a75bfba"); Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550"); Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Dec 30 2012 00:56:2[...] Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en"); Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Dec 30 2012 00:56:19 GMT+0100"); Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Gelöscht : user_pref("CommunityToolbar.notifications.userId", "ca9b4ef9-585f-42d3-80ba-f31f907dc2f7"); Gelöscht : user_pref("browser.search.defaultenginename", "Facemoods Search"); Gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...] Gelöscht : user_pref("browser.search.selectedEngine", "Facemoods Search"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://start.facemoods.com/?a=ddrnw"); Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@Facemoods.com:1.2.1,{b9db16a4-6edc-47ec-a1f4-b86292ed[...] Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw"); Gelöscht : user_pref("extensions.facemoods.firstRun", false); Gelöscht : user_pref("extensions.facemoods.lastActv", "30"); Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="); -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.49] : icon_url = "hxxp://facemoods.com/favicon.ico", Gelöscht [l.52] : keyword = "facemoods.com", Gelöscht [l.56] : search_url = "hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4", Gelöscht [l.2312] : homepage = "hxxp://start.facemoods.com/?a=ddrnw", Gelöscht [l.2916] : urls_to_restore_on_startup = [ "hxxp://start.facemoods.com/?a=ddrnw" ] ************************* AdwCleaner[S1].txt - [35707 octets] - [01/07/2013 17:08:02] ########## EOF - C:\AdwCleaner[S1].txt - [35768 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows (TM) Vista Home Premium x64 Ran by Gast on 01.07.2013 at 17:28:25,43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C5BF184-BEAC-415C-8A6F-69F27A468C07} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8C5BF184-BEAC-415C-8A6F-69F27A468C07} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar" Successfully deleted: [Folder] "C:\Program Files (x86)\facemoods.com" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.07.2013 at 17:32:49,87 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03 Ran by Gast (administrator) on 01-07-2013 17:36:21 Running from C:\Users\Gast\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\vc9play.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (KSE - Korndörfer Software Engineering) E:\Program Files\nHancer\nHancerService.exe (Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkcmsvc.exe (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe (INCA Internet Co.,Ltd.) C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9Tray.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe () C:\Windows\SysWOW64\WinMsgBalloonServer.exe () C:\Windows\SysWOW64\WinMsgBalloonClient.exe () C:\Windows\SysWOW64\BeepApp.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard) HKCU\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [EADM] "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart [x] HKCU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {139f4f8e-2e9f-11e0-b50d-002421172082} - L:\OblivionLauncher.exe MountPoints2: {139f4f9c-2e9f-11e0-b50d-002421172082} - M:\setup.exe MountPoints2: {164bed90-1e7b-11e0-aa79-002421172082} - L:\OblivionLauncher.exe MountPoints2: {3f05954f-e5bd-11dd-9d91-806e6f6e6963} - F:\autorun.exe MountPoints2: {e273aac0-cbc4-11de-ade2-002421172082} - K:\Autorun.exe HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro) HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.) HKLM-x32\...\Run: [VC9Player] "E:\Program Files (x86)\Virtual CD v9\System\VC9Play.exe" [x] HKLM-x32\...\Run: [nProtect GameGuard Personal 3.0] "E:\Program Files (x86)\INCAInternet\nProtect GameGuard Personal 3.0\nProtect GameGuard Personal 3.0\nspmain.exe" -tray [x] HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-03-28] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com SearchScopes: HKLM - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKLM - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de SearchScopes: HKLM-x32 - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 HKCU SearchScopes: DefaultScope {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [51656 2009-05-22] (EasyBits Software Corp.) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: DownloadHelper - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (facemoods) - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 CHR DefaultSuggestURL: (facemoods) - "suggest_url": "" CHR Extension: (Skype Click to Call) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 ==================== Services (Whitelisted) ================= S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software) S4 DAUpdaterSvc; E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare) R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) R2 nHancer; E:\Program Files\nHancer\nHancerService.exe [39424 2010-05-02] (KSE - Korndörfer Software Engineering) R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [817152 2010-03-25] (Locktime Software) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3813096 2010-06-20] (INCA Internet Co., Ltd.) R2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [191008 2010-08-22] (INCA Internet Co., Ltd.) R2 NSPService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe [581248 2011-09-16] (INCA Internet Co., Ltd.) R2 NSPUpdateService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [1252840 2012-10-25] (INCA Internet Co.,Ltd.) R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] () S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies) R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA) R2 VC9SecS; E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe [132424 2009-04-21] (H+H Software GmbH) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-12] () S3 