| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehlerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.10.2012, 22:33
| #1 |
 |  rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Hallo zusammen, ich habe da ein kleines Probelm und hoffe ihr könnt mir evtl. helfen. Vor einiger Zeit (2 Monate) hatte ich nen Bundestrojaner drauf mit "Sie müssen bezahlen u an Ihren Rechner" naja ihr kennt das. Diese konnte ich mittels der Kaspersky rescue cd wieder entfernen. Danach kam immer der fehler das die rool0_pk.exe nicht gefunden werden konnte. Dachte mir bis jetzt nichts dabei und es gab auch keinen weiteren Probleme. Nun habe ich gestern nfs most wanted gekauft und wollte es mal installieren, er bricht allerdings die Installation ab mit folgendem Fehler: Direct3D 11 nicht installiert nutzen sie windows link zu Fehler/Update KB93571 bzw KB971644 dies sind allerdings aktualisierungen für vista und nicht wie ich benutze win7 64Bit. sowie Redistributable package, d3d11install.exe wurde nicht erfolgreich installiert (4) kann es sein das diese "rest" exe oder Befehl die akualisierung verhindert? Ein freund von mir kaufte es sich auch und da war die Installation erfolgreich. Ich habe natürlich auh die in den meisten foren vorgeschlagen diretx Aktualisierungstools one ergebnis oder Problem durchgeführt. Ich werde natürlich auch ea mal anschreiben aber wollte hier noch mal um rat fragen. Was mich auch verwundert ist die aussage in dxdiag das DX Setup Parameters: Not found. vielleicht hängen die Sachen auch nicht zusammen aber wär trotzdem schön die Fehlermeldung rool0_pk.exe erschwinden würde. im voraus danke und schönen abend lg micha Geändert von Michpal (27.10.2012 um 22:41 Uhr) |
|
28.10.2012, 11:03
| #2 |
| /// TB-Ausbilder   | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich schlage vor, wir überprüfen deinen Rechner komplett auf Malware und entfernen eventuell vorhandene Reste. Sollte die Installation dann immer noch scheitern, dann liegt es auf jeden Fall nicht an der Malware.  Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
28.10.2012, 12:40
| #3 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Hallo Danke für deine Angebot zur Hilfe
__________________ ich hab gestern abend noch die Malewarebyte Anti Malware durchlaufen lassen und er hat etliches gefunden ... 12 Trojaner, die sind mittlerweile auch alle gelöscht von diesem Programm und diese Fehlermeldung mit der exe erscheint nach dem Neustart nicht mehr. Nichts destotrotz kann ich das spiel nicht installieren da selbiger Fehler, in deinem Post sprichst du ja auch von einer Formatierung der Festplatte ... zum wahrscheinlich 01.12.2012 wird mein system umgebaut und eh alles neu aufgesetzt. auch mit neuer ssd platte als Primär und die jetzige für die Daten. Ich werde heute nachmittag deinen 1. Schritt durchführen und das Ergebnis posten. in dem Sinne Mahlzeit |
|
28.10.2012, 12:46
| #4 | |
| /// TB-Ausbilder | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Servus, Zitat:
Klicke auf den Tab Logdateien. Wähle die entsprechende Textdatei aus und Klicke auf Öffnen. Poste mir den Inhalt hier mit deiner nächsten Antwort. Führe anschließend die Schritte 1 - 4 meiner letzten Antwort durch und poste die Logdateien. Dann sehen wir weiter.  |
|
28.10.2012, 12:53
| #5 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21.03.2011 16:25:53
System Uptime: 28.10.2012 10:51:49 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Maximus Extreme
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | LGA775 | 3163/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 7,541 GiB free.
D: is FIXED (NTFS) - 393 GiB total, 92,502 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standardtastatur (PS/2)
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standardtastaturen)
Name: Standardtastatur (PS/2)
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-Teredo-Tunneling-Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft-Teredo-Tunneling-Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP304: 28.10.2012 10:30:12 - DirectX wurde installiert
RP305: 28.10.2012 10:42:42 - DirectX wurde installiert
RP306: 28.10.2012 11:34:00 - DirectX wurde installiert
RP307: 28.10.2012 11:46:26 - DirectX wurde installiert
RP308: 28.10.2012 11:47:39 - DirectX wurde installiert
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
AI Suite
amBX Audio FXGen 3.1.1
amBX Control Panel 1.2.7
amBX Gaming FXGen 3.7.6
amBX Illuminate 1.0.2
amBX Saitek HAL 1.0.0
amBX System 1.1.4.0
ANNO 2070
Apple Application Support
Apple Software Update
ASUSUpdate
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Brother MFL-Pro Suite MFC-J415W
Cities XL
DAEMON Tools Lite
DAEMON Tools Toolbar
Diablo III
Die Sims™ 3 Einfach tierisch
Die Sims™ 3 Late Night
Die Sims™ 3 Lebensfreude
DiRT 3
DivX-Setup
Dropbox
Endless Space
ESN Sonar
F1 2012
Free Video to Samsung Phones Converter version 5.0.15.706
Free YouTube to MP3 Converter version 3.11.25.627
Host OpenAL (ADI)
Hyperdesk - DarkMatter RedShift
Hyperdesk - DarkMatter Solar Flare
Hyperdesk - DarkMatter Subspace
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
JMicron JMB36X Driver
Left 4 Dead 2
Left 4 Dead 2 Authoring Tools
Logitech GamePanel Software 3.06.109
Logitech Gaming Software 5.10
Lucikes Rundum-Sorglos-Paket
Malwarebytes Anti-Malware Version 1.65.1.1000
Marvell Miniport Driver
McAfee Internet Security Suite
Media Go
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Maintenance Service
Need for Speed(TM) Hot Pursuit
Need For Speed™ World
Nexus Mod Manager
NVIDIA 3D Vision Controller-Treiber 306.97
NVIDIA 3D Vision Treiber 306.97
NVIDIA Grafiktreiber 306.97
NVIDIA HD-Audiotreiber 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 306.97
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
Origin
Patch v2.2
PC Probe II
PlayStation(R)Network Downloader
PlayStation(R)Store
PunkBuster Services
QuickTime
Rapture3D 2.4.9 Game
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Silent Hunter 5
SpeechRedist
SpeedFan (remove only)
Steam
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
The Walking Dead
The War Z version alpha
toolplugin
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
Web Assistant 2.0.0.485
Web Optimizer
Windows Live ID Sign-in Assistant
WinRAR 4.00 (64-Bit)
World of Warcraft
X3 Albion Prelude Bonuspaket 5.1.0.0
X3: Albion Prelude
X3: Terran Conflict
X3TC Bonuspaket 4.1.01
.
==== End Of File ===========================
DDSDDS Logfile:
--- --- --- ddsDDS Logfile: Code:
ATTFilter DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Michpal at 12:42:06 on 2012-10-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6319 [GMT 1:00]
.
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Installer\MSI8673.tmp
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\amBX\System\amBX_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
C:\Program Files\amBX\Control Panel\amBXDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
D:\Games\Origin\Origin.exe
D:\Games\Origin\OriginClientService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = 122.49.77.1:80
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [imtazuvwobzvvzb] C:\ProgramData\imtazuvw.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMBXIL~1.LNK - C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A15BD116-72FB-405F-B624-B9EBD99A7FE0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E581B93F-7959-48E2-9C4B-B606ACE5784D} : DHCPNameServer = 192.168.2.1 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
SSODL: WebCheck - <orphaned>
STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
x64-Run: [amBX Daemon] "C:\Program Files\amBX\Control Panel\amBXDaemon.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Michpal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-21 289664]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-21 75936]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 amBX Saitek HAL Service;amBX Saitek HAL Service;C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2012-10-4 310784]
R2 amBX Service;amBX Service;C:\Program Files (x86)\amBX\System\amBX_Service.exe [2012-10-4 612864]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSI8673.tmp [2012-10-2 102400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-27 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-27 676936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-21 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-21 162192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-27 1258856]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-18 188760]
R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-9-10 1259888]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-13 245760]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-21 65264]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-27 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-21 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-21 487296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 189288]
R3 SaiK0DC5;SaiK0DC5;C:\Windows\System32\drivers\SaiK0DC5.sys [2012-10-4 176136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2011-12-11 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-6 250808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-3-31 13352]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-21 100912]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-5 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 SaiKF622;SaiKF622;C:\Windows\System32\drivers\SaiKF622.sys [2009-6-10 140800]
S3 Sony PC Companion;Sony PC Companion;"C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" --> C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
.
=============== Created Last 30 ================
.
2012-10-27 21:51:21 -------- d-----w- C:\Users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-27 21:51:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-27 21:51:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42:21 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-10-27 18:42:21 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-10-27 18:42:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-10-27 18:42:21 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-10-27 18:42:21 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-10-27 18:42:20 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-10-27 18:42:20 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-10-27 18:42:20 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-10-27 18:42:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-10-27 18:07:56 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-27 18:07:56 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-27 18:07:56 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-27 18:07:56 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-27 18:07:56 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-27 18:07:56 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-27 18:07:56 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-27 18:07:25 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-10-27 11:01:37 7720 ----a-w- C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe220.dll
2012-10-27 11:01:37 204432 ----a-w- C:\Users\Michpal\AppData\Roaming\AcroIEHelpe220.dll
2012-10-25 20:35:59 0 ----a-w- C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.tmp
2012-10-25 15:35:00 7720 ----a-w- C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe219.dll
2012-10-22 19:29:48 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.034
2012-10-17 18:21:00 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.033
2012-10-17 12:40:11 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:54:31 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.031
2012-10-16 14:53:15 -------- d-----w- C:\Users\Michpal\AppData\Local\Arktos
2012-10-15 18:29:56 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.030
2012-10-11 19:55:44 7424 ----a-w- C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll
2012-10-10 18:31:18 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 18:31:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-10 18:31:01 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30:59 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30:43 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-10 18:30:43 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-10 18:30:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-10 18:30:26 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-10 18:30:26 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-10 18:30:22 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.029
2012-10-10 18:30:14 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-10 18:30:11 7424 ----a-w- C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll
2012-10-10 18:30:02 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-10 18:28:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27:56 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27:55 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27:47 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27:27 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27:16 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25:57 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25:53 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25:41 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25:41 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25:32 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-10 18:25:15 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 18:25:06 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 18:22:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 18:22:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 18:22:05 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 18:22:02 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 18:21:57 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 18:21:53 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 18:21:48 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 18:21:48 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 18:21:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 18:21:33 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-05 14:14:25 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.025
2012-10-04 15:03:41 -------- d-----w- C:\Users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52:38 -------- d-----w- C:\Program Files\amBX
2012-10-04 14:52:31 -------- d-----w- C:\Program Files (x86)\amBX
2012-10-04 14:50:32 176136 ----a-w- C:\Windows\System32\drivers\SaiK0DC5.sys
2012-10-02 20:51:51 -------- d-----w- C:\Users\Michpal\AppData\Roaming\14001.024
2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 08:53:06 -------- d-----w- C:\Users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50:07 -------- d-----w- C:\Program Files (x86)\The Skins Factory
.
==================== Find3M ====================
.
