Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

avast mail shield pop-ups about an untrusted site certificate

Started by kironfire , Aug 11 2013 07:51 AM

  • Please log in to reply

#1
kironfire
Posted 11 August 2013 - 07:51 AM

kironfire

    New Member

  • Member
  • Pip
  • 4 posts
I'm having this issue since a couple of weeks and could not find the reason behind it yet.
I have run malwarebyte's anti-malware and avast a couple of times with no success of finding any suspicious file or activity.
I have also uninstalled avast once to install eset's antivirus once to run it's antivirus engine with fruitless results, too.
using google image search and searching for this kind of pop-up did not get me any results either. the pop-up in question is this http://i.imgur.com/wa8H9bW.png the certificate for this pop-up is this http://i.imgur.com/qYTbA36.png
I have noticed that the URL changes every time this pop-up appears but the nature of it consisting of random letters stays the same.

OTL logfile created on: 11.08.2013 15:18:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kirzad\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 73,57% Memory free
16,00 Gb Paging File | 13,40 Gb Available in Paging File | 83,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 329,31 Gb Free Space | 70,70% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 5,14 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 45,95 Gb Free Space | 15,42% Space Free | Partition Type: NTFS

Computer Name: HAI | User Name: kirzad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.08.11 15:18:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kirzad\Downloads\OTL.exe
PRC - [2013.07.25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.07.25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.07.13 01:48:29 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013.06.27 03:56:04 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.05.30 20:10:14 | 002,511,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
PRC - [2013.05.30 20:10:14 | 000,164,888 | ---- | M] (Google Inc) -- C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe


========== Modules (No Company Name) ==========

MOD - [2013.08.08 03:31:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ce342bca5d10e57c6e3d401108ebd484\System.Runtime.Remoting.ni.dll
MOD - [2013.07.25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013.07.25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013.07.25 02:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013.07.25 02:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013.07.25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013.07.11 02:16:30 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\8a419cb1ccbeb80d7985b839e7d56369\System.ServiceProcess.ni.dll
MOD - [2013.07.11 02:15:47 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2338d6dfcf2fee97810bb13b5d8b84c3\System.Xaml.ni.dll
MOD - [2013.07.11 01:49:05 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\85f08103502e5ff944cef0bf10e011a5\PresentationFramework.ni.dll
MOD - [2013.07.11 01:48:57 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\18129e9f3b1b5d82dcd1904ac6c471df\System.Xml.ni.dll
MOD - [2013.07.11 01:48:52 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffd7a625cefa32bcea5a2af8394b5b69\System.Configuration.ni.dll
MOD - [2013.07.11 01:48:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\64fc35391d57638930a0b33cf70ad40a\PresentationCore.ni.dll
MOD - [2013.07.11 01:48:41 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6e682e0f78f6a2c28be080c8940bebb4\System.Core.ni.dll
MOD - [2013.07.11 01:48:34 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5d6d3ee0245de707ceb6a61466130f1b\WindowsBase.ni.dll
MOD - [2013.07.11 01:48:31 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\75d9bc7426ceb0de95259ba4f0b33de5\System.ni.dll
MOD - [2013.07.11 01:40:59 | 014,419,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll
MOD - [2013.06.27 03:56:05 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.06.27 03:56:05 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013.06.27 03:56:05 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2013.08.11 15:07:07 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.03.28 14:39:56 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2012.11.16 22:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.08.08 13:20:51 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.07.27 00:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.07.22 12:54:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.30 20:10:14 | 000,164,888 | ---- | M] (Google Inc) [Auto | Running] -- C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe -- (GoogleInputService)
SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.07.17 23:25:44 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.07.17 23:25:44 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.07.17 23:25:44 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.07.04 15:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.06.28 03:17:57 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.05.09 10:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013.05.05 14:21:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.04.17 07:03:56 | 000,838,216 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.04.03 09:58:18 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.04.03 09:58:18 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.04.03 09:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013.04.03 09:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013.04.03 09:58:08 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2013.04.03 09:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013.04.03 09:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013.02.12 06:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2012.11.16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.11.16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.11.16 21:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.14 19:46:57 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.11.14 19:39:18 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.11.14 19:39:18 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.11.14 19:39:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.11.14 19:39:18 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.11.14 19:25:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.11.14 19:25:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.01.08 01:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.29 15:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2)
DRV:64bit: - [2007.07.13 11:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 17 23 44 A4 3B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: giorgio%40gilestro.tk:1.0.6
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.6
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "https://duckduckgo.com/?q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.07.17 23:25:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.27 03:55:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.27 03:55:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013.04.04 15:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Extensions
[2013.08.08 13:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions
[2013.07.22 03:18:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.07.05 04:21:24 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\[email protected]
[2013.07.31 03:00:19 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\[email protected]
[2013.05.04 19:32:35 | 000,077,652 | ---- | M] () (No name found) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\[email protected]
[2013.07.31 02:58:15 | 000,320,147 | ---- | M] () (No name found) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\[email protected]
[2013.07.31 02:58:16 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.22 03:18:46 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.04.11 08:44:53 | 000,010,339 | ---- | M] () -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\searchplugins\duckduckgo-1.xml
[2013.04.11 08:44:43 | 000,010,339 | ---- | M] () -- C:\Users\kirzad\AppData\Roaming\Mozilla\Firefox\Profiles\h4awhr6s.default\searchplugins\duckduckgo.xml
[2013.08.08 13:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.08.08 13:20:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.17 23:25:02 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.3_0\
CHR - Extension: Google Docs = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0\
CHR - Extension: Google-Suche = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Search by Image (by Google) = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0\
CHR - Extension: Deaktivierungs-Add-on von Google Analytics = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\
CHR - Extension: IBA Opt-out (by Google) = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.4_0\
CHR - Extension: Cryptocat = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij\2.1.12_0\
CHR - Extension: PageSpeed Insights (by Google) = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.3.2_0\
CHR - Extension: Wappalyzer = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg\2.24_0\
CHR - Extension: TweetDeck = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.1.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Don't Starve = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Classic = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Grab Any Media = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkcaohgalmoefengeadahaaagpkbggok\3.2.1.5_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: ButtonBass Player Piano = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi\2.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Google Mail = C:\Users\kirzad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013.07.21 13:40:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{579C8AF4-60F6-483E-B81B-6D6930164EB8}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{821A6F4D-3E86-4F2D-8077-C22FD9256FC0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0CAF5B8-B293-4804-AEC0-37B47D1F4F09}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.10 18:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics (64-bit)
[2013.08.10 18:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mathematics
[2013.08.09 23:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.08.09 23:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.08.09 23:56:54 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.08.09 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.08.08 13:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.08.08 03:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.08.07 01:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.08.06 12:05:45 | 000,000,000 | ---D | C] -- C:\Users\kirzad\Desktop\sd karte
[2013.07.31 02:46:56 | 000,000,000 | ---D | C] -- C:\Meine Webseiten
[2013.07.31 02:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2013.07.31 02:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2013.07.28 23:56:42 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Roaming\KeePass
[2013.07.28 22:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.07.28 18:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.07.28 17:01:37 | 000,000,000 | ---D | C] -- C:\Users\kirzad\Desktop\Progs
[2013.07.26 14:47:39 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Local\Skyrim
[2013.07.26 14:47:39 | 000,000,000 | ---D | C] -- C:\Users\kirzad\Documents\My Games
[2013.07.26 13:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\skyrim
[2013.07.22 03:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.21 13:50:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.21 13:50:42 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Local\temp
[2013.07.21 13:40:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.07.21 13:21:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.20 00:09:44 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Roaming\Wireshark
[2013.07.19 23:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.07.19 23:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013.07.19 22:34:45 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Roaming\Malwarebytes