CEDRIVER60; E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] () S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH) S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-12] () R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software) R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software) S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.) S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.) S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.) S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce)) R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce)) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-12] () S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] () R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.) R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.) R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.) R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.) R3 TkFsFtM; C:\Windows\System32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.) R3 TkFsFtM; C:\Windows\SysWow64\TKFsFt64.sys [22848 2011-03-28] (INCA Internet Co., Ltd.) R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-28] (INCA Internet Co., Ltd.) S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.) S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.) R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.) R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.) R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.) R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.) R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH) R1 vmm; C:\Windows\system32\Treiber\vmm.sys [297496 2008-02-12] (Microsoft Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) S3 dump_wmimmc; \??\E:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x] S2 tandpl; System32\drivers\tandpl.sys [x] S3 X6va005; \??\C:\Users\Gast\AppData\Local\Temp\00539A5.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-01 17:32 - 2013-07-01 17:32 - 00001788 ____A C:\Users\Gast\Desktop\JRT.txt 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT 2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt 2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat 2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe 2013-07-01 14:46 - 2013-07-01 14:49 - 00030456 ____A C:\Users\Gast\Desktop\Addition.txt 2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST 2013-07-01 13:17 - 2013-07-01 14:11 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe 2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe 2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-01 10:02 - 2013-07-01 17:10 - 00000808 ____A C:\Windows\System32\spsys.log 2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-07-01 00:42 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-07-01 00:41 - 2013-07-01 00:42 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-07-01 00:41 - 2013-07-01 00:42 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-07-01 00:41 - 2013-05-09 10:59 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00059144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys 2013-07-01 00:41 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt 2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt 2013-07-01 00:40 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-07-01 00:40 - 2013-03-13 19:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache 2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache 2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-30 20:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2013-06-29 23:28 - 2013-06-30 09:54 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar 2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent 2013-06-26 12:30 - 2013-06-26 12:31 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk 2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime 2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar 2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar 2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar 2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip 2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar 2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor 2013-06-25 17:31 - 2013-06-25 17:32 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe 2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor V4.2.rar 2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam] 2013-06-23 11:26 - 2013-06-23 11:29 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z 2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine ) C:\Users\Gast\Downloads\CheatEngine63.exe 2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar 2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z 2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z 2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z 2013-06-16 14:16 - 2013-06-16 14:17 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z 2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip 2013-06-16 13:16 - 2013-06-16 13:18 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip 2013-06-16 13:15 - 2013-06-16 13:16 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip 2013-06-14 16:17 - 2013-06-16 19:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium 2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt 2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt 2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url 2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z 2013-06-09 00:02 - 2013-06-09 00:05 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip 2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality 2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url 2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip 2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip 2013-06-08 12:05 - 2013-06-08 12:06 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip 2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z 2013-06-01 15:26 - 2013-06-01 15:28 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z 2013-06-01 15:20 - 2013-06-01 15:22 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z 2013-06-01 15:20 - 2013-06-01 15:21 