2012-10-26 20:03:39 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03:39 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03:25 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01:49 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 18:45:34 7424 ----a-w- C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll
2012-09-13 13:26:50 1259888 ----a-w- C:\Windows\System32\dmwu.exe
2012-09-13 13:25:38 35328 ----a-w- C:\Windows\System32\ImHttpComm.dll
2012-09-07 17:42:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-02 09:45:46 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-02 09:45:43 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-02 09:45:43 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-30 19:14:00 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2012-08-30 19:14:00 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll
2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe
2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll
2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 12:48:04,74 ===============
2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE Starting protection 2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE Protection started successfully 2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE Starting IP protection 2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE IP Protection started successfully 2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE Starting protection 2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE Protection started successfully 2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE Starting IP protection 2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE IP Protection started successfully 2012/10/28 10:52:13 +0100 MICHPAL-PC Michpal MESSAGE Starting protection 2012/10/28 10:52:13 +0100 MICHPAL-PC Michpal MESSAGE Protection started successfully 2012/10/28 10:52:13 +0100 MICHPAL-PC Michpal MESSAGE Starting IP protection 2012/10/28 10:52:14 +0100 MICHPAL-PC Michpal MESSAGE IP Protection started successfully 2012/10/27 23:51:34 +0200 MICHPAL-PC Michpal MESSAGE Starting protection 2012/10/27 23:51:34 +0200 MICHPAL-PC Michpal MESSAGE Protection started successfully 2012/10/27 23:51:34 +0200 MICHPAL-PC Michpal MESSAGE Starting IP protection 2012/10/27 23:51:35 +0200 MICHPAL-PC Michpal MESSAGE IP Protection started successfully 2012/10/27 23:51:45 +0200 MICHPAL-PC Michpal MESSAGE Starting database refresh 2012/10/27 23:51:45 +0200 MICHPAL-PC Michpal MESSAGE Stopping IP protection 2012/10/27 23:51:45 +0200 MICHPAL-PC Michpal MESSAGE IP Protection stopped successfully 2012/10/27 23:51:48 +0200 MICHPAL-PC Michpal MESSAGE Database refreshed successfully 2012/10/27 23:51:48 +0200 MICHPAL-PC Michpal MESSAGE Starting IP protection 2012/10/27 23:51:49 +0200 MICHPAL-PC Michpal MESSAGE IP Protection started successfully 2012/10/27 23:55:38 +0200 MICHPAL-PC (null) MESSAGE Executing scheduled update: Daily 2012/10/27 23:55:46 +0200 MICHPAL-PC Michpal MESSAGE Starting protection 2012/10/27 23:55:46 +0200 MICHPAL-PC Michpal MESSAGE Protection started successfully 2012/10/27 23:55:46 +0200 MICHPAL-PC Michpal MESSAGE Starting IP protection 2012/10/27 23:55:47 +0200 MICHPAL-PC Michpal MESSAGE IP Protection started successfully 2012/10/27 23:56:16 +0200 MICHPAL-PC Michpal MESSAGE Database already up-to-date Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michpal :: MICHPAL-PC [Administrator] Schutz: Aktiviert 27.10.2012 23:51:59 mbam-log-2012-10-27 (23-51-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 30191 Laufzeit: 1 Minute(n), 40 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CodecUpdater (Trojan.Dropper.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Downloader) -> Daten: C:\Users\Michpal\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Michpal\AppData\Roaming\appconf32.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michpal\AppData\Roaming\AcroIEHelpe219.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe212.dll (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe214.dll (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michpal :: MICHPAL-PC [Administrator] Schutz: Aktiviert 27.10.2012 23:57:06 mbam-log-2012-10-27 (23-57-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 253206 Laufzeit: 3 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Michpal\AppData\Local\Temp\g7i0ol_kaz.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Michpal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michpal :: MICHPAL-PC [Administrator] Schutz: Aktiviert 28.10.2012 07:33:13 mbam-log-2012-10-28 (07-33-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 622987 Laufzeit: 2 Stunde(n), 25 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) so hier haben wir den Defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:07 on 28/10/2012 (Michpal) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedHKCU:AlcoholAutomount -> Removed Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-28 13:13:51 ----------------------------- 13:13:51.000 OS Version: Windows x64 6.1.7601 Service Pack 1 13:13:51.000 Number of processors: 2 586 0x1706 13:13:51.001 ComputerName: MICHPAL-PC UserName: Michpal 13:13:51.870 Initialize success 13:14:44.534 AVAST engine defs: 12102800 13:15:42.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:15:42.519 Disk 0 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3 13:15:42.524 Disk 0 MBR read successfully 13:15:42.526 Disk 0 MBR scan 13:15:42.531 Disk 0 Windows 7 default MBR code 13:15:42.538 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 74998 MB offset 63 13:15:42.543 Disk 0 Partition - 00 0F Extended LBA 401930 MB offset 153597465 13:15:42.574 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 401930 MB offset 153597528 13:15:42.643 Disk 0 scanning C:\Windows\system32\drivers 13:15:54.170 Service scanning 13:16:12.149 Modules scanning 13:16:12.156 Disk 0 trace - called modules: 13:16:12.174 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys 13:16:12.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079e0410] 13:16:12.184 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007802580] 13:16:12.189 5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007804060] 13:16:12.879 AVAST engine scan C:\Windows 13:16:14.666 AVAST engine scan C:\Windows\system32 13:19:43.966 AVAST engine scan C:\Windows\system32\drivers 13:19:55.100 AVAST engine scan C:\Users\Michpal 13:26:34.494 File: C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll **INFECTED** Win32:Agent-AQEB [Trj] 13:26:34.575 File: C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll **INFECTED** Win32:Agent-AQEW [Trj] 13:26:34.602 File: C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll **INFECTED** Win32:Agent-AQFL [Trj] 13:27:57.134 AVAST engine scan C:\ProgramData 13:33:52.783 Disk 0 MBR has been saved successfully to "C:\Users\Michpal\Desktop\MBR.dat" 13:33:52.786 The log file has been saved successfully to "C:\Users\Michpal\Desktop\aswMBR.txt" |
|
28.10.2012, 13:37
| #6 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler und zum schluss schritt 4 + Ergebnis 13:36:02.0551 0300 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 13:36:03.0675 0300 ============================================================ 13:36:03.0675 0300 Current date / time: 2012/10/28 13:36:03.0675 13:36:03.0675 0300 SystemInfo: 13:36:03.0675 0300 13:36:03.0675 0300 OS Version: 6.1.7601 ServicePack: 1.0 13:36:03.0675 0300 Product type: Workstation 13:36:03.0675 0300 ComputerName: MICHPAL-PC 13:36:03.0676 0300 UserName: Michpal 13:36:03.0676 0300 Windows directory: C:\Windows 13:36:03.0676 0300 System windows directory: C:\Windows 13:36:03.0676 0300 Running under WOW64 13:36:03.0676 0300 Processor architecture: Intel x64 13:36:03.0676 0300 Number of processors: 2 13:36:03.0676 0300 Page size: 0x1000 13:36:03.0676 0300 Boot type: Normal boot 13:36:03.0676 0300 ============================================================ 13:36:04.0523 0300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:36:04.0555 0300 ============================================================ 13:36:04.0556 0300 \Device\Harddisk0\DR0: 13:36:04.0556 0300 MBR partitions: 13:36:04.0556 0300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x927B5DA 13:36:04.0565 0300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927B658, BlocksNum 0x31105728 13:36:04.0565 0300 ============================================================ 13:36:04.0582 0300 C: <-> \Device\Harddisk0\DR0\Partition1 13:36:04.0596 0300 D: <-> \Device\Harddisk0\DR0\Partition2 13:36:04.0596 0300 ============================================================ 13:36:04.0596 0300 Initialize success 13:36:04.0596 0300 ============================================================ 13:36:06.0260 5080 ============================================================ 13:36:06.0260 5080 Scan started 13:36:06.0260 5080 Mode: Manual; 13:36:06.0260 5080 ============================================================ 13:36:07.0082 5080 ================ Scan system memory ======================== 13:36:07.0082 5080 System memory - ok 13:36:07.0083 5080 ================ Scan services ============================= 13:36:07.0219 5080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:36:07.0222 5080 1394ohci - ok 13:36:07.0257 5080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:36:07.0293 5080 ACPI - ok 13:36:07.0311 5080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:36:07.0311 5080 AcpiPmi - ok 13:36:07.0323 5080 ADIHdAudAddService - ok 13:36:07.0405 5080 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:36:07.0406 5080 AdobeARMservice - ok 13:36:07.0547 5080 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:36:07.0549 5080 AdobeFlashPlayerUpdateSvc - ok 13:36:07.0595 5080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 13:36:07.0601 5080 adp94xx - ok 13:36:07.0618 5080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 13:36:07.0626 5080 adpahci - ok 13:36:07.0644 5080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 13:36:07.0646 5080 adpu320 - ok 13:36:07.0675 5080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:36:07.0677 5080 AeLookupSvc - ok 13:36:07.0714 5080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 13:36:07.0757 5080 AFD - ok 13:36:07.0788 5080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:36:07.0790 5080 agp440 - ok 13:36:07.0803 5080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 13:36:07.0804 5080 ALG - ok 13:36:07.0817 5080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 13:36:07.0820 5080 aliide - ok 13:36:07.0867 5080 [ 766328EE8F5F372D66B45F4A86655E3F ] amBX Saitek HAL Service C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe 13:36:07.0869 5080 amBX Saitek HAL Service - ok 13:36:07.0930 5080 [ 9D76B432DBE317A6437C8F157A67C097 ] amBX Service C:\Program Files (x86)\amBX\System\amBX_Service.exe 13:36:07.0972 5080 amBX Service - ok 13:36:07.0989 5080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 13:36:07.0990 5080 amdide - ok 13:36:08.0012 5080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 13:36:08.0015 5080 AmdK8 - ok 13:36:08.0018 5080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 13:36:08.0019 5080 AmdPPM - ok 13:36:08.0047 5080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:36:08.0048 5080 amdsata - ok 13:36:08.0052 5080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 13:36:08.0055 5080 amdsbs - ok 13:36:08.0080 5080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:36:08.0080 5080 amdxata - ok 13:36:08.0120 5080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 13:36:08.0153 5080 AppID - ok 13:36:08.0166 5080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:36:08.0169 5080 AppIDSvc - ok 13:36:08.0194 5080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 13:36:08.0195 5080 Appinfo - ok 13:36:08.0204 5080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 13:36:08.0207 5080 arc - ok 13:36:08.0221 5080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 13:36:08.0222 5080 arcsas - ok 13:36:08.0261 5080 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 13:36:08.0300 5080 AsIO - ok 13:36:08.0369 5080 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 13:36:08.0402 5080 aspnet_state - ok 13:36:08.0457 5080 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys 13:36:08.0458 5080 AsUpIO - ok 13:36:08.0469 5080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:36:08.0470 5080 AsyncMac - ok 13:36:08.0487 5080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 13:36:08.0487 5080 atapi - ok 13:36:08.0522 5080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:36:08.0538 5080 AudioEndpointBuilder - ok 13:36:08.0552 5080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:36:08.0555 5080 AudioSrv - ok 13:36:08.0607 5080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:36:08.0631 5080 AxInstSV - ok 13:36:08.0660 5080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 13:36:08.0665 5080 b06bdrv - ok 13:36:08.0690 5080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:36:08.0693 5080 b57nd60a - ok 13:36:08.0728 5080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 13:36:08.0731 5080 BDESVC - ok 13:36:08.0751 5080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 13:36:08.0752 5080 Beep - ok 13:36:08.0791 5080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 13:36:08.0819 5080 BFE - ok 13:36:08.0842 5080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 13:36:08.0847 5080 BITS - ok 13:36:08.0867 5080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:36:08.0868 5080 blbdrive - ok 13:36:08.0884 5080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:36:08.0886 5080 bowser - ok 13:36:08.0888 5080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:36:08.0892 5080 BrFiltLo - ok 13:36:08.0895 5080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:36:08.0898 5080 BrFiltUp - ok 13:36:08.0921 5080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 13:36:08.0924 5080 Browser - ok 13:36:08.0936 5080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:36:08.0939 5080 Brserid - ok 13:36:08.0943 5080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:36:08.0944 5080 BrSerWdm - ok 13:36:08.0948 5080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:36:08.0949 5080 BrUsbMdm - ok 13:36:08.0953 5080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:36:08.0954 5080 BrUsbSer - ok 13:36:09.0007 5080 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 13:36:09.0044 5080 BrYNSvc - ok 13:36:09.0047 5080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 13:36:09.0048 5080 BTHMODEM - ok 13:36:09.0060 5080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 13:36:09.0061 5080 bthserv - ok 13:36:09.0074 5080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:36:09.0075 5080 cdfs - ok 13:36:09.0095 5080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:36:09.0125 5080 cdrom - ok 13:36:09.0144 5080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 13:36:09.0145 5080 CertPropSvc - ok 13:36:09.0178 5080 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys 13:36:09.0179 5080 cfwids - ok 13:36:09.0199 5080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 13:36:09.0200 5080 circlass - ok 13:36:09.0224 5080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 13:36:09.0227 5080 CLFS - ok 13:36:09.0270 5080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:36:09.0273 5080 clr_optimization_v2.0.50727_32 - ok 13:36:09.0304 5080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:36:09.0309 5080 clr_optimization_v2.0.50727_64 - ok 13:36:09.0356 5080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:36:09.0391 5080 clr_optimization_v4.0.30319_32 - ok 13:36:09.0403 5080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:36:09.0439 5080 clr_optimization_v4.0.30319_64 - ok 13:36:09.0442 5080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:36:09.0443 5080 CmBatt - ok 13:36:09.0462 5080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:36:09.0465 5080 cmdide - ok 13:36:09.0487 5080 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 13:36:09.0491 5080 CNG - ok 13:36:09.0501 5080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:36:09.0505 5080 Compbatt - ok 13:36:09.0526 5080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 13:36:09.0560 5080 CompositeBus - ok 13:36:09.0568 5080 COMSysApp - ok 13:36:09.0582 5080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 13:36:09.0583 5080 crcdisk - ok 13:36:09.0609 5080 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:36:09.0611 5080 CryptSvc - ok 13:36:09.0644 5080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:36:09.0661 5080 DcomLaunch - ok 13:36:09.0679 5080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 13:36:09.0683 5080 defragsvc - ok 13:36:09.0713 5080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:36:09.0714 5080 DfsC - ok 13:36:09.0750 5080 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 13:36:09.0751 5080 dg_ssudbus - ok 13:36:09.0777 5080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 13:36:09.0778 5080 Dhcp - ok 13:36:09.0786 5080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 13:36:09.0787 5080 discache - ok 13:36:09.0806 5080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 13:36:09.0807 5080 Disk - ok 13:36:09.0841 5080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:36:09.0843 5080 Dnscache - ok 13:36:09.0874 5080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:36:09.0899 5080 dot3svc - ok 13:36:09.0920 5080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 13:36:09.0922 5080 DPS - ok 13:36:09.0950 5080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:36:09.0954 5080 drmkaud - ok 13:36:09.0994 5080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:36:10.0020 5080 DXGKrnl - ok 13:36:10.0032 5080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 13:36:10.0037 5080 EapHost - ok 13:36:10.0101 5080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 13:36:10.0148 5080 ebdrv - ok 13:36:10.0165 5080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 13:36:10.0166 5080 EFS - ok 13:36:10.0215 5080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:36:10.0264 5080 ehRecvr - ok 13:36:10.0279 5080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 13:36:10.0282 5080 ehSched - ok 13:36:10.0307 5080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 13:36:10.0312 5080 elxstor - ok 13:36:10.0328 5080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:36:10.0329 5080 ErrDev - ok 13:36:10.0354 5080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 13:36:10.0358 5080 EventSystem - ok 13:36:10.0367 5080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 13:36:10.0369 5080 exfat - ok 13:36:10.0380 5080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:36:10.0384 5080 fastfat - ok 13:36:10.0423 5080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 13:36:10.0456 5080 Fax - ok 13:36:10.0469 5080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:36:10.0470 5080 fdc - ok 13:36:10.0480 5080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 13:36:10.0483 5080 fdPHost - ok 13:36:10.0490 5080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 13:36:10.0491 5080 FDResPub - ok 13:36:10.0501 5080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:36:10.0502 5080 FileInfo - ok 13:36:10.0515 5080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:36:10.0516 5080 Filetrace - ok 13:36:10.0529 5080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:36:10.0531 5080 flpydisk - ok 13:36:10.0558 5080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:36:10.0561 5080 FltMgr - ok 13:36:10.0594 5080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 13:36:10.0634 5080 FontCache - ok 13:36:10.0678 5080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:36:10.0713 5080 FontCache3.0.0.0 - ok 13:36:10.0718 5080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:36:10.0720 5080 FsDepends - ok 13:36:10.0739 5080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:36:10.0740 5080 Fs_Rec - ok 13:36:10.0760 5080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:36:10.0763 5080 fvevol - ok 13:36:10.0769 5080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 13:36:10.0773 5080 gagp30kx - ok 13:36:10.0808 5080 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 13:36:10.0842 5080 ggflt - ok 13:36:10.0868 5080 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 13:36:10.0901 5080 ggsemc - ok 13:36:10.0931 5080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 13:36:10.0946 5080 gpsvc - ok 13:36:11.0024 5080 GPU-Z - ok 13:36:11.0037 5080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:36:11.0039 5080 hcw85cir - ok 13:36:11.0079 5080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:36:11.0118 5080 HdAudAddService - ok 13:36:11.0143 5080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:36:11.0144 5080 HDAudBus - ok 13:36:11.0147 5080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 13:36:11.0149 5080 HidBatt - ok 13:36:11.0154 5080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 13:36:11.0155 5080 HidBth - ok 13:36:11.0170 5080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 13:36:11.0171 5080 HidIr - ok 13:36:11.0193 5080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 13:36:11.0194 5080 hidserv - ok 13:36:11.0222 5080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:36:11.0254 5080 HidUsb - ok 13:36:11.0275 5080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:36:11.0276 5080 hkmsvc - ok 13:36:11.0303 5080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:36:11.0327 5080 HomeGroupListener - ok 13:36:11.0348 5080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:36:11.0351 5080 HomeGroupProvider - ok 13:36:11.0360 5080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:36:11.0394 5080 HpSAMD - ok 13:36:11.0426 5080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:36:11.0444 5080 HTTP - ok 13:36:11.0465 5080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:36:11.0466 5080 hwpolicy - ok 13:36:11.0526 5080 [ EA644A529809D2218C0D7062582DD4DD ] HyperDeskCustomThemeEnabler C:\Windows\Installer\MSI8673.tmp 13:36:11.0527 5080 HyperDeskCustomThemeEnabler - ok 13:36:11.0552 5080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 13:36:11.0556 5080 i8042prt - ok 13:36:11.0615 5080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:36:11.0636 5080 iaStorV - ok 13:36:11.0736 5080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:36:11.0789 5080 idsvc - ok 13:36:11.0803 5080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 13:36:11.0807 5080 iirsp - ok 13:36:11.0830 5080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 13:36:11.0845 5080 IKEEXT - ok 13:36:11.0854 5080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 13:36:11.0855 5080 intelide - ok 13:36:11.0879 5080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:36:11.0882 5080 intelppm - ok 13:36:11.0896 5080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:36:11.0897 5080 IPBusEnum - ok 13:36:11.0919 5080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:36:11.0949 5080 IpFilterDriver - ok 13:36:11.0977 5080 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:36:12.0004 5080 iphlpsvc - ok 13:36:12.0025 5080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:36:12.0027 5080 IPMIDRV - ok 13:36:12.0044 5080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:36:12.0047 5080 IPNAT - ok 13:36:12.0066 5080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:36:12.0068 5080 IRENUM - ok 13:36:12.0079 5080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:36:12.0082 5080 isapnp - ok 13:36:12.0110 5080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:36:12.0143 5080 iScsiPrt - ok 13:36:12.0175 5080 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 13:36:12.0177 5080 JRAID - ok 13:36:12.0188 5080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:36:12.0192 5080 kbdclass - ok 13:36:12.0202 5080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:36:12.0236 5080 kbdhid - ok 13:36:12.0248 5080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 13:36:12.0249 5080 KeyIso - ok 13:36:12.0274 5080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:36:12.0299 5080 KSecDD - ok 13:36:12.0319 5080 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:36:12.0321 5080 KSecPkg - ok 13:36:12.0334 5080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:36:12.0335 5080 ksthunk - ok 13:36:12.0356 5080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 13:36:12.0361 5080 KtmRm - ok 13:36:12.0385 5080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 13:36:12.0389 5080 LanmanServer - ok 13:36:12.0414 5080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:36:12.0417 5080 LanmanWorkstation - ok 13:36:12.0451 5080 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys 13:36:12.0483 5080 LGBusEnum - ok 13:36:12.0508 5080 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys 13:36:12.0508 5080 LGVirHid - ok 13:36:12.0522 5080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:36:12.0523 5080 lltdio - ok 13:36:12.0552 5080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:36:12.0554 5080 lltdsvc - ok 13:36:12.0564 5080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:36:12.0568 5080 lmhosts - ok 13:36:12.0597 5080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 13:36:12.0599 5080 LSI_FC - ok 13:36:12.0611 5080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 13:36:12.0613 5080 LSI_SAS - ok 13:36:12.0630 5080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:36:12.0632 5080 LSI_SAS2 - ok 13:36:12.0645 5080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:36:12.0649 5080 LSI_SCSI - ok 13:36:12.0686 5080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 13:36:12.0687 5080 luafv - ok 13:36:12.0713 5080 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 13:36:12.0714 5080 MBAMProtector - ok 13:36:12.0790 5080 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 13:36:12.0792 5080 MBAMScheduler - ok 13:36:12.0831 5080 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 13:36:12.0834 5080 MBAMService - ok 13:36:12.0914 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 13:36:12.0915 5080 McMPFSvc - ok 13:36:12.0921 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 13:36:12.0923 5080 mcmscsvc - ok 13:36:12.0939 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 13:36:12.0941 5080 McNaiAnn - ok 13:36:12.0956 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 13:36:12.0958 5080 McNASvc - ok 13:36:13.0016 5080 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 13:36:13.0018 5080 McODS - ok 13:36:13.0033 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 13:36:13.0034 5080 McProxy - ok 13:36:13.0070 5080 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 13:36:13.0103 5080 McShield - ok 13:36:13.0129 5080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:36:13.0155 5080 Mcx2Svc - ok 13:36:13.0172 5080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 13:36:13.0173 5080 megasas - ok 13:36:13.0193 5080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 13:36:13.0197 5080 MegaSR - ok 13:36:13.0218 5080 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 13:36:13.0220 5080 mfeapfk - ok 13:36:13.0232 5080 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 13:36:13.0266 5080 mfeavfk - ok 13:36:13.0288 5080 mfeavfk01 - ok 13:36:13.0295 5080 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 13:36:13.0328 5080 mfefire - ok 13:36:13.0358 5080 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 13:36:13.0362 5080 mfefirek - ok 13:36:13.0390 5080 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 13:36:13.0404 5080 mfehidk - ok 13:36:13.0423 5080 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys 13:36:13.0454 5080 mfenlfk - ok 13:36:13.0467 5080 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 13:36:13.0469 5080 mferkdet - ok 13:36:13.0495 5080 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe 13:36:13.0496 5080 mfevtp - ok 13:36:13.0520 5080 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 13:36:13.0523 5080 mfewfpk - ok 13:36:13.0542 5080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 13:36:13.0544 5080 MMCSS - ok 13:36:13.0562 5080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 13:36:13.0564 5080 Modem - ok 13:36:13.0583 5080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:36:13.0584 5080 monitor - ok 13:36:13.0612 5080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:36:13.0615 5080 mouclass - ok 13:36:13.0624 5080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:36:13.0625 5080 mouhid - ok 13:36:13.0646 5080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:36:13.0648 5080 mountmgr - ok 13:36:13.0694 5080 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:36:13.0696 5080 MozillaMaintenance - ok 13:36:13.0716 5080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 13:36:13.0718 5080 mpio - ok 13:36:13.0737 5080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:36:13.0742 5080 mpsdrv - ok 13:36:13.0781 5080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:36:13.0797 5080 MpsSvc - ok 13:36:13.0817 5080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:36:13.0852 5080 MRxDAV - ok 13:36:13.0874 5080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:36:13.0876 5080 mrxsmb - ok 13:36:13.0900 5080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:36:13.0904 5080 mrxsmb10 - ok 13:36:13.0911 5080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:36:13.0913 5080 mrxsmb20 - ok 13:36:13.0924 5080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 13:36:13.0925 5080 msahci - ok 13:36:13.0950 5080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:36:13.0987 5080 msdsm - ok 13:36:14.0001 5080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 13:36:14.0006 5080 MSDTC - ok 13:36:14.0030 5080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:36:14.0031 5080 Msfs - ok 13:36:14.0058 5080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:36:14.0058 5080 mshidkmdf - ok 13:36:14.0079 5080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:36:14.0080 5080 msisadrv - ok 13:36:14.0100 5080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:36:14.0101 5080 MSiSCSI - ok 13:36:14.0105 5080 msiserver - ok 13:36:14.0122 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 13:36:14.0124 5080 MSK80Service - ok 13:36:14.0155 5080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:36:14.0156 5080 MSKSSRV - ok 13:36:14.0159 5080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:36:14.0160 5080 MSPCLOCK - ok 13:36:14.0164 5080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:36:14.0166 5080 MSPQM - ok 13:36:14.0192 5080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:36:14.0196 5080 MsRPC - ok 13:36:14.0208 5080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 13:36:14.0209 5080 mssmbios - ok 13:36:14.0222 5080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:36:14.0223 5080 MSTEE - ok 13:36:14.0225 5080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 13:36:14.0228 5080 MTConfig - ok 13:36:14.0258 5080 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 13:36:14.0259 5080 MTsensor - ok 13:36:14.0275 5080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 13:36:14.0276 5080 Mup - ok 13:36:14.0302 5080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 13:36:14.0307 5080 napagent - ok 13:36:14.0338 5080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:36:14.0341 5080 NativeWifiP - ok 13:36:14.0378 5080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:36:14.0393 5080 NDIS - ok 13:36:14.0406 5080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:36:14.0407 5080 NdisCap - ok 13:36:14.0429 5080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:36:14.0431 5080 NdisTapi - ok 13:36:14.0462 5080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:36:14.0492 5080 Ndisuio - ok 13:36:14.0519 5080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:36:14.0552 5080 NdisWan - ok 13:36:14.0573 5080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:36:14.0604 5080 NDProxy - ok 13:36:14.0615 5080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:36:14.0616 5080 NetBIOS - ok 13:36:14.0638 5080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:36:14.0640 5080 NetBT - ok 13:36:14.0648 5080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 13:36:14.0649 5080 Netlogon - ok 13:36:14.0683 5080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 13:36:14.0687 5080 Netman - ok 13:36:14.0733 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:36:14.0735 5080 NetMsmqActivator - ok 13:36:14.0738 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:36:14.0739 5080 NetPipeActivator - ok 13:36:14.0756 5080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 13:36:14.0758 5080 netprofm - ok 13:36:14.0762 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:36:14.0763 5080 NetTcpActivator - ok 13:36:14.0766 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 13:36:14.0766 5080 NetTcpPortSharing - ok 13:36:14.0788 5080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 13:36:14.0791 5080 nfrd960 - ok 13:36:14.0809 5080 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:36:14.0834 5080 NlaSvc - ok 13:36:14.0840 5080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:36:14.0841 5080 Npfs - ok 13:36:14.0855 5080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 13:36:14.0857 5080 nsi - ok 13:36:14.0868 5080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:36:14.0869 5080 nsiproxy - ok 13:36:14.0914 5080 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:36:14.0940 5080 Ntfs - ok 13:36:14.0948 5080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 13:36:14.0948 5080 Null - ok 13:36:14.0989 5080 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 13:36:15.0021 5080 NVHDA - ok 13:36:15.0239 5080 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 13:36:15.0442 5080 nvlddmkm - ok 13:36:15.0462 5080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:36:15.0494 5080 nvraid - ok 13:36:15.0530 5080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:36:15.0533 5080 nvstor - ok 13:36:15.0592 5080 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 13:36:15.0599 5080 nvsvc - ok 13:36:15.0650 5080 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 13:36:15.0656 5080 nvUpdatusService - ok 13:36:15.0687 5080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:36:15.0689 5080 nv_agp - ok 13:36:15.0712 5080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:36:15.0716 5080 ohci1394 - ok 13:36:15.0737 5080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:36:15.0742 5080 p2pimsvc - ok 13:36:15.0758 5080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 13:36:15.0764 5080 p2psvc - ok 13:36:15.0781 5080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 13:36:15.0782 5080 Parport - ok 13:36:15.0810 5080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:36:15.0812 5080 partmgr - ok 13:36:15.0823 5080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:36:15.0827 5080 PcaSvc - ok 13:36:15.0845 5080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 13:36:15.0847 5080 pci - ok 13:36:15.0859 5080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 13:36:15.0860 5080 pciide - ok 13:36:15.0875 5080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 13:36:15.0877 5080 pcmcia - ok 13:36:15.0895 5080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 13:36:15.0896 5080 pcw - ok 13:36:15.0915 5080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:36:15.0928 5080 PEAUTH - ok 13:36:15.0970 5080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:36:15.0973 5080 PerfHost - ok 13:36:16.0023 5080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 13:36:16.0051 5080 pla - ok 13:36:16.0095 5080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:36:16.0098 5080 PlugPlay - ok 13:36:16.0120 5080 PnkBstrA - ok 13:36:16.0134 5080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:36:16.0139 5080 PNRPAutoReg - ok 13:36:16.0154 5080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:36:16.0159 5080 PNRPsvc - ok 13:36:16.0175 5080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:36:16.0177 5080 PolicyAgent - ok 13:36:16.0202 5080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 13:36:16.0206 5080 Power - ok 13:36:16.0232 5080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:36:16.0233 5080 PptpMiniport - ok 13:36:16.0242 5080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 13:36:16.0243 5080 Processor - ok 13:36:16.0267 5080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 13:36:16.0270 5080 ProfSvc - ok 13:36:16.0281 5080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:36:16.0282 5080 ProtectedStorage - ok 13:36:16.0309 5080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:36:16.0310 5080 Psched - ok 13:36:16.0351 5080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 13:36:16.0376 5080 ql2300 - ok 13:36:16.0387 5080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 13:36:16.0390 5080 ql40xx - ok 13:36:16.0403 5080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 13:36:16.0407 5080 QWAVE - ok 13:36:16.0416 5080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:36:16.0417 5080 QWAVEdrv - ok 13:36:16.0425 5080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:36:16.0426 5080 RasAcd - ok 13:36:16.0438 5080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:36:16.0440 5080 RasAgileVpn - ok 13:36:16.0454 5080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 13:36:16.0459 5080 RasAuto - ok 13:36:16.0468 5080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:36:16.0469 5080 Rasl2tp - ok 13:36:16.0486 5080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 13:36:16.0489 5080 RasMan - ok 13:36:16.0496 5080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:36:16.0497 5080 RasPppoe - ok 13:36:16.0507 5080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:36:16.0509 5080 RasSstp - ok 13:36:16.0530 5080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:36:16.0534 5080 rdbss - ok 13:36:16.0547 5080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 13:36:16.0550 5080 rdpbus - ok 13:36:16.0559 5080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:36:16.0560 5080 RDPCDD - ok 13:36:16.0581 5080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:36:16.0582 5080 RDPENCDD - ok 13:36:16.0589 5080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:36:16.0591 5080 RDPREFMP - ok 13:36:16.0634 5080 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 13:36:16.0636 5080 RdpVideoMiniport - ok 13:36:16.0656 5080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:36:16.0696 