[2013.07.19 22:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.19 22:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.19 22:34:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.19 22:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.18 00:07:58 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.07.17 23:25:36 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.07.17 23:25:35 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.17 23:25:29 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.07.17 23:25:26 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.07.17 23:25:24 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.17 23:25:16 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.07.17 23:24:48 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.07.17 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.07.17 18:57:14 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Roaming\Litecoin
[2013.07.15 21:47:41 | 000,000,000 | ---D | C] -- C:\Windows\OvtCam
[2013.07.15 21:43:59 | 000,172,928 | ---- | C] (OmniVision Technology Inc.) -- C:\Windows\SysNative\drivers\ov530vx.sys
[2013.07.15 21:43:59 | 000,139,264 | ---- | C] (Guillemot Corporation) -- C:\Windows\SysNative\drivers\camfilt2.sys
[2013.07.15 21:43:59 | 000,018,944 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\SysWow64\msext534.ax
[2013.07.14 17:43:31 | 000,000,000 | ---D | C] -- C:\Users\kirzad\AppData\Roaming\AckiSoft
[2013.07.14 17:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinanzmanagerV8
[2013.07.14 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AckiSoft
[2013.07.14 02:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.07.14 02:16:24 | 000,000,000 | ---D | C] -- C:\Users\kirzad\Desktop\Kaspersky Keys 30 June 2013
[2013.07.14 02:13:52 | 000,000,000 | --SD | C] -- C:\Users\kirzad\Documents\Passwords Database
[2013.07.14 01:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.07.14 01:26:36 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.07.12 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Network Monitor
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.11 15:13:11 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.11 15:13:11 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.11 15:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.11 15:05:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.11 15:04:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.11 15:04:26 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.11 15:00:13 | 000,043,028 | ---- | M] () -- C:\Users\kirzad\Desktop\cert.PNG
[2013.08.11 14:59:47 | 000,070,471 | ---- | M] () -- C:\Users\kirzad\Desktop\avastmailshield.PNG
[2013.08.11 14:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.11 13:55:02 | 085,922,602 | ---- | M] () -- C:\Users\kirzad\Desktop\cr192-radioaktive-cryptoparty.mp3
[2013.08.11 09:40:45 | 000,000,173 | ---- | M] () -- C:\Users\kirzad\AppData\Local\msmathematics.qat.kirzad
[2013.08.10 00:18:48 | 000,212,992 | ---- | M] () -- C:\Users\kirzad\Documents\geld.mdb
[2013.08.09 23:56:59 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.08.08 03:25:46 | 000,844,600 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.08.08 03:25:46 | 000,710,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.08 03:25:46 | 000,140,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.08 03:25:35 | 000,844,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.07 01:32:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.08.07 01:31:16 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.08.05 12:52:43 | 000,095,112 | ---- | M] () -- C:\Users\kirzad\Desktop\o-BARBIE-BREAKOUT-facebook.jpg
[2013.08.04 18:08:44 | 000,040,660 | ---- | M] () -- C:\Users\kirzad\Desktop\1375632398553.jpg
[2013.07.31 13:18:35 | 000,078,850 | ---- | M] () -- C:\Users\kirzad\Documents\cc_20130731_131827.reg
[2013.07.31 13:11:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.31 02:46:16 | 000,000,780 | ---- | M] () -- C:\Users\kirzad\Desktop\HTTrack Website Copier.lnk
[2013.07.29 14:45:23 | 000,146,891 | ---- | M] () -- C:\Users\kirzad\Desktop\9384778371_85b2426c4b_b1.jpg
[2013.07.28 22:06:36 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.07.28 18:25:13 | 000,000,187 | ---- | M] () -- C:\Users\kirzad\Desktop\NewDatabase.key
[2013.07.28 17:04:33 | 000,001,239 | ---- | M] () -- C:\Users\kirzad\Desktop\STRATO HiDrive.lnk
[2013.07.22 02:49:18 | 000,138,614 | ---- | M] () -- C:\Users\kirzad\Desktop\betterprivacy-1.68-fx.xpi
[2013.07.21 13:40:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.21 12:44:33 | 003,975,928 | ---- | M] () -- C:\Users\kirzad\Desktop\istdrin.pcapng
[2013.07.21 02:02:03 | 000,266,676 | ---- | M] () -- C:\Users\kirzad\Documents\wirederp.pcapng
[2013.07.19 23:53:56 | 000,001,557 | ---- | M] () -- C:\Users\kirzad\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013.07.17 23:25:44 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.07.17 23:25:44 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.07.17 23:25:44 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.17 23:25:44 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.07.17 23:25:44 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.07.17 23:25:44 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.07.17 11:39:54 | 000,179,157 | ---- | M] () -- C:\Users\kirzad\Desktop\fb17072013.xps
[2013.07.17 03:06:29 | 117,478,104 | ---- | M] () -- C:\Users\kirzad\Desktop\avast_free_antivirus_setup.exe
[2013.07.15 21:40:00 | 000,063,343 | ---- | M] () -- C:\Users\kirzad\Documents\Untitled.wma