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z 2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z 2013-06-01 15:19 - 2013-06-01 15:20 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z 2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z 2013-06-01 15:16 - 2013-06-01 15:17 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z 2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar ==================== One Month Modified Files and Folders ======= 2013-07-01 17:32 - 2013-07-01 17:32 - 00001788 ____A C:\Users\Gast\Desktop\JRT.txt 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT 2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-07-01 17:23 - 2012-09-03 23:49 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-07-01 17:23 - 2010-04-29 17:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-07-01 17:23 - 2009-01-07 19:49 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-01 17:21 - 2012-08-22 17:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-01 17:18 - 2009-01-08 03:28 - 16574524 ____A C:\Windows\System32\perfh007.dat 2013-07-01 17:18 - 2009-01-08 03:28 - 05420980 ____A C:\Windows\System32\perfc007.dat 2013-07-01 17:18 - 2006-11-02 14:46 - 00006722 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-01 17:16 - 2010-11-12 20:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Deployment 2013-07-01 17:13 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt 2013-07-01 17:11 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-01 17:11 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-01 17:10 - 2013-07-01 10:02 - 00000808 ____A C:\Windows\System32\spsys.log 2013-07-01 17:10 - 2010-07-10 20:06 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-01 17:10 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 17:09 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt 2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat 2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe 2013-07-01 16:44 - 2010-07-10 20:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-01 14:49 - 2013-07-01 14:46 - 00030456 ____A C:\Users\Gast\Desktop\Addition.txt 2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST 2013-07-01 14:13 - 2010-12-17 20:20 - 00056114 ____A C:\Windows\PFRO.log 2013-07-01 14:11 - 2013-07-01 13:17 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe 2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe 2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-01 11:25 - 2009-12-12 15:40 - 00000000 ____D C:\ProgramData\Adobe 2013-07-01 11:24 - 2010-04-08 10:31 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe 2013-07-01 10:59 - 2010-12-22 15:04 - 00000000 ____D C:\Users\Gast\Desktop\Trainer 2013-07-01 10:58 - 2011-08-13 15:12 - 00000368 ____H C:\Windows\SysWOW64\nspgpinf.nsx 2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-07-01 00:42 - 2013-07-01 00:41 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-07-01 00:42 - 2013-07-01 00:41 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-07-01 00:41 - 2009-04-23 15:22 - 00000000 ____D C:\users\Gast 2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt 2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache 2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache 2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-30 20:40 - 2011-05-20 23:52 - 00001987 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-30 14:31 - 2009-08-14 19:34 - 00044032 ____A C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-30 14:29 - 2010-03-20 09:42 - 00000000 ____D C:\Users\Gast\AppData\Roaming\vlc 2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2013-06-30 09:57 - 2009-09-26 23:38 - 00000000 ____D C:\Users\Gast\AppData\Roaming\BitTorrent 2013-06-30 09:54 - 2013-06-29 23:28 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar 2013-06-30 02:05 - 2009-01-19 02:16 - 01694584 ____A C:\Windows\WindowsUpdate.log 2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent 2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\Users\Gast\AppData\Local\PMB Files 2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-27 09:22 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Skyrim 2013-06-26 12:31 - 2013-06-26 12:30 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk 2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime 2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar 2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar 2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar 2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip 2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar 2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor 2013-06-25 17:32 - 2013-06-25 17:31 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe 2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor V4.2.rar 2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2013-06-25 11:34 - 2012-02-02 19:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\.minecraft 2013-06-24 10:01 - 2009-04-24 10:08 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam] 2013-06-23 11:29 - 2013-06-23 11:26 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z 2013-06-23 11:26 - 2010-12-22 15:03 - 00000000 ____D C:\Users\Gast\Desktop\Spiele 2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine ) C:\Users\Gast\Downloads\CheatEngine63.exe 2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar 2013-06-21 08:48 - 2012-05-19 08:10 - 00007916 ____A C:\Users\Gast\AppData\Local\d3d9caps.dat 2013-06-20 11:10 - 2009-04-30 12:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-06-18 11:40 - 2010-12-10 13:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2013-06-16 19:10 - 2013-06-14 16:17 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium 2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z 2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z 2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z 2013-06-16 14:17 - 2013-06-16 14:16 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z 2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip 2013-06-16 13:18 - 2013-06-16 13:16 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip 2013-06-16 13:16 - 2013-06-16 13:15 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip 2013-06-14 16:29 - 2011-01-12 20:45 - 00566636 ____A C:\Windows\DirectX.log 2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt 2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt 2013-06-14 16:17 - 2009-10-25 08:56 - 00000000 ____D C:\Users\Gast\Documents\My Games 2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url 2013-06-12 17:21 - 2012-04-09 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 17:21 - 2011-06-01 07:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 00:05 - 2013-06-09 00:02 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip 2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z 2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality 2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url 2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip 2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip 2013-06-08 12:06 - 2013-06-08 12:05 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip 2013-06-05 19:24 - 2012-07-06 22:17 - 00000000 ____D C:\Users\Gast\AppData\Local\Origin 2013-06-01 16:25 - 2013-06-01 16:25 - 00064533 ____A C:\Users\Gast\Downloads\LoversRaperS_Wappy_1.70.7z 2013-06-01 15:28 - 2013-06-01 15:26 - 00577738 ____A C:\Users\Gast\Downloads\LoversWithPK_Rev91.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00021719 ____A C:\Users\Gast\Downloads\LoversStalkerM_v1p4.7z 2013-06-01 15:24 - 2013-06-01 15:24 - 00018915 ____A C:\Users\Gast\Downloads\LSMpackage.7z 2013-06-01 15:22 - 2013-06-01 15:20 - 00415874 ____A C:\Users\Gast\Downloads\Dog Texture Patch.7z 2013-06-01 15:21 - 2013-06-01 15:20 - 00088050 ____A C:\Users\Gast\Downloads\Tentacle Monster Patch.7z 2013-06-01 15:20 - 2013-06-01 15:20 - 26338135 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part2.7z 2013-06-01 15:20 - 2013-06-01 15:19 - 13717602 ____A C:\Users\Gast\Downloads\Lovers Creatures Beta1 - Part1.7z 2013-06-01 15:18 - 2013-06-01 15:18 - 00099251 ____A C:\Users\Gast\Downloads\LPK base rev96v2.7z 2013-06-01 15:17 - 2013-06-01 15:16 - 37235685 ____A C:\Users\Gast\Downloads\Lovers Resources v3 - for use with LPK base rev96.7z 2013-06-01 10:34 - 2013-05-31 21:13 - 00000000 ____D C:\Users\Gast\Desktop\Dont Starve 2013-06-01 09:54 - 2013-06-01 09:54 - 03768483 ____A C:\Users\Gast\Downloads\Dont Starve Steam Trainer.rar ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-01 17:21 ==================== End Of Log ============================ --- --- --- --- --- --- Edit: Was für einen übellaunigen Bastard hab ich mir da eingefangen gehabt? Ist mir vorher garnicht aufgefallen, das Sicherheitscenter startet nicht. Manueller versuch über die Systemsteuerung bringt keinen Erfolg und unter Verwaltung/Dienste ist das Sicherheitscenter verschwunden. Verdammte Axt, ich könnte in meine Tastatur beissen... werde mich aber mit ner Tasse Kaffee und einer Zigarette begnügen, die schmecken besser :P Geändert von JuppSchlupp (01.07.2013 um 16:52 Uhr) |
01.07.2013, 18:32 | #13 |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Schauen wir mal Windows-taste+R, schreibe netsh winsock reset und drücke Enter. Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und en frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.07.2013, 08:55 | #14 |
| Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Soo, auf gehts! Einmal wie FSS (also das ganze "not exist." gefällt mir ja garnicht :P Code:
ATTFilter Farbar Service Scanner Version: 27-06-2013 Ran by Gast (administrator) on 01-07-2013 at 19:37:01 Running from "C:\Users\Gast\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Other Services: ============== Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist. Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2009-09-24 16:31] - [2009-04-11 09:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\drivers\afd.sys [2009-09-24 16:32] - [2009-04-11 07:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2010-08-11 18:14] - [2010-06-16 19:14] - 1424264 ____A (Microsoft Corporation) 0011810B5211FDACD784DE585262ECFE C:\Windows\System32\dnsrslvr.dll [2009-09-24 16:31] - [2009-04-11 09:11] - 0117760 ____A (Microsoft Corporation) 21D16B37257370975C7457C3A5EFA530 C:\Windows\System32\mpssvc.dll [2009-09-24 16:32] - [2009-04-11 09:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\bfe.dll [2009-09-24 16:31] - [2009-04-11 09:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2009-09-24 16:32] - [2009-04-11 09:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2009-09-24 16:31] - [2009-04-11 09:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2009-09-24 16:31] - [2009-04-11 09:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\wuaueng.dll [2009-10-30 16:38] - [2009-08-07 04:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D C:\Windows\System32\qmgr.dll [2009-09-24 16:32] - [2009-04-11 09:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\es.dll [2009-09-24 16:32] - [2009-04-11 09:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\cryptsvc.dll [2009-09-24 16:32] - [2009-04-11 09:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-09-24 16:32] - [2009-04-11 09:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log **** Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=54803ebe5485884a8d2f79351478932b # engine=14224 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-02 12:58:40 # local_time=2013-07-02 02:58:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=772 16777213 83 94 94569 149436592 0 0 # compatibility_mode=5892 16776574 66 100 57605237 210250626 0 0 # scanned=554067 # found=12 # cleaned=0 # scan_time=25065 sh=5302175DAB7DD0F6A7877FA1843B7B7FD09A1900 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\Local\Temp\jar_cache5804977266532286298.tmp" sh=FD79DA86C421BBDFBF4A38EE23DD12D56D04901A ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NBE trojan" ac=I