5080 RDPWD - ok 13:36:16.0731 5080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:36:16.0756 5080 rdyboost - ok 13:36:16.0778 5080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:36:16.0781 5080 RemoteAccess - ok 13:36:16.0790 5080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:36:16.0793 5080 RemoteRegistry - ok 13:36:16.0809 5080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:36:16.0811 5080 RpcEptMapper - ok 13:36:16.0828 5080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 13:36:16.0829 5080 RpcLocator - ok 13:36:16.0860 5080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 13:36:16.0863 5080 RpcSs - ok 13:36:16.0871 5080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:36:16.0873 5080 rspndr - ok 13:36:16.0903 5080 [ DDC0CEE273C7BF3E66A70F776A4F6E8C ] SaiK0DC5 C:\Windows\system32\DRIVERS\SaiK0DC5.sys 13:36:16.0906 5080 SaiK0DC5 - ok 13:36:16.0940 5080 [ 08D41F2633FC330749ABA842259483F8 ] SaiKF622 C:\Windows\system32\DRIVERS\SaiKF622.sys 13:36:16.0941 5080 SaiKF622 - ok 13:36:16.0956 5080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 13:36:16.0957 5080 SamSs - ok 13:36:16.0981 5080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:36:17.0025 5080 sbp2port - ok 13:36:17.0039 5080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:36:17.0041 5080 SCardSvr - ok 13:36:17.0065 5080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:36:17.0066 5080 scfilter - ok 13:36:17.0099 5080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 13:36:17.0105 5080 Schedule - ok 13:36:17.0127 5080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:36:17.0128 5080 SCPolicySvc - ok 13:36:17.0147 5080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:36:17.0171 5080 SDRSVC - ok 13:36:17.0189 5080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:36:17.0190 5080 secdrv - ok 13:36:17.0205 5080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 13:36:17.0231 5080 seclogon - ok 13:36:17.0238 5080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 13:36:17.0240 5080 SENS - ok 13:36:17.0251 5080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:36:17.0254 5080 SensrSvc - ok 13:36:17.0263 5080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:36:17.0264 5080 Serenum - ok 13:36:17.0279 5080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:36:17.0281 5080 Serial - ok 13:36:17.0296 5080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 13:36:17.0297 5080 sermouse - ok 13:36:17.0323 5080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 13:36:17.0349 5080 SessionEnv - ok 13:36:17.0374 5080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:36:17.0374 5080 sffdisk - ok 13:36:17.0387 5080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:36:17.0388 5080 sffp_mmc - ok 13:36:17.0401 5080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:36:17.0402 5080 sffp_sd - ok 13:36:17.0405 5080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 13:36:17.0406 5080 sfloppy - ok 13:36:17.0434 5080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:36:17.0438 5080 SharedAccess - ok 13:36:17.0465 5080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:36:17.0467 5080 ShellHWDetection - ok 13:36:17.0498 5080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:36:17.0499 5080 SiSRaid2 - ok 13:36:17.0509 5080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 13:36:17.0513 5080 SiSRaid4 - ok 13:36:17.0521 5080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:36:17.0523 5080 Smb - ok 13:36:17.0549 5080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:36:17.0550 5080 SNMPTRAP - ok 13:36:17.0575 5080 Sony PC Companion - ok 13:36:17.0604 5080 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys 13:36:17.0606 5080 speedfan - ok 13:36:17.0617 5080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 13:36:17.0618 5080 spldr - ok 13:36:17.0646 5080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 13:36:17.0649 5080 Spooler - ok 13:36:17.0712 5080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 13:36:17.0726 5080 sppsvc - ok 13:36:17.0742 5080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:36:17.0744 5080 sppuinotify - ok 13:36:17.0751 5080 sptd - ok 13:36:17.0776 5080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 13:36:17.0808 5080 srv - ok 13:36:17.0836 5080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:36:17.0840 5080 srv2 - ok 13:36:17.0853 5080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:36:17.0855 5080 srvnet - ok 13:36:17.0876 5080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:36:17.0878 5080 SSDPSRV - ok 13:36:17.0886 5080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:36:17.0889 5080 SstpSvc - ok 13:36:17.0928 5080 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe 13:36:17.0930 5080 StarWindServiceAE - ok 13:36:17.0949 5080 Steam Client Service - ok 13:36:18.0002 5080 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 13:36:18.0004 5080 Stereo Service - ok 13:36:18.0016 5080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 13:36:18.0018 5080 stexstor - ok 13:36:18.0059 5080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 13:36:18.0064 5080 stisvc - ok 13:36:18.0091 5080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 13:36:18.0094 5080 swenum - ok 13:36:18.0124 5080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 13:36:18.0130 5080 swprv - ok 13:36:18.0176 5080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 13:36:18.0210 5080 SysMain - ok 13:36:18.0232 5080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:36:18.0234 5080 TabletInputService - ok 13:36:18.0262 5080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:36:18.0264 5080 TapiSrv - ok 13:36:18.0277 5080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 13:36:18.0280 5080 TBS - ok 13:36:18.0337 5080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:36:18.0371 5080 Tcpip - ok 13:36:18.0414 5080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:36:18.0422 5080 TCPIP6 - ok 13:36:18.0444 5080 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:36:18.0475 5080 tcpipreg - ok 13:36:18.0491 5080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:36:18.0492 5080 TDPIPE - ok 13:36:18.0517 5080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:36:18.0518 5080 TDTCP - ok 13:36:18.0550 5080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:36:18.0551 5080 tdx - ok 13:36:18.0560 5080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 13:36:18.0561 5080 TermDD - ok 13:36:18.0596 5080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 13:36:18.0625 5080 TermService - ok 13:36:18.0636 5080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 13:36:18.0637 5080 Themes - ok 13:36:18.0658 5080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 13:36:18.0660 5080 THREADORDER - ok 13:36:18.0673 5080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 13:36:18.0676 5080 TrkWks - ok 13:36:18.0713 5080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:36:18.0744 5080 TrustedInstaller - ok 13:36:18.0763 5080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:36:18.0794 5080 tssecsrv - ok 13:36:18.0812 5080 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:36:18.0844 5080 TsUsbFlt - ok 13:36:18.0882 5080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:36:18.0914 5080 tunnel - ok 13:36:18.0924 5080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 13:36:18.0927 5080 uagp35 - ok 13:36:18.0951 5080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:36:18.0984 5080 udfs - ok 13:36:18.0994 5080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:36:18.0998 5080 UI0Detect - ok 13:36:19.0017 5080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:36:19.0019 5080 uliagpkx - ok 13:36:19.0057 5080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 13:36:19.0088 5080 umbus - ok 13:36:19.0099 5080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 13:36:19.0100 5080 UmPass - ok 13:36:19.0122 5080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 13:36:19.0126 5080 upnphost - ok 13:36:19.0143 5080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:36:19.0175 5080 usbccgp - ok 13:36:19.0200 5080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:36:19.0203 5080 usbcir - ok 13:36:19.0210 5080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:36:19.0242 5080 usbehci - ok 13:36:19.0265 5080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:36:19.0297 5080 usbhub - ok 13:36:19.0304 5080 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 13:36:19.0307 5080 usbohci - ok 13:36:19.0327 5080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:36:19.0328 5080 usbprint - ok 13:36:19.0357 5080 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 13:36:19.0360 5080 usbscan - ok 13:36:19.0381 5080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:36:19.0383 5080 USBSTOR - ok 13:36:19.0401 5080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 13:36:19.0402 5080 usbuhci - ok 13:36:19.0416 5080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 13:36:19.0418 5080 UxSms - ok 13:36:19.0424 5080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 13:36:19.0425 5080 VaultSvc - ok 13:36:19.0432 5080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:36:19.0433 5080 vdrvroot - ok 13:36:19.0462 5080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 13:36:19.0465 5080 vds - ok 13:36:19.0473 5080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:36:19.0474 5080 vga - ok 13:36:19.0482 5080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 13:36:19.0486 5080 VgaSave - ok 13:36:19.0496 5080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:36:19.0498 5080 vhdmp - ok 13:36:19.0513 5080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 13:36:19.0514 5080 viaide - ok 13:36:19.0524 5080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:36:19.0525 5080 volmgr - ok 13:36:19.0556 5080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:36:19.0559 5080 volmgrx - ok 13:36:19.0586 5080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:36:19.0590 5080 volsnap - ok 13:36:19.0612 5080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 13:36:19.0619 5080 vsmraid - ok 13:36:19.0669 5080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 13:36:19.0677 5080 VSS - ok 13:36:19.0687 5080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 13:36:19.0689 5080 vwifibus - ok 13:36:19.0709 5080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 13:36:19.0714 5080 W32Time - ok 13:36:19.0726 5080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 13:36:19.0730 5080 WacomPen - ok 13:36:19.0752 5080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:36:19.0754 5080 WANARP - ok 13:36:19.0756 5080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:36:19.0757 5080 Wanarpv6 - ok 13:36:19.0803 5080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 13:36:19.0851 5080 wbengine - ok 13:36:19.0864 5080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:36:19.0866 5080 WbioSrvc - ok 13:36:19.0900 5080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:36:19.0903 5080 wcncsvc - ok 13:36:19.0914 5080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:36:19.0917 5080 WcsPlugInService - ok 13:36:19.0935 5080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 13:36:19.0936 5080 Wd - ok 13:36:19.0957 5080 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:36:19.0972 5080 Wdf01000 - ok 13:36:19.0981 5080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:36:19.0984 5080 WdiServiceHost - ok 13:36:19.0988 5080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:36:19.0990 5080 WdiSystemHost - ok 13:36:20.0065 5080 [ 5941B8AA229C6E5D7924919D3EDE0843 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 13:36:20.0067 5080 Web Assistant Updater - ok 13:36:20.0091 5080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 13:36:20.0093 5080 WebClient - ok 13:36:20.0144 5080 [ 688399FF25A4012AF16DA2E5C3DAF050 ] WebOptimizer C:\Windows\system32\dmwu.exe 13:36:20.0151 5080 WebOptimizer - ok 13:36:20.0167 5080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:36:20.0172 5080 Wecsvc - ok 13:36:20.0185 5080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:36:20.0187 5080 wercplsupport - ok 13:36:20.0205 5080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 13:36:20.0207 5080 WerSvc - ok 13:36:20.0220 5080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:36:20.0220 5080 WfpLwf - ok 13:36:20.0237 5080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:36:20.0237 5080 WIMMount - ok 13:36:20.0240 5080 WinDefend - ok 13:36:20.0256 5080 WinHttpAutoProxySvc - ok 13:36:20.0300 5080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:36:20.0304 5080 Winmgmt - ok 13:36:20.0358 5080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 13:36:20.0390 5080 WinRM - ok 13:36:20.0433 5080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 13:36:20.0464 5080 WinUsb - ok 13:36:20.0479 5080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 13:36:20.0483 5080 Wlansvc - ok 13:36:20.0567 5080 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:36:20.0602 5080 wlidsvc - ok 13:36:20.0641 5080 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys 13:36:20.0642 5080 WmBEnum - ok 13:36:20.0678 5080 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys 13:36:20.0679 5080 WmFilter - ok 13:36:20.0709 5080 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys 13:36:20.0710 5080 WmHidLo - ok 13:36:20.0732 5080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:36:20.0733 5080 WmiAcpi - ok 13:36:20.0745 5080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:36:20.0750 5080 wmiApSrv - ok 13:36:20.0782 5080 WMPNetworkSvc - ok 13:36:20.0805 5080 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys 13:36:20.0842 5080 WmVirHid - ok 13:36:20.0853 5080 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys 13:36:20.0887 5080 WmXlCore - ok 13:36:20.0902 5080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:36:20.0903 5080 WPCSvc - ok 13:36:20.0925 5080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:36:20.0949 5080 WPDBusEnum - ok 13:36:20.0971 5080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:36:20.0972 5080 ws2ifsl - ok 13:36:20.0986 5080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 13:36:20.0990 5080 wscsvc - ok 13:36:20.0992 5080 WSearch - ok 13:36:21.0049 5080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:36:21.0092 5080 wuauserv - ok 13:36:21.0112 5080 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:36:21.0144 5080 WudfPf - ok 13:36:21.0167 5080 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:36:21.0198 5080 WUDFRd - ok 13:36:21.0215 5080 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:36:21.0217 5080 wudfsvc - ok 13:36:21.0228 5080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 13:36:21.0231 5080 WwanSvc - ok 13:36:21.0262 5080 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 13:36:21.0295 5080 yukonw7 - ok 13:36:21.0299 5080 ================ Scan global =============================== 13:36:21.0315 5080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 13:36:21.0343 5080 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 13:36:21.0350 5080 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 13:36:21.0371 5080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 13:36:21.0388 5080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 13:36:21.0390 5080 [Global] - ok 13:36:21.0391 5080 ================ Scan MBR ================================== 13:36:21.0399 5080 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:36:21.0585 5080 \Device\Harddisk0\DR0 - ok 13:36:21.0585 5080 ================ Scan VBR ================================== 13:36:21.0588 5080 [ DFD7F29A6CFB77622E1AE756A8A09931 ] \Device\Harddisk0\DR0\Partition1 13:36:21.0589 5080 \Device\Harddisk0\DR0\Partition1 - ok 13:36:21.0599 5080 [ 0AA0BC5BC062B3DB3A16F2E92931D8F5 ] \Device\Harddisk0\DR0\Partition2 13:36:21.0600 5080 \Device\Harddisk0\DR0\Partition2 - ok 13:36:21.0601 5080 ============================================================ 13:36:21.0601 5080 Scan finished 13:36:21.0601 5080 ============================================================ 13:36:21.0606 5660 Detected object count: 0 13:36:21.0606 5660 Actual detected object count: 0 thx |
|
28.10.2012, 14:00
| #7 | |
| /// TB-Ausbilder | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Servus, du bist immer noch mit Malware infiziert... und zwar seit mindestens Anfang Oktober. Wird Zeit, dass wir deinen Rechner erst mal bereinigen. Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste mit deiner nächsten Antwort
|
|
28.10.2012, 14:27
| #8 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Schritt 1+2 Software ohne Probleme deinstalliert. ADW Cleaner wollte erst nach einem manuellen Neustart starten. logfile dazu # AdwCleaner v2.005 - Datei am 28/10/2012 um 14:23:44 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Michpal - MICHPAL-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Michpal\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Michpal\AppData\Local\Temp\Searchqu.ini Datei Gelöscht : C:\Users\Michpal\AppData\Local\Temp\searchqutoolbar-manifest.xml Datei Gelöscht : C:\Users\Michpal\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\Codecv Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Users\Michpal\AppData\Local\Ilivid Player Ordner Gelöscht : C:\Users\Michpal\AppData\Local\OpenCandy Ordner Gelöscht : C:\Users\Michpal\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Michpal\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Michpal\AppData\Roaming\Toolplugin ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\StartSearch Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Schlüssel Gelöscht : HKLM\Software\Web Assistant Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v14.0.1 (de) Profilname : default Datei : C:\Users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\prefs.js Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...] Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...] Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[S2].txt - [5642 octets] - [28/10/2012 14:23:44] ########## EOF - C:\AdwCleaner[S2].txt - [5702 octets] ########## Combofix Logfile: Code:
ATTFilter ComboFix 12-10-26.05 - Michpal 28.10.2012 14:32:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6153 [GMT 1:00]
ausgeführt von:: c:\users\Michpal\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kp_0loor.pad
c:\users\Michpal\AppData\Local\Microsoft\Windows\Temporary Internet Files\logo-gamesrocket-gold.png
c:\users\Michpal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Webradio.gadget
c:\users\Michpal\AppData\Roaming\AcroIEHelpe.txt
c:\users\Michpal\AppData\Roaming\AcroIEHelpe220.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe219.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe220.dll
c:\users\Michpal\AppData\Roaming\p8jmn4dj.default.tmp
c:\users\Michpal\AppData\Roaming\srvblck5.tmp
c:\windows\SysWow64\tmp15E9.tmp
c:\windows\SysWow64\tmp15EA.tmp
c:\windows\SysWow64\tmp3E38.tmp
c:\windows\SysWow64\tmp3E39.tmp
c:\windows\SysWow64\tmp8B6D.tmp
c:\windows\SysWow64\tmp8BEB.tmp
c:\windows\SysWow64\tmpBA10.tmp
c:\windows\SysWow64\tmpBA11.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-28 bis 2012-10-28 ))))))))))))))))))))))))))))))
.