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.11 15:00:13 | 000,043,028 | ---- | C] () -- C:\Users\kirzad\Desktop\cert.PNG
[2013.08.11 14:59:47 | 000,070,471 | ---- | C] () -- C:\Users\kirzad\Desktop\avastmailshield.PNG
[2013.08.11 13:54:23 | 085,922,602 | ---- | C] () -- C:\Users\kirzad\Desktop\cr192-radioaktive-cryptoparty.mp3
[2013.08.11 09:40:45 | 000,000,173 | ---- | C] () -- C:\Users\kirzad\AppData\Local\msmathematics.qat.kirzad
[2013.08.09 23:56:59 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.08.09 23:56:59 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.08.07 01:31:16 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.08.05 12:52:43 | 000,095,112 | ---- | C] () -- C:\Users\kirzad\Desktop\o-BARBIE-BREAKOUT-facebook.jpg
[2013.08.04 18:08:44 | 000,040,660 | ---- | C] () -- C:\Users\kirzad\Desktop\1375632398553.jpg
[2013.07.31 13:18:31 | 000,078,850 | ---- | C] () -- C:\Users\kirzad\Documents\cc_20130731_131827.reg
[2013.07.31 13:11:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.31 02:46:16 | 000,000,780 | ---- | C] () -- C:\Users\kirzad\Desktop\HTTrack Website Copier.lnk
[2013.07.29 14:45:23 | 000,146,891 | ---- | C] () -- C:\Users\kirzad\Desktop\9384778371_85b2426c4b_b1.jpg
[2013.07.28 22:06:36 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.07.28 18:25:13 | 000,000,187 | ---- | C] () -- C:\Users\kirzad\Desktop\NewDatabase.key
[2013.07.28 18:21:51 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.07.28 17:04:33 | 000,001,239 | ---- | C] () -- C:\Users\kirzad\Desktop\STRATO HiDrive.lnk
[2013.07.22 02:49:17 | 000,138,614 | ---- | C] () -- C:\Users\kirzad\Desktop\betterprivacy-1.68-fx.xpi
[2013.07.21 12:44:32 | 003,975,928 | ---- | C] () -- C:\Users\kirzad\Desktop\istdrin.pcapng
[2013.07.21 02:02:03 | 000,266,676 | ---- | C] () -- C:\Users\kirzad\Documents\wirederp.pcapng
[2013.07.19 23:53:56 | 000,001,557 | ---- | C] () -- C:\Users\kirzad\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013.07.19 23:53:56 | 000,001,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013.07.17 23:25:21 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.07.17 23:25:19 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.07.17 11:39:52 | 000,179,157 | ---- | C] () -- C:\Users\kirzad\Desktop\fb17072013.xps
[2013.07.17 03:05:10 | 117,478,104 | ---- | C] () -- C:\Users\kirzad\Desktop\avast_free_antivirus_setup.exe
[2013.07.15 21:40:00 | 000,063,343 | ---- | C] () -- C:\Users\kirzad\Documents\Untitled.wma
[2013.07.14 17:44:05 | 000,212,992 | ---- | C] () -- C:\Users\kirzad\Documents\geld.mdb
[2013.07.05 21:44:30 | 000,002,625 | ---- | C] () -- C:\Users\kirzad\AppData\Local\recently-used.xbel
[2013.06.28 03:19:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.06.28 03:19:22 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.06.28 03:18:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.06.03 18:46:25 | 000,000,465 | ---- | C] () -- C:\Users\kirzad\AppData\Roaming\buttrc
[2013.05.04 00:09:45 | 000,844,600 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013.04.11 19:37:57 | 000,000,600 | ---- | C] () -- C:\Users\kirzad\AppData\Roaming\winscp.rnd
[2013.04.04 16:22:08 | 000,000,600 | ---- | C] () -- C:\Users\kirzad\AppData\Local\PUTTY.RND
[2013.04.04 02:14:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.16 22:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.16 22:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.07.07 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\.minecraft
[2013.05.06 02:22:29 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\3909 LLC
[2013.07.14 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\AckiSoft
[2013.06.02 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Canneverbe Limited
[2013.06.24 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Dropbox
[2013.08.10 04:28:15 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\foobar2000
[2013.05.05 18:57:08 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\ftblauncher
[2013.05.02 02:50:35 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\HexChat
[2013.07.28 23:56:42 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\KeePass
[2013.04.12 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\KompoZer
[2013.07.17 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Litecoin
[2013.04.04 23:05:13 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Notepad++
[2013.07.03 23:51:09 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\OpenOffice.org
[2013.06.21 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Origin
[2013.04.20 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\raidcall
[2013.05.31 18:08:18 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Samsung
[2013.05.02 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Spotify
[2013.06.02 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\STRATO
[2013.05.05 14:15:16 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\TeraCopy
[2013.04.04 15:41:36 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Thunderbird
[2013.06.05 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\TrueCrypt
[2013.07.31 13:15:13 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\uTorrent
[2013.07.20 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\kirzad\AppData\Roaming\Wireshark