fn="C:\Users\Gast\AppData\Local\Temp\jar_cache5847185873335909308.tmp" sh=7447217F413848A83262D11521054E83451C8C52 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6f8474a-1f46d254" sh=9981D6D246646E7C7701602E0DBB62B3DFCB9EA2 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2010-4452.A trojan" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-4b8e7b48" sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2b97c68d-57bf79d2" sh=5CBB72947E281875E213064668AA4CD36951CD13 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\595f3626-3e68d8a6" sh=7646BA2EA55D71B32D39D9FF996DB18244557228 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7c13d2e9-5c57ee03" sh=7646BA2EA55D71B32D39D9FF996DB18244557228 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\77d76daf-2ceb58e2" sh=D3B9A35B817A2D7779B7A59A9B15B323BB9ABE78 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEO trojan" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5fef98f5-3b87e464" sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\2f5b6b7-598a4687" sh=18F8AE4E2B3ABC0C151E08E731AA9157C1DD08CA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Gast\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\247a5648-72ccf4ed" sh=64C3D25CA783CB73BD75D9B2C29968D46F7EC72A ft=1 fh=877375bc35405650 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\Gast\Downloads\hdplugin_chrome.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x64 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! nProtect GameGuard Personal 3.0 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 Java(TM) 6 Update 22 Java(TM) 6 Update 31 Java 7 Update 25 Java(TM) 6 Update 7 Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (7.0.1) Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03 Ran by Gast (administrator) on 02-07-2013 09:54:28 Running from C:\Users\Gast\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\vc9play.exe (Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9Tray.exe (Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (H+H Software GmbH) E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe () C:\Windows\SysWOW64\WinMsgBalloonServer.exe () C:\Windows\SysWOW64\WinMsgBalloonClient.exe () C:\Windows\SysWOW64\BeepApp.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard) HKCU\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {139f4f8e-2e9f-11e0-b50d-002421172082} - L:\OblivionLauncher.exe MountPoints2: {139f4f9c-2e9f-11e0-b50d-002421172082} - M:\setup.exe MountPoints2: {164bed90-1e7b-11e0-aa79-002421172082} - L:\OblivionLauncher.exe MountPoints2: {3f05954f-e5bd-11dd-9d91-806e6f6e6963} - F:\autorun.exe MountPoints2: {e273aac0-cbc4-11de-ade2-002421172082} - K:\Autorun.exe HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [119296 2007-02-15] (OsdMaestro) HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-09-26] (CyberLink Corp.) HKLM-x32\...\Run: [VC9Player] "E:\Program Files (x86)\Virtual CD v9\System\VC9Play.exe" [x] HKLM-x32\...\Run: [nProtect GameGuard Personal 3.0] "E:\Program Files (x86)\INCAInternet\nProtect GameGuard Personal 3.0\nProtect GameGuard Personal 3.0\nspmain.exe" -tray [x] HKLM-x32\...\Run: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [450560 2013-03-28] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] () HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-10-17] (Hewlett-Packard) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com SearchScopes: HKLM - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKLM - {8C5BF184-BEAC-415C-8A6F-69F27A468C07} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 SearchScopes: HKLM - {F62C4EF5-02A5-4118-BD59-A1C8D69F7CFD} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de SearchScopes: HKLM-x32 - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 HKCU SearchScopes: DefaultScope {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {2592934B-F16C-4C06-B794-A59D7A79FDFF} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {79C90567-5C09-4507-9307-1B81999F79F7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: HKLM-x32 {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [51656 2009-05-22] (EasyBits Software Corp.) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Gast\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Microsoft .NET Framework Assistant - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: DownloadHelper - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hsomrsr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (facemoods) - hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 CHR DefaultSuggestURL: (facemoods) - "suggest_url": "" CHR Extension: (Skype Click to Call) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 ==================== Services (Whitelisted) ================= S4 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software) S4 DAUpdaterSvc; E:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare) R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.) S2 nHancer; E:\Program Files\nHancer\nHancerService.exe [39424 2010-05-02] (KSE - Korndörfer Software Engineering) R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [817152 2010-03-25] (Locktime Software) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3813096 2010-06-20] (INCA Internet Co., Ltd.) S2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [191008 2010-08-22] (INCA Internet Co., Ltd.) S2 NSPService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspsvc.exe [581248 2011-09-16] (INCA Internet Co., Ltd.) S2 NSPUpdateService; C:\Windows\SysWOW64\INCAinternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [1252840 2012-10-25] (INCA Internet Co.,Ltd.) R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA) S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-30] () S2 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [160944 2012-07-03] (Skype Technologies) R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA) R2 VC9SecS; E:\Program Files (x86)\Virtual CD v9\System\VC9SecS.exe [132424 2009-04-21] (H+H Software GmbH) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-12] () S3 CEDRIVER60; E:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] () S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH) S3 HH9Help.sys; C:\Windows\system32\drivers\HH9Help.sys [24344 2007-01-23] (H+H Software GmbH) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-12] () R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software) R1 nltdi; C:\Windows\system32\drivers\nltdi.sys [89224 2010-03-25] (Locktime Software) S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.) S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [45600 2010-08-22] (INCA Internet Co., Ltd.) S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.) S3 npkuft64; C:\Windows\SysWOW64\npkuft64.sys [40992 2010-08-22] (INCA Internet Co., Ltd.) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.) S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce)) R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce)) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-12] () S2 tandpl; C:\Windows\SysWow64\drivers\tandpl.sys [4736 2003-04-19] () S3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.) S3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.) S3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.) S3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.) R3 TkFsFtM; C:\Windows\System32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.) R3 TkFsFtM; C:\Windows\SysWow64\TKFsFt64.sys [22848 2011-03-28] (INCA Internet Co., Ltd.) R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-28] (INCA Internet Co., Ltd.) S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.) S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.) R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.) R3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.) R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.) R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.) R3 vcd9bus; C:\Windows\System32\DRIVERS\vcd9bus.sys [40216 2007-01-23] (H+H Software GmbH) R1 vmm; C:\Windows\system32\Treiber\vmm.sys [297496 2008-02-12] (Microsoft Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.) S3 dump_wmimmc; \??\E:\Program Files (x86)\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [x] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x] S2 tandpl; System32\drivers\tandpl.sys [x] S3 X6va005; \??\C:\Users\Gast\AppData\Local\Temp\00539A5.tmp [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-01 19:42 - 2013-07-01 19:42 - 00890988 ____A C:\Users\Gast\Desktop\SecurityCheck.exe 2013-07-01 19:38 - 2013-07-01 19:38 - 02347384 ____A (ESET) C:\Users\Gast\Desktop\esetsmartinstaller_enu.exe 2013-07-01 19:37 - 2013-07-01 19:37 - 00007298 ____A C:\Users\Gast\Desktop\FSS.txt 2013-07-01 19:35 - 2013-07-01 19:35 - 00356397 ____A (Farbar) C:\Users\Gast\Desktop\FSS.exe 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT 2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt 2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat 2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST 2013-07-01 13:17 - 2013-07-01 14:11 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe 2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe 2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-01 10:02 - 2013-07-01 17:10 - 00000808 ____A C:\Windows\System32\spsys.log 2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-07-01 00:42 - 2013-05-09 10:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2013-07-01 00:41 - 2013-07-01 00:42 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-07-01 00:41 - 2013-07-01 00:42 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-07-01 00:41 - 2013-05-09 10:59 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00059144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys 2013-07-01 00:41 - 2013-05-09 10:59 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys 2013-07-01 00:41 - 2013-05-09 10:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt 2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt 2013-07-01 00:40 - 2013-05-09 10:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr 2013-07-01 00:40 - 2013-03-13 19:01 - 00012368 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswNdis.sys 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache 2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache 2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-30 20:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2013-06-29 23:28 - 2013-06-30 09:54 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar 2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent 2013-06-26 12:30 - 2013-06-26 12:31 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk 2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime 2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar 2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar 2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar 2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip 2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar 2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor 2013-06-25 17:31 - 2013-06-25 17:32 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe 2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor V4.2.rar 2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam] 2013-06-23 11:26 - 2013-06-23 11:29 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z 2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine ) C:\Users\Gast\Downloads\CheatEngine63.exe 2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar 2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z 2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z 2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z 2013-06-16 14:16 - 2013-06-16 14:17 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z 2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip 2013-06-16 13:16 - 2013-06-16 13:18 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip 2013-06-16 13:15 - 2013-06-16 13:16 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip 2013-06-14 16:17 - 2013-06-16 19:10 