.
2012-10-28 14:03 . 2012-10-28 14:03 -------- d-----w- c:\users\UpdatusUser.Michpal-PC\AppData\Local\temp
2012-10-27 21:51 . 2012-10-27 21:51 -------- d-----w- c:\users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51 . 2012-10-27 21:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-27 21:51 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 21:51 . 2012-10-27 21:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 18:42 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-27 18:42 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-27 18:42 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-27 18:42 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-27 18:09 . 2012-10-27 18:09 -------- d-----w- c:\users\UpdatusUser.Michpal-PC.000
2012-10-27 18:07 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-27 18:07 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-27 18:07 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-27 18:07 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-27 18:07 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-27 18:07 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-27 18:07 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-27 18:07 . 2012-10-27 18:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-22 19:29 . 2012-10-22 19:29 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.034
2012-10-17 18:21 . 2012-10-17 18:21 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.033
2012-10-17 12:40 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:54 . 2012-10-16 14:54 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.031
2012-10-16 14:53 . 2012-10-16 14:53 -------- d-----w- c:\users\Michpal\AppData\Local\Arktos
2012-10-15 18:29 . 2012-10-15 18:29 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.030
2012-10-10 18:31 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 18:31 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 18:31 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-10-10 18:30 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-10 18:30 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-10-10 18:30 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe
2012-10-10 18:30 . 2012-08-20 18:48 243200 ----a-w- c:\windows\system32\wow64.dll
2012-10-10 18:30 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-10-10 18:30 . 2012-10-10 18:30 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.029
2012-10-10 18:30 . 2012-08-20 17:38 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-10-10 18:30 . 2012-08-20 18:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-10-10 18:28 . 2012-08-20 17:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-10-10 18:25 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 18:25 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 18:22 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 18:22 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 18:22 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 18:22 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 18:21 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 18:21 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 18:21 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 18:21 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-08 16:58 . 2012-10-08 16:58 -------- d-----w- c:\users\Michpal\AppData\Roaming\Apple Computer
2012-10-08 13:21 . 2012-10-08 13:21 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-10-08 13:20 . 2012-10-08 13:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-08 13:20 . 2012-10-08 13:20 -------- d-----w- c:\programdata\Apple Computer
2012-10-05 14:14 . 2012-10-05 14:14 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.025
2012-10-04 15:03 . 2012-10-04 15:03 -------- d-----w- c:\users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52 . 2012-10-04 14:52 -------- d-----w- c:\program files\amBX
2012-10-04 14:52 . 2012-10-04 14:52 -------- d-----w- c:\program files (x86)\amBX
2012-10-04 14:50 . 2011-03-10 16:07 176136 ----a-w- c:\windows\system32\drivers\SaiK0DC5.sys
2012-10-02 20:51 . 2012-10-02 20:51 -------- d-----w- c:\users\Michpal\AppData\Roaming\14001.024
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 08:53 . 2012-10-02 08:53 -------- d-----w- c:\users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50 . 2012-10-02 08:50 -------- d-----w- c:\program files (x86)\The Skins Factory
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 20:03 . 2011-03-22 16:59 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03 . 2011-03-22 14:57 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03 . 2011-03-22 14:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01 . 2012-08-06 09:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01 . 2012-08-06 09:42 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 21:48 . 2011-03-22 06:48 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-13 13:26 . 2012-09-10 12:46 1259888 ----a-w- c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-10 12:46 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-07 17:42 . 2012-08-10 17:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42 . 2011-03-31 14:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-02 09:45 . 2012-09-02 09:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 09:45 . 2012-09-02 09:45 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-02 09:45 . 2012-09-02 09:45 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-02 09:45 . 2012-09-02 09:45 188904 ----a-w- c:\windows\system32\java.exe
2012-09-02 09:45 . 2012-08-10 17:41 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 09:45 . 2012-08-10 17:41 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 19:14 . 2012-09-21 16:58 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-30 19:14 . 2012-09-21 16:58 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-08-24 11:15 . 2012-09-22 07:39 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:39 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:39 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:39 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:39 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:39 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:39 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:39 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:39 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:39 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:39 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:39 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:39 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:39 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:39 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:39 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:20 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 18:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 14:33 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 14:33 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Illuminate.lnk - c:\program files (x86)\amBX\Illuminate\Illuminate.exe [2009-2-13 2559823]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-03-31 13352]
R3 GPU-Z;GPU-Z;c:\users\Michpal\AppData\Local\Temp\GPU-Z.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-10 140800]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 amBX Saitek HAL Service;amBX Saitek HAL Service;c:\program files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2011-02-10 310784]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI8673.tmp [2012-10-02 102400]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 SaiK0DC5;SaiK0DC5;c:\windows\system32\DRIVERS\SaiK0DC5.sys [2011-03-10 176136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-12-11 402720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\x64\amBXFxGen.exe" [2011-11-09 143360]
"amBX Daemon"="c:\program files\amBX\Control Panel\amBXDaemon.exe" [2011-06-10 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 122.49.77.1:80
IE: Free YouTube to MP3 Converter - c:\users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-imtazuvwobzvvzb - c:\programdata\imtazuvw.exe
Toolbar-10 - (no file)
AddRemove-BattlEye for A2 - d:\games\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-SEMC OMSI Module - c:\program files (x86)\Sony Ericsson\Update Engine\uninst.exe
AddRemove-{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1 - d:\games\Gilde\unins000.exe
AddRemove-UnityWebPlayer - c:\users\Michpal\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI8673.tmp\" -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,8b,64,24,94,4d,a7,87,0b,d9,70,40,73,f1,6f,49,36,53,3c,b3,0d,
01,79,0d,14,f9,a7,0d,d6,97,03,2e,80,35,b7,b3,c4,6e,db,c1,37,17,ff,a9,d3,25,\
"rkeysecu"=hex:96,70,13,0b,31,82,74,5e,0b,b9,c3,d5,c0,8e,a6,46
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
c:\program files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-28 15:16:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-28 14:16
.
Vor Suchlauf: 8.279.269.376 Bytes frei
Nach Suchlauf: 8.274.931.712 Bytes frei
.
- - End Of File - - 1ED1F24B4186C5706C89BB0CAB2A3F99
|
|
28.10.2012, 18:47
| #9 |
| /// TB-Ausbilder | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Servus, da hat ComboFix ja nochmal jede Menge Malware gelöscht. Aber wir müssen nochmal ran...  Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Folder::
c:\users\Michpal\AppData\Roaming\14001.034
c:\users\Michpal\AppData\Roaming\14001.033
c:\users\Michpal\AppData\Roaming\14001.031
c:\users\Michpal\AppData\Roaming\14001.030
c:\users\Michpal\AppData\Roaming\14001.029
c:\users\Michpal\AppData\Roaming\14001.025
c:\users\Michpal\AppData\Roaming\14001.024
DirLook::
c:\users\Michpal\AppData\Local\Arktos
c:\users\Michpal\AppData\Roaming\Skinux
DDS::
uInternet Settings,ProxyServer = 122.49.77.1:80
Wichtig:
|
|
28.10.2012, 20:22
| #10 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Combofix Logfile: Code:
ATTFilter ComboFix 12-10-26.05 - Michpal 28.10.2012 20:03:06.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6562 [GMT 1:00]
ausgeführt von:: c:\users\Michpal\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Michpal\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michpal\AppData\Roaming\14001.024
c:\users\Michpal\AppData\Roaming\14001.024\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.024\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.024\install.rdf
c:\users\Michpal\AppData\Roaming\14001.025
c:\users\Michpal\AppData\Roaming\14001.025\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.025\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.025\install.rdf
c:\users\Michpal\AppData\Roaming\14001.029
c:\users\Michpal\AppData\Roaming\14001.029\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.029\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.029\install.rdf
c:\users\Michpal\AppData\Roaming\14001.030
c:\users\Michpal\AppData\Roaming\14001.030\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.030\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.030\install.rdf
c:\users\Michpal\AppData\Roaming\14001.031
c:\users\Michpal\AppData\Roaming\14001.031\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.031\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.031\install.rdf
c:\users\Michpal\AppData\Roaming\14001.033
c:\users\Michpal\AppData\Roaming\14001.033\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.033\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.033\install.rdf
c:\users\Michpal\AppData\Roaming\14001.034
c:\users\Michpal\AppData\Roaming\14001.034\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.034\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.034\components\AcroFF034.dll
c:\users\Michpal\AppData\Roaming\14001.034\install.rdf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-28 bis 2012-10-28 ))))))))))))))))))))))))))))))
.
.
2012-10-28 19:10 . 2012-10-28 19:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-28 19:10 . 2012-10-28 19:10 -------- d-----w- c:\users\UpdatusUser.Michpal-PC\AppData\Local\temp
2012-10-28 19:10 . 2012-10-28 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 21:51 . 2012-10-27 21:51 -------- d-----w- c:\users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51 . 2012-10-27 21:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-27 21:51 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 21:51 . 2012-10-27 21:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 18:42 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-27 18:42 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-27 18:42 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-27 18:42 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-27 18:09 . 2012-10-27 18:09 -------- d-----w- c:\users\UpdatusUser.Michpal-PC.000
2012-10-27 18:07 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-27 18:07 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-27 18:07 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-27 18:07 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-27 18:07 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-27 18:07 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-27 18:07 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-27 18:07 . 2012-10-27 18:07 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-17 12:40 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:53 . 2012-10-16 14:53 -------- d-----w- c:\users\Michpal\AppData\Local\Arktos
2012-10-10 18:31 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 18:31 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 18:31 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30 . 2012-08-20 18:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-10-10 18:30 . 2012-08-20 18:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-10 18:30 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-10-10 18:30 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe
2012-10-10 18:30 . 2012-08-20 18:48 243200 ----a-w- c:\windows\system32\wow64.dll
2012-10-10 18:30 . 2012-08-20 17:37 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-10-10 18:30 . 2012-08-20 17:38 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-10-10 18:30 . 2012-08-20 18:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-10-10 18:28 . 2012-08-20 17:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-10-10 18:25 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 18:25 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 18:22 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 18:22 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 18:22 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 18:22 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 18:21 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 18:21 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 18:21 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 18:21 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-08 16:58 . 2012-10-08 16:58 -------- d-----w- c:\users\Michpal\AppData\Roaming\Apple Computer
2012-10-08 13:21 . 2012-10-08 13:21 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-10-08 13:20 . 2012-10-08 13:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-08 13:20 . 2012-10-08 13:20 -------- d-----w- c:\programdata\Apple Computer
2012-10-04 15:03 . 2012-10-04 15:03 -------- d-----w- c:\users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52 . 2012-10-04 14:52 -------- d-----w- c:\program files\amBX
2012-10-04 14:52 . 2012-10-04 14:52 -------- d-----w- c:\program files (x86)\amBX
2012-10-04 14:50 . 2011-03-10 16:07 176136 ----a-w- c:\windows\system32\drivers\SaiK0DC5.sys
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-10-02 08:53 . 2012-10-02 08:53 -------- d-----w- c:\users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50 . 2012-10-02 08:50 -------- d-----w- c:\program files (x86)\The Skins Factory
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 20:03 . 2011-03-22 16:59 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03 . 2011-03-22 14:57 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03 . 2011-03-22 14:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01 . 2012-08-06 09:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01 . 2012-08-06 09:42 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 21:48 . 2011-03-22 06:48 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-13 13:26 . 2012-09-10 12:46 1259888 ----a-w- c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-10 12:46 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-09-07 17:42 . 2012-08-10 17:48 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42 . 2011-03-31 14:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-02 09:45 . 2012-09-02 09:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 09:45 . 2012-09-02 09:45 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-02 09:45 . 2012-09-02 09:45 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-02 09:45 . 2012-09-02 09:45 188904 ----a-w- c:\windows\system32\java.exe
2012-09-02 09:45 . 2012-08-10 17:41 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 09:45 . 2012-08-10 17:41 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 19:14 . 2012-09-21 16:58 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-30 19:14 . 2012-09-21 16:58 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-08-24 11:15 . 2012-09-22 07:39 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:39 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:39 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:39 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:39 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:39 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:39 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:39 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:39 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:39 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:39 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:39 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:39 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:39 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:39 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:39 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:20 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 18:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 14:33 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 14:33 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Michpal\AppData\Local\Arktos ----
.