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 12 August 2013 - 10:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
It's not your PC but the mail server. Perhaps it is infected or perhaps just some of the mail is infected. When exactly do you get the warning? Does it keep you from getting your mail? Does your mail server off a spam filter option?
  • 0

#3
kironfire
Posted 13 August 2013 - 05:32 AM

kironfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

It's not your PC but the mail server. Perhaps it is infected or perhaps just some of the mail is infected. When exactly do you get the warning? Does it keep you from getting your mail? Does your mail server off a spam filter option?

thank you so much for replying.
I am only using the mail services of hotmail, gmail and yahoo mail through Thunderbird. all mail appears to get through fully.
I have not yet find a way to reproduce that error message yet as the messages pop up at completely random times and seem to not be related to any specific process or action. They would appear when Thunderbird is closed and not even opened once during a session.
I really wish avast would have a way to show you which process is requesting that certificate specifically.
  • 0

#4
RKinner
Posted 13 August 2013 - 07:41 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The only thing I see in your log is the OpenVPN service. I know it's big on certificate use tho not sure why Avast would call it mail. You might try turning off the service and see if you still get the warnings.

Another possibility might be to slap on the free Online Armor firewall and see if it blocks whatever is trying to connect.
http://www.online-ar...-armor-free.php

Let's see if you have something listening on one of the mail ports:

Copy the next two lines:

netstat -b -an > \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad should open. Copy (Ctrl + a then Ctrl + c) and paste (Ctrl + v) into a reply.

Going off island now so won't be back online until late today.
  • 0

#5
kironfire
Posted 13 August 2013 - 03:17 PM

kironfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I couldn't get online armor installed because it doesn't like virtualbox.
uninstalled openvpn completely as I have no use for that on the host system anymore.