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium 2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt 2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt 2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url 2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z 2013-06-09 00:02 - 2013-06-09 00:05 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip 2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality 2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url 2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip 2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip 2013-06-08 12:05 - 2013-06-08 12:06 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip ==================== One Month Modified Files and Folders ======= 2013-07-02 09:44 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 09:44 - 2006-11-02 17:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 09:43 - 2010-07-10 20:06 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-02 09:20 - 2012-08-22 17:22 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-02 02:13 - 2009-01-19 02:16 - 01695871 ____A C:\Windows\WindowsUpdate.log 2013-07-01 19:46 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt 2013-07-01 19:44 - 2010-07-10 20:06 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-01 19:44 - 2006-11-02 17:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 19:42 - 2013-07-01 19:42 - 00890988 ____A C:\Users\Gast\Desktop\SecurityCheck.exe 2013-07-01 19:42 - 2006-11-02 17:42 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-01 19:38 - 2013-07-01 19:38 - 02347384 ____A (ESET) C:\Users\Gast\Desktop\esetsmartinstaller_enu.exe 2013-07-01 19:37 - 2013-07-01 19:37 - 00007298 ____A C:\Users\Gast\Desktop\FSS.txt 2013-07-01 19:35 - 2013-07-01 19:35 - 00356397 ____A (Farbar) C:\Users\Gast\Desktop\FSS.exe 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\Windows\ERUNT 2013-07-01 17:28 - 2013-07-01 17:28 - 00000000 ____D C:\JRT 2013-07-01 17:27 - 2013-07-01 17:27 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Gast\Desktop\JRT.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-07-01 17:23 - 2013-07-01 17:23 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-07-01 17:23 - 2013-05-02 19:41 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-07-01 17:23 - 2012-09-03 23:49 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-07-01 17:23 - 2010-04-29 17:17 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-07-01 17:23 - 2009-01-07 19:49 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-01 17:18 - 2009-01-08 03:28 - 16574524 ____A C:\Windows\System32\perfh007.dat 2013-07-01 17:18 - 2009-01-08 03:28 - 05420980 ____A C:\Windows\System32\perfc007.dat 2013-07-01 17:18 - 2006-11-02 14:46 - 00006722 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-01 17:16 - 2010-11-12 20:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Deployment 2013-07-01 17:10 - 2013-07-01 10:02 - 00000808 ____A C:\Windows\System32\spsys.log 2013-07-01 17:08 - 2013-07-01 17:08 - 00035782 ____A C:\AdwCleaner[S1].txt 2013-07-01 17:08 - 2013-07-01 17:08 - 00001656 ____A C:\Windows\DeleteOnReboot.bat 2013-07-01 17:07 - 2013-07-01 17:07 - 00648201 ____A C:\Users\Gast\Desktop\adwcleaner.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 01933758 ____A (Farbar) C:\Users\Gast\Desktop\FRST64.exe 2013-07-01 14:45 - 2013-07-01 14:45 - 00000000 ____D C:\FRST 2013-07-01 14:13 - 2010-12-17 20:20 - 00056114 ____A C:\Windows\PFRO.log 2013-07-01 14:11 - 2013-07-01 13:17 - 00000000 ____D C:\TDSSKiller_Quarantine 2013-07-01 13:14 - 2013-07-01 13:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Gast\Desktop\tdsskiller.exe 2013-07-01 11:28 - 2013-07-01 11:28 - 00602112 ____A (OldTimer Tools) C:\Users\Gast\Desktop\OTL.exe 2013-07-01 11:25 - 2013-07-01 11:25 - 00001704 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2013-07-01 11:25 - 2009-12-12 15:40 - 00000000 ____D C:\ProgramData\Adobe 2013-07-01 11:24 - 2010-04-08 10:31 - 00000000 ____D C:\Users\Gast\AppData\Local\Adobe 2013-07-01 10:59 - 2010-12-22 15:04 - 00000000 ____D C:\Users\Gast\Desktop\Trainer 2013-07-01 10:58 - 2011-08-13 15:12 - 00000368 ____H C:\Windows\SysWOW64\nspgpinf.nsx 2013-07-01 00:42 - 2013-07-01 00:42 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2013-07-01 00:42 - 2013-07-01 00:42 - 00001787 ____A C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum 2013-07-01 00:42 - 2013-07-01 00:42 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum 2013-07-01 00:42 - 2013-07-01 00:41 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2013-07-01 00:42 - 2013-07-01 00:41 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-07-01 00:41 - 2013-07-01 00:41 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2013-07-01 00:41 - 2009-04-23 15:22 - 00000000 ____D C:\users\Gast 2013-07-01 00:40 - 2013-07-01 00:40 - 00383868 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI165D.txt 2013-07-01 00:40 - 2013-07-01 00:40 - 00012410 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI165D.txt 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-01 00:39 - 2013-07-01 00:39 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-01 00:24 - 2013-07-01 00:24 - 00792160 ____A C:\Users\Gast\AppData\Local\census.cache 2013-07-01 00:24 - 2013-07-01 00:24 - 00205389 ____A C:\Users\Gast\AppData\Local\ars.cache 2013-07-01 00:10 - 2013-07-01 00:10 - 00000036 ____A C:\Users\Gast\AppData\Local\housecall.guid.cache 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-30 20:54 - 2013-06-30 20:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-30 20:40 - 2011-05-20 23:52 - 00001987 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-30 14:31 - 2009-08-14 19:34 - 00044032 ____A C:\Users\Gast\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-30 14:29 - 2010-03-20 09:42 - 00000000 ____D C:\Users\Gast\AppData\Roaming\vlc 2013-06-30 10:10 - 2013-06-30 10:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2013-06-30 09:57 - 2009-09-26 23:38 - 00000000 ____D C:\Users\Gast\AppData\Roaming\BitTorrent 