.
---- Directory of c:\users\Michpal\AppData\Roaming\Skinux ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Illuminate.lnk - c:\program files (x86)\amBX\Illuminate\Illuminate.exe [2009-2-13 2559823]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-03-31 13352]
R3 GPU-Z;GPU-Z;c:\users\Michpal\AppData\Local\Temp\GPU-Z.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-10 140800]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 amBX Saitek HAL Service;amBX Saitek HAL Service;c:\program files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2011-02-10 310784]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI8673.tmp [2012-10-02 102400]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 SaiK0DC5;SaiK0DC5;c:\windows\system32\DRIVERS\SaiK0DC5.sys [2011-03-10 176136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-12-11 402720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\x64\amBXFxGen.exe" [2011-11-09 143360]
"amBX Daemon"="c:\program files\amBX\Control Panel\amBXDaemon.exe" [2011-06-10 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
AddRemove-BattlEye for A2 - d:\games\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-SEMC OMSI Module - c:\program files (x86)\Sony Ericsson\Update Engine\uninst.exe
AddRemove-{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1 - d:\games\Gilde\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI8673.tmp\" -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,8b,64,24,94,4d,a7,87,0b,d9,70,40,73,f1,6f,49,36,53,3c,b3,0d,
01,79,0d,14,f9,a7,0d,d6,97,03,2e,80,35,b7,b3,c4,6e,db,c1,37,17,ff,a9,d3,25,\
"rkeysecu"=hex:96,70,13,0b,31,82,74,5e,0b,b9,c3,d5,c0,8e,a6,46
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-28 20:21:34
ComboFix-quarantined-files.txt 2012-10-28 19:21
ComboFix2.txt 2012-10-28 14:16
.
Vor Suchlauf: 9.161.367.552 Bytes frei
Nach Suchlauf: 8.950.484.992 Bytes frei
.
- - End Of File - - A6C5A101291E329D0AD72CE07738DC9D
|
|
29.10.2012, 09:30
| #11 |
| /// TB-Ausbilder | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Servus, bitte die folgenden Anleitung genau lesen und nichts auslassen! Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
c:\users\Michpal\AppData\Roaming /S
CREATERESTOREPOINT
|
|
29.10.2012, 14:36
| #12 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2012 14:26:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michpal\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,05% Memory free 14,00 Gb Paging File | 12,24 Gb Available in Paging File | 87,42% Paging File free Paging file location(s): C:\pagefile.sys 6142 6142 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 73,24 Gb Total Space | 8,00 Gb Free Space | 10,92% Space Free | Partition Type: NTFS Drive D: | 392,51 Gb Total Space | 135,23 Gb Free Space | 34,45% Space Free | Partition Type: NTFS Computer Name: MICHPAL-PC | User Name: Michpal | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - [2012.10.29 14:24:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michpal\Desktop\OTL.exe PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.17 20:05:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.11.09 15:45:16 | 000,139,264 | ---- | M] (amBX UK Ltd.) -- C:\Programme\amBX\Gaming FXGen\win32\amBXFxGen.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.02.10 18:17:46 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009.10.14 14:43:08 | 000,612,864 | -HS- | M] (amBX) -- C:\Program Files (x86)\amBX\System\amBX_Service.exe PRC - [2009.07.01 20:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe PRC - [2009.04.23 18:43:12 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe PRC - [2009.01.22 20:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe PRC - [2008.01.09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009.07.01 20:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe MOD - [2009.04.23 18:43:12 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe MOD - [2009.04.13 10:37:34 | 000,188,928 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\aasp.dll MOD - [2009.01.22 20:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe MOD - [2009.01.22 20:43:54 | 000,409,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\AnimationView.dll MOD - [2008.02.25 15:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll MOD - [2008.01.17 16:46:20 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\cpuutil.dll MOD - [2008.01.09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe MOD - [2007.01.03 22:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll MOD - [2006.01.10 16:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2005.06.22 17:39:56 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\PowerDll.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer) SRV:64bit: - [2012.03.20 12:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 11:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 11:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.10.25 20:38:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.16 14:01:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 09:50:15 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI8673.tmp -- (HyperDeskCustomThemeEnabler) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.17 20:05:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.02.10 18:17:46 | 000,310,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe -- (amBX Saitek HAL Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.10.14 14:43:08 | 000,612,864 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files (x86)\amBX\System\amBX_Service.exe -- (amBX Service) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.12.11 12:58:04 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2011.03.31 15:08:09 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2011.03.31 15:08:09 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 17:07:29 | 000,176,136 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0DC5.sys -- (SaiK0DC5) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.01.27 16:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 11:14:20 | 000,140,800 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiKF622.sys -- (SaiKF622) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 26 22 92 DD E7 CB 01 [binary data] IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michpal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.06 16:16:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.27 20:38:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.08 14:20:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.08 14:20:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Michpal\AppData\Roaming\14001.034 [2012.08.05 12:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michpal\AppData\Roaming\mozilla\Extensions [2012.09.02 10:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.27 20:38:20 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2012.01.06 16:16:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.07.14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 16:20:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.28 20:10:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.) O4:64bit: - HKLM..\Run: [amBX System Tray Application] C:\Programme\amBX\Gaming FXGen\x64\amBXFxGen.exe (amBX UK Ltd.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A15BD116-72FB-405F-B624-B9EBD99A7FE0}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E581B93F-7959-48E2-9C4B-B606ACE5784D}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven) O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 60 Days ========== [2012.10.29 14:24:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michpal\Desktop\OTL.exe [2012.10.29 06:33:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.28 20:21:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.28 19:56:45 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\Michpal\Desktop\ComboFix.exe [2012.10.28 14:30:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.28 14:30:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.28 14:30:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.28 14:30:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.28 14:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.28 13:35:31 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michpal\Desktop\tdsskiller.exe [2012.10.28 13:13:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michpal\Desktop\aswMBR.exe [2012.10.28 12:41:22 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Michpal\Desktop\dds.com [2012.10.27 22:51:21 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\Malwarebytes [2012.10.27 22:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.27 22:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.27 22:51:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.27 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.27 22:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2012.10.27 19:43:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.10.27 19:43:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.10.27 19:43:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.10.27 19:43:19 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.10.27 19:43:19 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.10.27 19:43:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.10.27 19:43:19 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.10.27 19:43:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.10.27 19:43:19 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.10.27 19:43:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.10.27 19:43:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.10.27 19:43:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.10.27 19:43:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.10.27 19:43:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.10.27 19:43:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.10.27 19:43:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.10.27 19:43:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.10.27 19:43:18 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.10.27 19:43:18 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.10.27 19:43:18 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.10.27 19:43:18 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.10.27 19:43:18 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.10.27 19:43:18 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.10.27 19:43:18 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.10.27 19:42:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.10.27 19:42:20 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.10.27 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\Michpal\Desktop\Neuer Ordner [2012.10.27 19:07:56 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.10.27 19:07:56 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.10.27 19:07:56 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.10.27 19:07:56 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.10.27 19:07:56 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.10.27 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.10.27 19:06:51 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.10.27 19:06:50 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.10.27 19:06:50 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.10.27 19:06:49 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.10.27 19:06:49 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.10.27 19:06:49 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.10.27 19:06:49 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.10.27 19:06:49 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.10.27 19:06:48 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.10.27 19:06:48 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.10.27 19:06:48 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.10.27 19:06:48 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.10.27 19:06:48 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.10.27 19:06:48 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.10.27 19:06:47 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.10.27 19:06:47 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.10.27 19:06:47 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.10.27 19:06:47 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.10.27 19:06:47 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.10.27 19:06:47 | 000,973,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.10.27 19:06:47 | 000,831,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.10.27 19:06:46 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.10.27 19:06:46 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.10.27 19:06:46 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.10.17 13:40:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.17 13:40:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.17 13:40:11 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.16 15:53:15 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\Arktos [2012.10.16 15:53:14 | 000,000,000 | ---D | C] -- C:\Users\Michpal\Documents\Arktos [2012.10.16 14:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012.10.10 19:31:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 19:31:01 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 19:30:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 19:30:43 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 19:30:43 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 19:30:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 19:30:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 19:30:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 19:30:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 19:30:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 19:29:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 19:29:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 19:29:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 19:29:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 19:29:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 19:29:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 19:29:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 19:29:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 19:29:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 19:29:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 19:29:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 19:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 19:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 19:29:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 19:29:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 19:28:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 19:28:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 19:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 19:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 19:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 19:28:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 19:28:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 19:28:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 19:28:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 19:28:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 19:28:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 19:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 19:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 19:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 19:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 19:28:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 19:28:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 19:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 19:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 19:27:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 19:27:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 19:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 19:27:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 19:26:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 19:26:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 19:26:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 19:26:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 19:26:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 19:26:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 19:26:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 19:26:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 19:25:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 19:25:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 19:25:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 19:25:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 19:25:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 19:25:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 19:25:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 19:21:57 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 19:21:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.08 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\Apple Computer [2012.10.08 14:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.10.08 14:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.10.08 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.10.08 14:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.10.04 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\IsolatedStorage [2012.10.04 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\amBX [2012.10.04 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX [2012.10.04 15:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\amBX [2012.10.04 15:50:32 | 000,176,136 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0DC5.sys [2012.10.02 12:15:52 | 000,430,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2012.10.02 09:53:06 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\Skinux [2012.10.02 09:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory [2012.10.02 09:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Skins Factory [2012.09.27 14:33:02 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.022 [2012.09.26 14:20:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 08:39:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 08:39:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 08:39:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.22 08:39:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.22 08:39:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.22 08:39:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.22 08:39:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 08:39:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 08:39:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 08:39:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 08:39:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.22 08:39:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.22 08:39:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.22 08:39:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.22 08:39:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.21 17:58:50 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.09.21 17:58:50 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.09.21 17:58:50 | 000,000,000 | ---D | C] -- C:\temp [2012.09.21 17:58:18 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.09.21 17:58:18 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.09.20 19:45:43 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.021 [2012.09.20 17:32:05 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\FLT [2012.09.12 15:33:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 15:33:45 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 15:33:36 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 15:33:36 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.10 13:46:21 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012.09.10 13:46:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC [2012.09.10 13:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2012.09.08 09:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.07 19:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.09.07 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.09.07 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.09.07 18:59:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.09.07 18:59:12 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.09.07 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.07 18:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.09.03 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.020 [2012.09.02 10:45:57 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.09.02 10:45:52 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.09.02 10:45:52 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.09.02 10:45:51 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.09.02 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.09.02 10:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.09.02 10:33:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.09.02 10:08:16 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\Monte Cristo [2012.09.01 06:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012.08.30 16:18:31 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.019 ========== Files - Modified Within 60 Days ========== [2012.10.29 14:28:45 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 14:28:45 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 14:26:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.29 14:26:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.29 14:26:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.29 14:26:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.29 14:26:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.29 14:24:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michpal\Desktop\OTL.exe [2012.10.29 14:21:37 | 000,000,439 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.10.29 14:21:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.29 14:21:20 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys [2012.10.28 22:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 20:10:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.28 19:56:35 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\Michpal\Desktop\ComboFix.exe [2012.10.28 14:17:59 | 000,538,941 | ---- | M] () -- C:\Users\Michpal\Desktop\adwcleaner.exe [2012.10.28 13:35:41 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michpal\Desktop\tdsskiller.exe [2012.10.28 13:33:52 | 000,000,512 | ---- | M] () -- C:\Users\Michpal\Desktop\MBR.dat [2012.10.28 13:13:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Michpal\Desktop\aswMBR.exe [2012.10.28 13:07:04 | 000,000,382 | ---- | M] () -- C:\Users\Michpal\defogger_reenable [2012.10.28 13:06:35 | 000,050,477 | ---- | M] () -- C:\Users\Michpal\Desktop\Defogger.exe [2012.10.28 12:41:24 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Michpal\Desktop\dds.com [2012.10.27 21:40:33 | 000,000,034 | ---- | M] () -- C:\Users\Michpal\AppData\Roaming\blckdom.res [2012.10.27 14:06:48 | 000,065,536 | ---- | M] () -- C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.dat [2012.10.26 21:03:39 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.10.26 21:03:39 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.26 21:03:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.10.23 21:02:32 | 000,007,615 | ---- | M] () -- C:\Users\Michpal\AppData\Local\Resmon.ResmonCfg [2012.10.21 09:23:15 | 001,338,211 | ---- | M] () -- C:\Users\Michpal\Desktop\warzmapalpha.png [2012.10.16 14:29:28 | 000,395,528 | ---- | M] () -- C:\Users\Michpal\Desktop\S3.pdf [2012.10.16 14:01:49 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.16 14:01:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.04 15:52:45 | 000,001,152 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk [2012.10.04 15:50:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf [2012.10.02 23:21:00 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.10.02 23:21:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.10.02 23:21:00 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.10.02 23:21:00 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.10.02 23:21:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.10.02 23:21:00 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.10.02 23:21:00 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.10.02 23:21:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.10.02 23:21:00 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.10.02 23:21:00 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.10.02 23:21:00 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.10.02 23:21:00 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.10.02 23:21:00 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.10.02 23:21:00 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.10.02 23:21:00 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.10.02 23:21:00 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.10.02 23:21:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.10.02 23:21:00 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.10.02 23:21:00 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.10.02 23:21:00 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.10.02 23:21:00 | 000,973,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.10.02 23:21:00 | 000,831,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.10.02 23:21:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.10.02 23:21:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.10.02 23:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.02 20:51:15 | 003,536,817 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.10.02 20:51:11 | 003,293,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.10.02 20:51:04 | 006,200,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.10.02 20:50:57 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.10.02 20:50:57 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.10.02 20:50:57 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.10.02 12:15:52 | 000,430,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.27 17:26:21 | 000,000,208 | ---- | M] () -- C:\Users\Michpal\Desktop\F1 2012.url [2012.09.24 22:16:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.09.24 22:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.09.24 22:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.09.21 17:45:01 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx [2012.09.13 14:26:50 | 001,259,888 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2012.09.13 14:25:38 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2012.09.07 18:42:42 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.09.07 18:42:42 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.09.02 10:45:46 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.09.02 10:45:44 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.09.02 10:45:44 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.09.02 10:45:44 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.09.02 10:45:43 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.09.02 10:45:43 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.08.30 20:14:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.08.30 20:14:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.08.30 19:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.08.30 18:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.08.30 18:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.08.30 16:20:00 | 000,000,033 | ---- | M] () -- C:\Users\Michpal\AppData\Roaming\urhtps.dat ========== Files Created - No Company Name ========== [2012.10.28 14:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.28 14:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.28 14:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.28 14:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.28 14:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.28 14:17:55 | 000,538,941 | ---- | C] () -- C:\Users\Michpal\Desktop\adwcleaner.exe [2012.10.28 13:33:52 | 000,000,512 | ---- | C] () -- C:\Users\Michpal\Desktop\MBR.dat [2012.10.28 13:07:02 | 000,000,382 | ---- | C] () -- C:\Users\Michpal\defogger_reenable [2012.10.28 13:06:34 | 000,050,477 | ---- | C] () -- C:\Users\Michpal\Desktop\Defogger.exe [2012.10.27 19:07:56 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.10.27 19:06:46 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.21 09:23:14 | 001,338,211 | ---- | C] () -- C:\Users\Michpal\Desktop\warzmapalpha.png [2012.10.18 16:34:18 | 000,065,536 | ---- | C] () -- C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.dat [2012.10.16 14:29:28 | 000,395,528 | ---- | C] () -- C:\Users\Michpal\Desktop\S3.pdf [2012.10.16 14:01:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 15:52:45 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk [2012.10.04 15:50:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf [2012.09.27 14:32:20 | 000,000,208 | ---- | C] () -- C:\Users\Michpal\Desktop\F1 2012.url [2012.09.21 17:45:01 | 000,000,000 | ---- | C] () -- C:\Windows\Path.idx [2012.09.20 19:45:28 | 000,000,034 | ---- | C] () -- C:\Users\Michpal\AppData\Roaming\blckdom.res [2012.09.10 13:46:21 | 001,259,888 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2012.08.27 05:37:20 | 000,000,033 | ---- | C] () -- C:\Users\Michpal\AppData\Roaming\urhtps.dat [2012.07.19 16:21:54 | 000,000,051 | ---- | C] () -- C:\ProgramData\krjzwqfjgnxvbwe [2012.03.06 23:09:00 | 000,007,615 | ---- | C] () -- C:\Users\Michpal\AppData\Local\Resmon.ResmonCfg [2011.12.13 15:42:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.12.10 11:20:28 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.12.10 11:20:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.12.10 11:19:44 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.02 00:10:14 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.31 20:57:41 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.22 15:57:33 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.03.22 15:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.03.22 15:57:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.22 14:59:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011.03.22 14:55:10 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.03.22 14:55:10 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.03.22 14:55:07 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.03.22 14:55:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.03.21 17:24:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < c:\users\Michpal\AppData\Roaming /S > < End of report > |
|
29.10.2012, 14:37
| #13 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.10.2012 14:26:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michpal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,05% Memory free
14,00 Gb Paging File | 12,24 Gb Available in Paging File | 87,42% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,24 Gb Total Space | 8,00 Gb Free Space | 10,92% Space Free | Partition Type: NTFS
Drive D: | 392,51 Gb Total Space | 135,23 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
Computer Name: MICHPAL-PC | User Name: Michpal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BB2C97-CEA5-4294-A282-FBF9A3C67334}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{013AC9C5-E20F-48C5-807E-F4B2F8A41F7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E602D01-74AB-4BA5-9ED9-C5E6E38E010E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12A13A76-F4E1-4A07-ABF7-0F70AA0534EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB7648C-480E-4E1E-A59E-951541220B55}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26B9BBD0-DDE6-43EC-BD6B-E0D46957E0CE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2D401084-70C2-43EA-9D39-9A39502E2C41}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{30F59929-6626-477D-B971-D2728A50412D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DEEB7D2-781C-4F06-933F-6478637DE0F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{4157191F-D4AD-44AD-8B8C-AEC68FD16247}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{44480E7E-8F40-4457-8419-E9FAC90AEC9B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{44F10CB5-5A25-45D2-9E93-C750A566DB91}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{469479B3-0F6B-4748-973C-402143A4F1B5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{48E22393-4BDF-45B6-A97D-C79921BAB922}" = lport=137 | protocol=17 | dir=in | app=system |
"{49CEB0D3-C867-4F34-9FA5-9C18A28CF29A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4CC31C07-0DE3-4EE6-B158-53DCC8A5CDBA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5686138C-ABBF-49F8-BD6C-498C514011AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5AC58B11-4BD2-4190-A104-38CEE1FEE3DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71EA4BDB-33E7-4134-91F6-0B053CA4AF9B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{80CE03B1-B4DD-40BA-B70D-891EDE05526A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{866250A4-AD7A-4EC5-BF4D-9B1A54522A3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C356EFB-9B3C-4D92-9D77-FD35ACC8F2F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A3F11A8-C06C-4E87-8997-ED4FA1599BEE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A51E9437-559E-44A6-A2A1-034DE90930EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6C00D73-6F96-452F-AE6B-E9B472D91195}" = rport=445 | protocol=6 | dir=out | app=system |
"{A78529DB-AAB0-436D-B9C8-83175FD1B79D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AE0D6C43-A23A-4EAE-A4AA-80EA977BC1AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0F9D425-FDF4-44DC-BC5E-D9020DBAF3F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B34E23E4-16F7-4FBF-AD7F-B6C8226405AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B7B77575-C513-4F71-A1BB-942DBE5237C3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BA2F4F5F-6DC7-4F0C-A019-C1E240C7724F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC07A483-4D9A-438A-BECC-98C30DA2C1CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0363324-D454-40CD-ABC8-BC183ED5BB5B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2D802E4-C5C1-4DBF-9A59-5200ED15496C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C899AE87-B706-4A00-81BE-A158D367718D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C98FC929-6AFA-4AC7-AA39-64219D9B3278}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D787E623-F6AD-4DEF-B846-AE2A84640440}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D7E098D4-6832-484A-AF3F-63B723D425E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{FD80065E-35DF-4C80-A00C-79ABA855E096}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01625243-BCF0-41DC-A439-E59BB9D2934C}" = protocol=17 | dir=in | app=c:\users\michpal\appdata\roaming\dropbox\bin\dropbox.exe |
"{0522D45E-CD7E-4D3B-ADFA-A1A3557CAA1A}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow\launcher.patch.exe |
"{0622389F-BD10-48B6-98FD-18BEB2CBE050}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\f1 2012\f1_2012.exe |
"{062CAE2A-638F-4F46-8177-33469D86641F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0888A55A-CCA9-4E9E-96EF-D6ACB6C8E574}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{0D9D831E-9601-44E0-BE23-5D359F912017}" = protocol=17 | dir=in | app=d:\games\anno 2070\initengine.exe |
"{1060B5F2-C549-41F8-9667-A91372D2D9D2}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{135A771E-F428-4738-94A4-50A84B599948}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{1447C2B3-486A-4C2F-BDBB-DA738B1ED50C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1609B3C9-030C-49B9-B4EF-67DDEDA28BAA}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{1630FC85-60E3-40B9-AB97-5248CE25684E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{166F500D-3F04-4440-BCF3-B191465284F1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe |
"{1958CBE9-9183-4EE7-AA93-461BDB33DE7C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1D59019E-D332-4842-91AB-6CF41396E996}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{24EE4944-B6AD-48A1-B32A-06464B2851F7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{2579178B-678B-4417-A7CC-3AEBD5D8838B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{271C6B88-90D7-47FF-8BFD-3DED7AE30409}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{2E47A5D7-A49A-41B7-945D-BFF0C0C42003}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{32FF2C3E-3611-4A5E-A9A6-C7B55BD4238E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{36594A31-48ED-4F68-BC7C-00A5B8ED9BE0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3990A6FB-9846-47EE-B19A-8D330351CA2A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A131836-51B9-40F8-9985-35744A54F9AB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3ADEA9DE-0899-4208-819E-09F0E0AA02EB}" = protocol=17 | dir=in | app=d:\games\assasine\acrmp.exe |
"{3B239137-CDFE-49AB-8BB2-7E3D486B1324}" = protocol=6 | dir=in | app=d:\games\bfbc 2\bfbc2updater.exe |
"{3C6218B8-A79E-4A35-B012-45B58C418BD1}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{3D8DED8C-B14F-410A-A277-73D8033CCDCD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3E12B0CF-FAB2-4645-A4BA-95600624BCAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3EEB9190-833A-4D24-8A7F-AD45B22EA784}" = protocol=6 | dir=in | app=d:\games\assasine\acbmp.exe |
"{3FA289E9-FA76-4AB6-AA61-C10C069BF2A8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{404F74DF-6FC7-4C23-95F1-D10FA3F46B91}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{420F0DE3-59CA-4358-82B9-69303FC5328F}" = protocol=17 | dir=in | app=d:\games\anno 2070\anno5.exe |
"{4425F034-4FDF-46F1-AA8F-1086C6ABE49E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{453F5EF6-7D98-4C92-84E0-4BC2AD20BDFD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4EAA009F-898C-4EF6-9DB0-FF1F59A057FB}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{4F651236-4A0A-40D0-A57C-A8C58C6174B5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{50E00C56-4019-4E20-8886-C0D3856EE09D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{51BAC6B9-2305-4E57-93C4-092EC100A47C}" = protocol=6 | dir=in | app=d:\games\anno 2070\initengine.exe |
"{52E5853D-2672-4CAD-B26C-763C1CCF0C27}" = protocol=17 | dir=in | app=d:\games\diablo 3\diablo iii\diablo iii.exe |