I downloaded currports from nirsoft to see which processes are establishing connections. I can see a lot of entries marked as unknown.
however, here's the netstat report:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
[wmpnetwk.exe]
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:12025 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12110 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12119 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12143 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12465 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12563 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12993 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:12995 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:21320 0.0.0.0:0 LISTENING
[SDFSSvc.exe]
TCP 0.0.0.0:21321 0.0.0.0:0 LISTENING
[SDUpdSvc.exe]
TCP 0.0.0.0:21322 0.0.0.0:0 LISTENING
[SDFSSvc.exe]
TCP 0.0.0.0:21323 0.0.0.0:0 LISTENING
[SDFSSvc.exe]
TCP 0.0.0.0:27275 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
eventlog
[svchost.exe]
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING
[services.exe]
TCP 127.0.0.1:5357 127.0.0.1:60202 TIME_WAIT
TCP 127.0.0.1:5357 127.0.0.1:60208 TIME_WAIT
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:58713 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59626 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59782 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59812 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59817 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59823 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59891 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59915 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:59995 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60093 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60094 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60098 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60099 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60102 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60103 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60106 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60108 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60117 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60138 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60223 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60224 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60225 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60226 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60227 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12080 127.0.0.1:60228 ESTABLISHED
[AvastSvc.exe]
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:27275 0.0.0.0:0 LISTENING
[AvastSvc.exe]
TCP 127.0.0.1:56977 127.0.0.1:56978 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:56978 127.0.0.1:56977 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:58713 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59626 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59782 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59812 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59817 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59823 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59891 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59915 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:59995 127.0.0.1:12080 ESTABLISHED
[VirtualBox.exe]
TCP 127.0.0.1:60093 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60094 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60098 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60099 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60102 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60103 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60106 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60108 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60117 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60138 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60192 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60193 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60194 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60195 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60197 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60198 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60199 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60200 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60201 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60203 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60204 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60207 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60209 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60211 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60212 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60213 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60214 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60215 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60216 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60218 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60219 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60221 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60223 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60224 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60225 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60226 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60227 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60228 127.0.0.1:12080 ESTABLISHED
[chrome.exe]
TCP 127.0.0.1:60235 127.0.0.1:21322 TIME_WAIT
TCP 127.0.0.1:60236 127.0.0.1:21322 TIME_WAIT
TCP 192.168.178.24:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 192.168.178.24:49266 77.234.41.54:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:49804 199.16.156.81:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:49847 91.143.91.127:9001 ESTABLISHED
[VirtualBox.exe]
TCP 192.168.178.24:56865 74.125.135.125:5222 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:58714 184.173.90.195:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:59627 173.194.112.192:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:59783 173.194.112.195:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:59787 173.194.112.201:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:59813 173.194.112.192:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:59865 173.194.113.152:443 TIME_WAIT
TCP 192.168.178.24:59875 173.194.112.215:443 TIME_WAIT
TCP 192.168.178.24:59892 23.63.235.139:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:59996 88.221.92.30:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:60037 68.232.35.139:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:60095 80.237.152.26:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60097 80.237.152.26:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60100 80.237.152.26:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60101 80.237.152.26:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60104 80.237.152.26:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60107 68.232.35.121:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60109 93.184.220.111:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60116 31.13.81.65:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60118 68.232.35.121:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60139 208.94.2.7:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60151 64.15.112.79:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60159 80.237.152.26:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60167 64.15.112.79:80 CLOSE_WAIT
[AvastSvc.exe]
TCP 192.168.178.24:60179 173.194.112.196:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:60190 199.59.148.21:443 TIME_WAIT
TCP 192.168.178.24:60196 173.194.112.192:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:60210 192.168.178.1:49000 TIME_WAIT
TCP 192.168.178.24:60217 199.16.156.102:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:60220 199.59.150.8:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:60222 199.16.156.231:443 ESTABLISHED
[chrome.exe]
TCP 192.168.178.24:60229 173.194.112.198:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:60230 173.194.112.198:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:60231 173.194.112.198:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:60232 173.194.112.198:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:60233 173.194.112.198:80 ESTABLISHED
[AvastSvc.exe]
TCP 192.168.178.24:60234 173.194.112.198:80 ESTABLISHED
[AvastSvc.exe]
TCP [::]:135 [::]:0 LISTENING
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:554 [::]:0 LISTENING
[wmpnetwk.exe]
TCP [::]:2869 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:5357 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:10243 [::]:0 LISTENING
Can not obtain ownership information
TCP [::]:49152 [::]:0 LISTENING
[wininit.exe]
TCP [::]:49153 [::]:0 LISTENING
eventlog
[svchost.exe]
TCP [::]:49154 [::]:0 LISTENING
Schedule
[svchost.exe]
TCP [::]:49155 [::]:0 LISTENING
[lsass.exe]
TCP [::]:49159 [::]:0 LISTENING
[services.exe]
TCP [::1]:12025 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12110 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12119 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12143 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12465 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12563 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12993 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:12995 [::]:0 LISTENING
[AvastSvc.exe]
TCP [::1]:27275 [::]:0 LISTENING
[AvastSvc.exe]
UDP 0.0.0.0:500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3544 *:*
iphlpsvc
[svchost.exe]
UDP 0.0.0.0:3702 *:*
EventSystem
[svchost.exe]
UDP 0.0.0.0:3702 *:*
EventSystem
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:4500 *:*
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5004 *:*
[wmpnetwk.exe]
UDP 0.0.0.0:5005 *:*
[wmpnetwk.exe]
UDP 0.0.0.0:21328 *:*
[SDFSSvc.exe]
UDP 0.0.0.0:49751 *:*
EventSystem
[svchost.exe]
UDP 0.0.0.0:51400 *:*
[SDFSSvc.exe]
UDP 0.0.0.0:52204 *:*
[VirtualBox.exe]
UDP 0.0.0.0:53832 *:*
FDResPub
[svchost.exe]
UDP 0.0.0.0:54005 *:*
EventSystem
[svchost.exe]
UDP 127.0.0.1:1900 *:*
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:59883 *:*
SSDPSRV
[svchost.exe]
UDP 192.168.178.24:137 *:*
Can not obtain ownership information
UDP 192.168.178.24:138 *:*
Can not obtain ownership information
UDP 192.168.178.24:1900 *:*
SSDPSRV
[svchost.exe]
UDP 192.168.178.24:54242 *:*
iphlpsvc
[svchost.exe]
UDP 192.168.178.24:59882 *:*
SSDPSRV
[svchost.exe]
UDP [::]:500 *:*
IKEEXT
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:3702 *:*
EventSystem
[svchost.exe]
UDP [::]:3702 *:*
EventSystem
[svchost.exe]
UDP [::]:3702 *:*
FDResPub
[svchost.exe]
UDP [::]:4500 *:*
IKEEXT
[svchost.exe]
UDP [::]:5004 *:*
[wmpnetwk.exe]
UDP [::]:5005 *:*
[wmpnetwk.exe]
UDP [::]:49752 *:*
EventSystem
[svchost.exe]
UDP [::]:53833 *:*
FDResPub
[svchost.exe]
UDP [::]:54006 *:*
EventSystem
[svchost.exe]
UDP [::1]:1900 *:*
SSDPSRV
[svchost.exe]
UDP [::1]:59881 *:*
SSDPSRV
[svchost.exe]
  • 0