2013-06-30 09:54 - 2013-06-29 23:28 - 988293471 ____A C:\Users\Gast\Downloads\Zone Archive Pack.rar 2013-06-29 22:41 - 2013-06-29 22:41 - 00019442 ____A C:\Users\Gast\Downloads\(SUMOTorrent.com)_ZONE_ARCHIVE_Hentai-Key _SP5686432.torrent 2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\Users\Gast\AppData\Local\PMB Files 2013-06-28 23:23 - 2012-04-28 22:06 - 00000000 ____D C:\ProgramData\PMB Files 2013-06-27 09:22 - 2011-12-07 22:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Skyrim 2013-06-26 12:31 - 2013-06-26 12:30 - 00000759 ____A C:\Users\Gast\Desktop\daoloader - Verknüpfung.lnk 2013-06-26 09:24 - 2013-06-26 09:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Locktime 2013-06-25 21:08 - 2013-06-25 21:08 - 00093367 ____A C:\Users\Gast\Downloads\bws-0598 (1).rar 2013-06-25 21:05 - 2013-06-25 21:05 - 00446584 ____A C:\Users\Gast\Downloads\l4r-da104.rar 2013-06-25 21:01 - 2013-06-25 21:01 - 00084308 ____A C:\Users\Gast\Downloads\bws-0598.rar 2013-06-25 19:42 - 2013-06-25 19:42 - 00071687 ____A C:\Users\Gast\Downloads\dragon_age_origins_plus_8_trainer.zip 2013-06-25 19:19 - 2013-06-25 19:19 - 00033117 ____A C:\Users\Gast\Downloads\daoloader.r4-TiLL.rar 2013-06-25 17:32 - 2013-06-25 17:32 - 00001736 ____A C:\Users\Public\Desktop\NetLimiter 2 Monitor.lnk 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\ProgramData\Locktime 2013-06-25 17:32 - 2013-06-25 17:32 - 00000000 ____D C:\Program Files\NetLimiter 2 Monitor 2013-06-25 17:32 - 2013-06-25 17:31 - 01827848 ____A C:\Users\Gast\Downloads\nl_2011_mon_64.exe 2013-06-25 16:51 - 2013-06-25 16:51 - 04689729 ____A C:\Users\Gast\Downloads\The LAST REMNANT Save Editor V4.2.rar 2013-06-25 13:38 - 2013-06-25 13:38 - 00000466 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2013-06-25 11:34 - 2012-02-02 19:46 - 00000000 ____D C:\Users\Gast\AppData\Roaming\.minecraft 2013-06-24 10:01 - 2009-04-24 10:08 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2013-06-23 11:30 - 2013-06-23 11:30 - 00000000 ____D C:\Users\Gast\Desktop\Unepic 1.43.1[Steam] 2013-06-23 11:29 - 2013-06-23 11:26 - 94994694 ____A C:\Users\Gast\Downloads\Unepic_1.43.1_Steam_.7z 2013-06-23 11:26 - 2010-12-22 15:03 - 00000000 ____D C:\Users\Gast\Desktop\Spiele 2013-06-22 23:23 - 2013-06-22 23:23 - 08071400 ____A (Cheat Engine ) C:\Users\Gast\Downloads\CheatEngine63.exe 2013-06-22 21:50 - 2013-06-22 21:50 - 00153366 ____A C:\Users\Gast\Downloads\Unepic v1.0.30 Trainer +6 ~HoG.rar 2013-06-21 08:48 - 2012-05-19 08:10 - 00007916 ____A C:\Users\Gast\AppData\Local\d3d9caps.dat 2013-06-20 11:10 - 2009-04-30 12:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-06-18 11:40 - 2010-12-10 13:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2013-06-16 19:10 - 2013-06-14 16:17 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Awesomium 2013-06-16 15:34 - 2013-06-16 15:34 - 00017477 ____A C:\Users\Gast\Downloads\Run For Your Lives-23906-1-2-2.7z 2013-06-16 15:33 - 2013-06-16 15:33 - 00018227 ____A C:\Users\Gast\Downloads\When Vampires Attack-28235-1-0-2.7z 2013-06-16 14:18 - 2013-06-16 14:18 - 04109361 ____A C:\Users\Gast\Downloads\UNP silverlight armor-37189-1-0.7z 2013-06-16 14:17 - 2013-06-16 14:16 - 17789249 ____A C:\Users\Gast\Downloads\Silverlight Armor 0992 no pauldrons CBBE-10251-0-992.7z 2013-06-16 13:59 - 2013-06-16 13:59 - 00007675 ____A C:\Users\Gast\Downloads\Sexlab_SimpleRape_05252013.zip 2013-06-16 13:18 - 2013-06-16 13:16 - 00457617 ____A C:\Users\Gast\Downloads\SexLab_LoversComfort_v20130604.zip 2013-06-16 13:16 - 2013-06-16 13:15 - 00097394 ____A C:\Users\Gast\Downloads\SexLab_LoversHook_v20130606.zip 2013-06-14 16:29 - 2011-01-12 20:45 - 00566636 ____A C:\Windows\DirectX.log 2013-06-14 16:17 - 2013-06-14 16:17 - 00363746 ____A C:\Users\Gast\AppData\Local\dd_vcredistMSI32F3.txt 2013-06-14 16:17 - 2013-06-14 16:17 - 00011942 ____A C:\Users\Gast\AppData\Local\dd_vcredistUI32F3.txt 2013-06-14 16:17 - 2009-10-25 08:56 - 00000000 ____D C:\Users\Gast\Documents\My Games 2013-06-14 13:18 - 2013-06-14 13:18 - 00000222 ____A C:\Users\Gast\Desktop\Marvel Heroes.url 2013-06-12 17:21 - 2012-04-09 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 17:21 - 2011-06-01 07:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-09 00:05 - 2013-06-09 00:02 - 68829391 ____A C:\Users\Gast\Downloads\SexLabFramework.v101b.zip 2013-06-09 00:04 - 2013-06-09 00:04 - 00038737 ____A C:\Users\Gast\Downloads\SC07SexLabRandomAttack.7z 2013-06-08 19:15 - 2013-06-08 19:15 - 00000000 ____D C:\Users\Gast\AppData\Local\EdgeOfReality 2013-06-08 18:52 - 2013-06-08 18:52 - 00000222 ____A C:\Users\Gast\Desktop\Loadout.url 2013-06-08 13:42 - 2013-06-08 13:42 - 00064388 ____A C:\Users\Gast\Downloads\X-RayMod_v039.zip 2013-06-08 12:07 - 2013-06-08 12:07 - 00003673 ____A C:\Users\Gast\Downloads\Timber! (1.5.2).zip 2013-06-08 12:06 - 2013-06-08 12:05 - 00007834 ____A C:\Users\Gast\Downloads\Recipe Book.zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (2).zip 2013-06-08 12:01 - 2013-06-08 12:01 - 00199825 ____A C:\Users\Gast\Downloads\ModLoader (1).zip 2013-06-05 19:24 - 2012-07-06 22:17 - 00000000 ____D C:\Users\Gast\AppData\Local\Origin ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-02 07:54 ==================== End Of Log ============================ |
02.07.2013, 09:29 | #15 |
/// the machine /// TB-Ausbilder | Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden Da sind wir schon 2 Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Windows Repair (All In One) - Download - Filepony Installieren, laufen lassen, alle Schritte durchführen, beim Letzten Bild alles anhaken und laufen lassen. reboot und neues FSS und FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Win32:ZAccess-PB (Trj) im Prozess Services.exe gefunden |
anti-malware, antivirus, avast, blockiert, downloadgeschwindigkeit, firefox, google, hintergrund, internet, internetverbindung, malwarebytes, maximal, neu, popup, probleme, programm, prozess, services.exe, suche, system, system neu, system32, upload, verbindung, websites, win32, windows, zugriff |