"{5617CDA2-D0E0-412E-B4C1-48CFA0F652AB}" = protocol=17 | dir=in | app=d:\games\anno 2070\autopatcher.exe |
"{5891ADBF-5F73-4268-95FD-B8D6CBCDC43C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{58B9B1BD-F765-420E-B0A4-C61DBDB8AB84}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{5922B4A7-D6FB-43D0-A421-688511C568D6}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5A904B1F-4ECB-4C83-BA99-E975EB1A3EEE}" = protocol=6 | dir=in | app=d:\games\dirt 3\dirt3_game.exe |
"{5C385321-64F7-4438-8F4E-6CA9F36FA51C}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow\launcher.exe |
"{5DB488A3-8E6C-45B5-B4BD-D3C435E44A68}" = protocol=6 | dir=in | app=d:\games\anno 2070\autopatcher.exe |
"{5F1450D1-5820-449C-9E0C-15F8C92DA9D9}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow\launcher.patch.exe |
"{60306C8F-AC48-4499-B92A-431748C1ED35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{63BD3491-4C55-4632-84C8-554D8AB542E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{646C8DEA-1113-42C1-B9F4-3F3C81A95954}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{67DB3C4A-F555-4A56-9655-88EC811BFEAB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{67EE73E7-00D5-4356-9080-4C7AADE0DDF6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6C7B26B0-0D8E-4F51-94E6-52EF192A4250}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6D6E574F-3B0B-48E7-8E20-285624482D12}" = protocol=17 | dir=in | app=d:\games\assasine\acbmp.exe |
"{6F52A965-8022-46F3-8687-52473432045A}" = protocol=17 | dir=in | app=d:\games\bfbc 2\bfbc2updater.exe |
"{6FD3AB04-EA48-4FBA-9967-DE9356E47AA6}" = dir=in | app=d:\games\the war z\warz.exe |
"{7182DC95-7685-490A-B8BE-C36E189EB4AE}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\endless space\endlessspace.exe |
"{74051338-F20B-456A-8C13-8A5B8A4C86AA}" = protocol=17 | dir=in | app=d:\games\need for speed\launcher.exe |
"{745F9C98-E1A9-4C20-9327-92E7154DE37D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe |
"{766CF96A-6E7F-4526-B98A-AB79B0148DFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77FB37BD-07DE-4DEC-9F0B-89EAB4E0AA43}" = protocol=17 | dir=in | app=d:\games\silent hunter 5\sh5.exe |
"{799CC32F-9D95-40ED-8938-E3B5CB0998D1}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{7AD74863-B184-4658-8F9D-BF1511D05A9A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E5E47E7-56E2-43A7-BFF0-18C77459ABB3}" = protocol=6 | dir=in | app=d:\games\diablo 3\diablo iii\diablo iii.exe |
"{8384A255-7959-4DEA-8CC1-D2D79466110F}" = protocol=6 | dir=in | app=d:\games\anno 2070\anno5.exe |
"{83A28E61-2983-4C38-94AE-BCBA25C833EE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{84E226A9-6AE6-4B88-B9FB-D17BA90CB6A9}" = protocol=6 | dir=in | app=d:\games\origin games\bf 3\battlefield 3\bf3.exe |
"{8734A600-1358-4F95-9052-76C875D55E40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8832802C-9EEA-4B19-877D-2EACA9DCA115}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{88DC59BA-980B-43A5-BB31-9AD696A6EDD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{89D2DB71-D794-49CC-945D-7BDE6C51539E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8A13FB81-0103-4365-803C-709D8CB5FAA9}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{8D6D3BF6-3D2F-4434-9E4C-E286CE2F6D50}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{8DB24F68-31BC-44E0-86E2-8A2C09F4593F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{911BD869-DE9F-4AA6-BF7C-6C04A7A82A85}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{95079AB3-EB48-4315-B16B-7C8A48518D99}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{97522052-91F0-452D-B5F2-9F2A060559EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A063555-46C4-49F8-A034-C79FB51CFA7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9BF22015-095F-4E0D-B493-F17AAD6761F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9E2333CA-7E19-46D5-9B4F-2C1FF028822E}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{9E66C6F5-4127-45D9-912E-CD73097ECE59}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9F4ED5FD-7986-48BC-A2DA-1687ED493F8A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1B2E6B7-4775-40A8-8E01-B068D631D402}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\endless space\endlessspace.exe |
"{A64E5C56-0720-429E-866A-71AC01A6CA69}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\f1 2012\f1_2012.exe |
"{A7BF9B64-0292-476A-A80F-5813700C2C49}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{B1B8F12E-666F-4DDA-B99B-62247BDBC94F}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow\launcher.exe |
"{B28CE8C3-4CFB-40D7-B4B0-2ED70FED6FC2}" = protocol=6 | dir=in | app=c:\users\michpal\appdata\roaming\dropbox\bin\dropbox.exe |
"{B55F0E6E-D059-461D-BCA3-7E56314FF7DC}" = protocol=6 | dir=in | app=d:\games\need for speed\launcher.exe |
"{BCD91DEB-727C-4516-ACCA-37630AC7BEB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C03B08A1-6713-4A07-AF9B-D33B55FF7D53}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{C7A683C5-2056-49FA-B562-4447241EA289}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C951E6C7-3DE1-4122-8AFB-DD2D94CA3BEC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{C97E2770-0B13-4B35-9647-338BE61A5BAD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{C9CBC0FE-1D25-43B3-85C4-CB00FE022148}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB2B7758-C363-4621-984D-DA0510E4D65F}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{CC6CA92C-8386-47B3-8E58-E52F413CAC0F}" = protocol=17 | dir=in | app=d:\games\origin games\bf 3\battlefield 3\bf3.exe |
"{CED03644-73F5-47EE-B915-9DF2458503A5}" = protocol=17 | dir=in | app=d:\games\dirt 3\dirt3_game.exe |
"{D1E97F4D-9A9C-4B69-97AD-0CAFB3634247}" = protocol=6 | dir=in | app=d:\games\silent hunter 5\sh5.exe |
"{D6C8EFBA-3939-483F-886D-C07F9CE43EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DCC9DC91-1E79-46FA-913E-9528A21174D5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{DEB58912-D42D-4EF5-9B68-D2E1DC7EE1BB}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{DF61C2CB-F59A-4506-A87D-4D0086073D53}" = protocol=6 | dir=in | app=d:\games\assasine\acrmp.exe |
"{E0C0E3E0-D720-4985-9D5E-0ECD36BC0365}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{E10C89DD-F7B5-42D2-BDCA-223E9FB57DB4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E18F2942-89CF-4A37-99DC-A8A532674DC1}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{E715DC28-0497-47D6-808D-4077CA580859}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EE96720A-593F-4DD9-8A38-ED998CC3B5FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F33F6144-4A84-4123-BFCB-20FF85370A0C}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{F7A2132B-74F7-4537-849C-61965FBB62CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{FC735581-2EA1-4A83-AFED-EFA27921A6E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF0C3B01-EC67-4FC9-B65B-4E6AE5F7DE7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{2597BAC8-6D52-4D37-814F-2729E03C5ADC}C:\users\michpal\appdata\roaming\xonu\vado.exe" = protocol=6 | dir=in | app=c:\users\michpal\appdata\roaming\xonu\vado.exe |
"UDP Query User{2853AA23-4C13-4EF0-808D-E2E85FC6B1FF}C:\users\michpal\appdata\roaming\xonu\vado.exe" = protocol=17 | dir=in | app=c:\users\michpal\appdata\roaming\xonu\vado.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{257A63C6-A669-43F1-8C75-E16CDB617841}_is1" = amBX Gaming FXGen 3.7.6
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{3A76C69A-09A7-4DDB-BFFF-EDFDC33814D1}_is1" = amBX Audio FXGen 3.1.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{93F00A69-865C-4FEE-AB52-EF2312A28252}_is1" = amBX Control Panel 1.2.7
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AFAB5E-0631-4A3F-934F-EFC59479A26E}" = Hyperdesk - DarkMatter Subspace
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018202}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{920A4937-9D4D-4457-A323-F3EA79A84A3D}_is1" = amBX Saitek HAL 1.0.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A140B991-FC80-475C-B569-7197EA261A45}_is1" = amBX System 1.1.4.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D6861C-7537-4BD5-B792-AA5206411138}" = Hyperdesk - DarkMatter RedShift
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J415W
"{FCC0865A-F6E3-45E6-A5C8-099BE5AE3247}" = Hyperdesk - DarkMatter Solar Flare
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"amBX Illuminate" = amBX Illuminate 1.0.2
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cities XL" = Cities XL
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Free Video to Samsung Phones Converter_is1" = Free Video to Samsung Phones Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Lucikes Rundum-Sorglos-Paket_is1" = Lucikes Rundum-Sorglos-Paket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 201310" = X3: Albion Prelude
"Steam App 207610" = The Walking Dead
"Steam App 208140" = Endless Space
"Steam App 208500" = F1 2012
"Steam App 2820" = X3: Terran Conflict
"Steam App 550" = Left 4 Dead 2
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.3
"World of Warcraft" = World of Warcraft
"X3AP Bonus Pack_is1" = X3 Albion Prelude Bonuspaket 5.1.0.0
"X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2012 16:36:15 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_268.exe,
Version: 11.3.300.268, Zeitstempel: 0x500adb58 Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset:
0x000ce6c3 ID des fehlerhaften Prozesses: 0x874 Startzeit der fehlerhaften Anwendung:
0x01cd8881653ae290 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ac4e3ebd-f474-11e1-a960-90e6ba0d3330
Error - 02.09.2012 03:37:34 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mchost.exe, Version: 5.0.185.0, Zeitstempel:
0x4d0998be Name des fehlerhaften Moduls: mcmscshm.dll, Version: 11.0.669.0, Zeitstempel:
0x4f6a7c22 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0000000000084878 ID des fehlerhaften
Prozesses: 0xee8 Startzeit der fehlerhaften Anwendung: 0x01cd88ddcf2197d1 Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\Core\mchost.exe Pfad
des fehlerhaften Moduls: c:\PROGRA~1\mcafee\msc\mcmscshm.dll Berichtskennung: 0efb24b2-f4d1-11e1-bf79-90e6ba0d3330
Error - 02.09.2012 04:03:12 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1446.623,
Zeitstempel: 0x5004ae1a Name des fehlerhaften Moduls: iertutil.dll, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf051 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00114f5b ID des fehlerhaften
Prozesses: 0x898 Startzeit der fehlerhaften Anwendung: 0x01cd88e1529f32af Pfad der
fehlerhaften Anwendung: D:\Games\Steam\Steam.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\iertutil.dll
Berichtskennung:
a3b5e786-f4d4-11e1-a341-90e6ba0d3330
Error - 02.09.2012 04:03:23 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: brccMCtl.exe, Version: 3.6.8.14,
Zeitstempel: 0x49c7422a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022568 ID des fehlerhaften
Prozesses: 0xfb0 Startzeit der fehlerhaften Anwendung: 0x01cd88e1598c93db Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a9ff09bf-f4d4-11e1-a341-90e6ba0d3330
Error - 02.09.2012 04:03:31 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DTLite.exe, Version: 4.41.3.173,
Zeitstempel: 0x4e37a841 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xa4c Startzeit der fehlerhaften Anwendung: 0x01cd88e152d853b6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: aecdb12d-f4d4-11e1-a341-90e6ba0d3330
Error - 02.09.2012 04:03:38 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: jusched.exe, Version: 2.1.6.0, Zeitstempel:
0x4f15c703 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses:
0xfa0 Startzeit der fehlerhaften Anwendung: 0x01cd88e1595a96f5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b354ef52-f4d4-11e1-a341-90e6ba0d3330
Error - 02.09.2012 04:03:49 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SSScheduler.exe, Version: 3.0.207.0,
Zeitstempel: 0x4dfb637d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000345ce ID des fehlerhaften
Prozesses: 0xc0c Startzeit der fehlerhaften Anwendung: 0x01cd88e1533c4d81 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b9994ecb-f4d4-11e1-a341-90e6ba0d3330
Error - 02.09.2012 04:06:48 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mchost.exe, Version: 5.0.185.0, Zeitstempel:
0x4d0998be Name des fehlerhaften Moduls: mcmscshm.dll, Version: 11.0.669.0, Zeitstempel:
0x4f6a7c22 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0000000000084878 ID des fehlerhaften
Prozesses: 0x6878 Startzeit der fehlerhaften Anwendung: 0x01cd88e1e57ac1ed Pfad der
fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\Core\mchost.exe Pfad
des fehlerhaften Moduls: c:\PROGRA~1\mcafee\msc\mcmscshm.dll Berichtskennung: 2463e3d2-f4d5-11e1-a341-90e6ba0d3330
Error - 02.09.2012 05:15:49 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CitiesXL.exe, Version: 1.0.0.0, Zeitstempel:
0x4b4f53dc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001fab8 ID des fehlerhaften Prozesses:
0x6ad8 Startzeit der fehlerhaften Anwendung: 0x01cd88eb89c25323 Pfad der fehlerhaften
Anwendung: D:\Games\Cities XL\CitiesXL.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
c874b562-f4de-11e1-a341-90e6ba0d3330
Error - 02.09.2012 05:30:45 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SSScheduler.exe, Version: 3.0.207.0,
Zeitstempel: 0x4dfb637d Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000198f5 ID des fehlerhaften
Prozesses: 0xbc8 Startzeit der fehlerhaften Anwendung: 0x01cd88ed99611959 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: debcb395-f4e0-11e1-9f33-90e6ba0d3330
[ System Events ]
Error - 28.10.2012 15:21:39 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
ist bereits 353 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.10.2012 15:21:41 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
ist bereits 354 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.10.2012 15:21:43 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
ist bereits 355 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.10.2012 15:21:45 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
ist bereits 356 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.10.2012 15:21:49 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
ist bereits 357 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.10.2012 15:21:52 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
ist bereits 358 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.10.2012 18:36:46 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "amBX Service" wurde mit folgendem Fehler beendet: %%1115
Error - 29.10.2012 01:33:04 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 29.10.2012 01:34:47 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "amBX Service" wurde mit folgendem Fehler beendet: %%1115
Error - 29.10.2012 09:21:36 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
29.10.2012, 14:58
| #14 |
| /// TB-Ausbilder | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler Servus, du bist seit mindestens August mit Malware infiziert! Schritt 1
Code:
ATTFilter :OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Michpal\AppData\Roaming\14001.034
[2011.11.05 16:20:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
[2012.09.27 14:33:02 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.022
[2012.09.20 19:45:43 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.021
[2012.09.03 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.020
[2012.08.30 16:18:31 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.019
:files
C:\users\michpal\appdata\roaming\xonu
C:\Users\Michpal\AppData\Roaming\14001.*
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2597BAC8-6D52-4D37-814F-2729E03C5ADC}C:\users\michpal\appdata\roaming\xonu\vado.exe"=-
"UDP Query User{2853AA23-4C13-4EF0-808D-E2E85FC6B1FF}C:\users\michpal\appdata\roaming\xonu\vado.exe"=-
:commands
[Emptytemp]
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
29.10.2012, 15:22
| #15 |
| | rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler All processes killed ========== OTL ========== HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found. File C:\Users\Michpal\AppData\Roaming\14001.034 not found. C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. C:\Users\Michpal\AppData\Roaming\14001.022\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.022 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.021\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.021 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.020\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.020 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.019\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.019 folder moved successfully. ========== FILES ========== C:\users\michpal\appdata\roaming\Xonu folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.008\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.008 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.009\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.009 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.010\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.010 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.011\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.011 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.012\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.012 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.013\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.013 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.014\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.014 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.016\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.016 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.017\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.017 folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.018\components folder moved successfully. C:\Users\Michpal\AppData\Roaming\14001.018 folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2597BAC8-6D52-4D37-814F-2729E03C5ADC}C:\users\michpal\appdata\roaming\xonu\vado.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2853AA23-4C13-4EF0-808D-E2E85FC6B1FF}C:\users\michpal\appdata\roaming\xonu\vado.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Michpal ->Temp folder emptied: 3895 bytes ->Temporary Internet Files folder emptied: 38984670 bytes ->Java cache emptied: 16110858 bytes ->FireFox cache emptied: 300904372 bytes ->Flash cache emptied: 72963 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes User: UpdatusUser.Michpal-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: UpdatusUser.Michpal-PC.000 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3160597 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 343,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10292012_151644 Files\Folders moved on Reboot... C:\Users\Michpal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
| Themen zu rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler |
| bundestrojaner, fehler, fehlermeldung, folge, frage, freund, gekauft, hallo zusammen, html/ransom.b, hängen, install.exe, installation, installiert, kaspersky, kleines, nicht installiert, nutzen, rescue cd, sachen, setup, verhindert, vista, win32/spy.banker.ypc, win32/spy.banker.ypk, windows, zusammen |
Textbox.
Linear-Darstellung