#6
RKinner
Posted 13 August 2013 - 11:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I prefer TCPVIEW:

http://live.sysinter...com/Tcpview.exe Download, Save and then run it by right clicking and Run As Admin.

Then File, Save As (to your desktop), tcp , OK. This should create a file tcp.txt on your desktop. Attach or copy and paste it to a reply.

Also

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#7
kironfire
Posted 14 August 2013 - 12:40 AM

kironfire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have attached tcp.txt to this postAttached File  tcp.txt   9.46KB   217 downloads

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.83 0 K 24 K 0
procexp64.exe 5.00 40.708 K 53.524 K 964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
vlc.exe 1.28 35.000 K 40.648 K 4572 VLC media player 2.0.7 VideoLAN (No signature was present in the subject) VideoLAN
audiodg.exe 1.18 23.000 K 22.948 K 5812 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.61 42.780 K 58.608 K 2268 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.39 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.34 10.400 K 22.836 K 572 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 0.19 472 K 17.976 K 4
svchost.exe 0.13 46.796 K 45.216 K 992 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
GoogleInputService.exe 0.12 1.436 K 4.048 K 1824 Google Input Tools. Google Inc (Verified) Google Inc
Kies.exe 0.12 35.056 K 38.920 K 4028 Kies Samsung (Verified) Samsung Electronics CO.
SDWSCSvc.exe 0.11 5.712 K 10.748 K 3204 Windows Security Center integration. Safer-Networking Ltd. (Verified) Safer Networking Ltd.
SDFSSvc.exe 0.10 32.500 K 38.480 K 2704 Spybot-S&D 2 Scanner Service Safer-Networking Ltd. (Verified) Safer Networking Ltd.
lsm.exe 0.09 2.648 K 4.372 K 628 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.09 219.064 K 245.204 K 4704 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.07 42.924 K 58.360 K 672 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
explorer.exe 0.04 70.284 K 106.172 K 2344 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.04 111.696 K 134.048 K 4104 Google Chrome Google Inc. (Verified) Google Inc
GoogleInputHandler.exe 0.04 6.828 K 2.260 K 2224 Google Input Tools Google Inc. (Verified) Google Inc
CCC.exe 0.03 119.496 K 4.880 K 3060 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
SDUpdSvc.exe 0.03 10.916 K 18.560 K 2408 Spybot-S&D 2 Background update service Safer-Networking Ltd. (Verified) Safer Networking Ltd.
services.exe 0.03 7.964 K 11.600 K 604 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 0.03 21.556 K 25.780 K 3488 avast! Antivirus AVAST Software (Verified) AVAST Software
notepad++.exe 0.02 24.512 K 29.352 K 3132 Notepad++ : a free (GNU) source code editor Don HO [email protected] (No signature was present in the subject) Don HO [email protected]
svchost.exe 0.02 37.176 K 37.208 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 51.224 K 59.488 K 2940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.01 37.736 K 3.104 K 1360 avast! Service AVAST Software (Verified) AVAST Software
MOM.exe 0.01 41.612 K 5.548 K 3116 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
csrss.exe < 0.01 2.524 K 4.984 K 468 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6.140 K 10.308 K 832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe < 0.01 87.400 K 119.524 K 3736 Google Chrome Google Inc. (Verified) Google Inc
taskhost.exe < 0.01 13.544 K 17.772 K 2184 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 319.440 K 327.976 K 472 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 7.884 K 14.300 K 1788 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SearchIndexer.exe < 0.01 65.164 K 77.144 K 3320 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe < 0.01 34.888 K 24.200 K 1872 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
STRATO HiDrive Service.exe < 0.01 36.592 K 29.596 K 2852 STRATO HiDrive Service STRATO (No signature was present in the subject) STRATO
svchost.exe < 0.01 205.728 K 203.312 K 112 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wininit.exe < 0.01 1.484 K 4.524 K 556 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 2.652 K 6.996 K 3644 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2.560 K 7.564 K 1896 Windows Update Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 10.936 K 10.568 K 2532 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3.148 K 7.092 K 6768 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 1.764 K 3.916 K 3068 Microsoft® Windows Live ID Service Monitor Microsoft Corporation (Verified) Microsoft Corporation
WLIDSVC.EXE 5.088 K 13.480 K 2964 Microsoft® Windows Live ID Service Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe 2.996 K 7.656 K 944 Windows Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskeng.exe 2.408 K 6.228 K 2076 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4.372 K 10.408 K 748 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3.176 K 7.356 K 1104 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 6.496 K 10.308 K 2904 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 14.228 K 15.736 K 1660 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 4.552 K 9.096 K 1744 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2.496 K 6.504 K 2812 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3.768 K 8.972 K 4616 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
spoolsv.exe 6.356 K 11.660 K 1632 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 496 K 1.140 K 320 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 9.012 K 11.744 K 3964 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp.exe 2.640 K 7.968 K 6796 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 26.464 K 18.172 K 3784 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 5.364 K 13.476 K 620 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
hmpsched.exe 1.272 K 3.596 K 1260 HitmanPro Scheduler SurfRight B.V. (Verified) SurfRight B.V.
GoogleCrashHandler64.exe 2.276 K 572 K 2564 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1.980 K 972 K 2556 Google Crash Handler Google Inc. (Verified) Google Inc
chrome.exe 22.368 K 50.836 K 6096 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 76.028 K 103.456 K 4472 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 108.088 K 138.588 K 4524 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 32.988 K 62.036 K 6640 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21.764 K 48.548 K 6084 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21.904 K 48.316 K 1604 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 23.864 K 50.116 K 1172 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 53.572 K 83.428 K 6364 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 55.476 K 90.492 K 3708 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28.620 K 55.408 K 5320 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 94.336 K 124.880 K 5676 Google Chrome Google Inc. (Verified) Google Inc
atiesrxx.exe 1.444 K 4.208 K 888 AMD External Events Service Module AMD (Verified) Advanced Micro Devices
atieclxx.exe 2.316 K 6.416 K 1220 AMD External Events Client Module AMD (Verified) Advanced Micro Devices

Edited by kironfire, 14 August 2013 - 12:41 AM.

  • 0

#8
RKinner
Posted 14 August 2013 - 12:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Don't see any unknowns in TCPView. Everything looks fairly normal. Process Explorer doesn't show anything odd either. It does say some Windows aren't verified but this is common. Usually they will be ok the next time you run it. I think Microsoft's servers get busy.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP