Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler (https://www.trojaner-board.de/126212-rool0_pk-exe-fehlermeldung-bundestrojaner-direct3d11-fehler.html)

Michpal 27.10.2012 22:33
rool0_PK.exe .... Fehlermeldung nach Bundestrojaner ... direct3d11 fehler
 
Hallo zusammen,

ich habe da ein kleines Probelm und hoffe ihr könnt mir evtl. helfen.

Vor einiger Zeit (2 Monate) hatte ich nen Bundestrojaner drauf mit "Sie müssen bezahlen u an Ihren Rechner" naja ihr kennt das. Diese konnte ich mittels der Kaspersky rescue cd wieder entfernen. Danach kam immer der fehler das die rool0_pk.exe nicht gefunden werden konnte. Dachte mir bis jetzt nichts dabei und es gab auch keinen weiteren Probleme.

Nun habe ich gestern nfs most wanted gekauft und wollte es mal installieren, er bricht allerdings die Installation ab mit folgendem Fehler:

Direct3D 11 nicht installiert nutzen sie windows link zu Fehler/Update KB93571 bzw KB971644 dies sind allerdings aktualisierungen für vista und nicht wie ich benutze win7 64Bit.

sowie

Redistributable package, d3d11install.exe wurde nicht erfolgreich installiert (4)

kann es sein das diese "rest" exe oder Befehl die akualisierung verhindert? Ein freund von mir kaufte es sich auch und da war die Installation erfolgreich.

Ich habe natürlich auh die in den meisten foren vorgeschlagen diretx Aktualisierungstools one ergebnis oder Problem durchgeführt.
Ich werde natürlich auch ea mal anschreiben aber wollte hier noch mal um rat fragen. Was mich auch verwundert ist die aussage in dxdiag das DX Setup Parameters: Not found.

vielleicht hängen die Sachen auch nicht zusammen aber wär trotzdem schön die Fehlermeldung rool0_pk.exe erschwinden würde.

im voraus danke und schönen abend

lg micha

M-K-D-B 28.10.2012 11:03
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Ich schlage vor, wir überprüfen deinen Rechner komplett auf Malware und entfernen eventuell vorhandene Reste.
Sollte die Installation dann immer noch scheitern, dann liegt es auf jeden Fall nicht an der Malware. ;)





Schritt 1
Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe
  • Starte bitte dds mit einem Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Setze bitte einen Haken bei
    • dds.txt ( Sollte angehakt sein )
    • attach.txt
    Ändere keine Einstellungen ohne Anweisung
  • Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
    • dds.txt
    • attach.txt
Bitte poste beide Logfiles in deiner nächsten Antwort.





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von DDS,
  • die Logdatei von DeFogger,
  • die Logdatei von aswMBR,
  • die Logdatei von TDSSKiller.

Michpal 28.10.2012 12:40
Hallo Danke für deine Angebot zur Hilfe :applaus:

ich hab gestern abend noch die Malewarebyte Anti Malware durchlaufen lassen und er hat etliches gefunden ... 12 Trojaner, die sind mittlerweile auch alle gelöscht von diesem Programm und diese Fehlermeldung mit der exe erscheint nach dem Neustart nicht mehr.

Nichts destotrotz kann ich das spiel nicht installieren da selbiger Fehler,
in deinem Post sprichst du ja auch von einer Formatierung der Festplatte ... zum wahrscheinlich 01.12.2012 wird mein system umgebaut und eh alles neu aufgesetzt. auch mit neuer ssd platte als Primär und die jetzige für die Daten.

Ich werde heute nachmittag deinen 1. Schritt durchführen und das Ergebnis posten.

in dem Sinne Mahlzeit

M-K-D-B 28.10.2012 12:46
Servus,



Zitat:
Zitat von Michpal (Beitrag 946834)
ich hab gestern abend noch die Malewarebyte Anti Malware durchlaufen lassen und er hat etliches gefunden ... 12 Trojaner, die sind mittlerweile auch alle gelöscht von diesem Programm und diese Fehlermeldung mit der exe erscheint nach dem Neustart nicht mehr.
Öffne Malwarebytes' Anti-Malware.
Klicke auf den Tab Logdateien.
Wähle die entsprechende Textdatei aus und Klicke auf Öffnen.
Poste mir den Inhalt hier mit deiner nächsten Antwort.


Führe anschließend die Schritte 1 - 4 meiner letzten Antwort durch und poste die Logdateien. Dann sehen wir weiter. :)

Michpal 28.10.2012 12:53
attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:
Code:
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21.03.2011 16:25:53
System Uptime: 28.10.2012 10:51:49 (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Maximus Extreme
Processor: Intel(R) Core(TM)2 Duo CPU    E8500  @ 3.16GHz | LGA775 | 3163/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 7,541 GiB free.
D: is FIXED (NTFS) - 393 GiB total, 92,502 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standardtastatur (PS/2)
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standardtastaturen)
Name: Standardtastatur (PS/2)
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-Teredo-Tunneling-Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft-Teredo-Tunneling-Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP304: 28.10.2012 10:30:12 - DirectX wurde installiert
RP305: 28.10.2012 10:42:42 - DirectX wurde installiert
RP306: 28.10.2012 11:34:00 - DirectX wurde installiert
RP307: 28.10.2012 11:46:26 - DirectX wurde installiert
RP308: 28.10.2012 11:47:39 - DirectX wurde installiert
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
AI Suite
amBX Audio FXGen 3.1.1
amBX Control Panel 1.2.7
amBX Gaming FXGen 3.7.6
amBX Illuminate 1.0.2
amBX Saitek HAL 1.0.0
amBX System 1.1.4.0
ANNO 2070
Apple Application Support
Apple Software Update
ASUSUpdate
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Brother MFL-Pro Suite MFC-J415W
Cities XL
DAEMON Tools Lite
DAEMON Tools Toolbar
Diablo III
Die Sims™ 3 Einfach tierisch
Die Sims™ 3 Late Night
Die Sims™ 3 Lebensfreude
DiRT 3
DivX-Setup
Dropbox
Endless Space
ESN Sonar
F1 2012
Free Video to Samsung Phones Converter version 5.0.15.706
Free YouTube to MP3 Converter version 3.11.25.627
Host OpenAL (ADI)
Hyperdesk - DarkMatter RedShift
Hyperdesk - DarkMatter Solar Flare
Hyperdesk - DarkMatter Subspace
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
JMicron JMB36X Driver
Left 4 Dead 2
Left 4 Dead 2 Authoring Tools
Logitech GamePanel Software 3.06.109
Logitech Gaming Software 5.10
Lucikes Rundum-Sorglos-Paket
Malwarebytes Anti-Malware Version 1.65.1.1000
Marvell Miniport Driver
McAfee Internet Security Suite
Media Go
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Maintenance Service
Need for Speed(TM) Hot Pursuit
Need For Speed™ World
Nexus Mod Manager
NVIDIA 3D Vision Controller-Treiber 306.97
NVIDIA 3D Vision Treiber 306.97
NVIDIA Grafiktreiber 306.97
NVIDIA HD-Audiotreiber 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 306.97
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
Origin
Patch v2.2
PC Probe II
PlayStation(R)Network Downloader
PlayStation(R)Store
PunkBuster Services
QuickTime
Rapture3D 2.4.9 Game
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Silent Hunter 5
SpeechRedist
SpeedFan (remove only)
Steam
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
The Walking Dead
The War Z version alpha
toolplugin
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
Web Assistant 2.0.0.485
Web Optimizer
Windows Live ID Sign-in Assistant
WinRAR 4.00 (64-Bit)
World of Warcraft
X3 Albion Prelude Bonuspaket 5.1.0.0
X3: Albion Prelude
X3: Terran Conflict
X3TC Bonuspaket 4.1.01
.
==== End Of File ===========================

DDSDDS Logfile:

       
Code:

       
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.9.2
Run by Michpal at 12:42:06 on 2012-10-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6319 [GMT 1:00]
.
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Installer\MSI8673.tmp
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\amBX\System\amBX_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
C:\Program Files\amBX\Control Panel\amBXDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
D:\Games\Origin\Origin.exe
D:\Games\Origin\OriginClientService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = 122.49.77.1:80
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [imtazuvwobzvvzb] C:\ProgramData\imtazuvw.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMBXIL~1.LNK - C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A15BD116-72FB-405F-B624-B9EBD99A7FE0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E581B93F-7959-48E2-9C4B-B606ACE5784D} : DHCPNameServer = 192.168.2.1 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
SSODL: WebCheck - <orphaned>
STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
x64-Run: [amBX Daemon] "C:\Program Files\amBX\Control Panel\amBXDaemon.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Michpal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-21 289664]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-21 75936]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 amBX Saitek HAL Service;amBX Saitek HAL Service;C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2012-10-4 310784]
R2 amBX Service;amBX Service;C:\Program Files (x86)\amBX\System\amBX_Service.exe [2012-10-4 612864]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSI8673.tmp [2012-10-2 102400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-27 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-27 676936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-21 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-21 162192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-27 1258856]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-18 188760]
R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-9-10 1259888]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-13 245760]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-21 65264]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-27 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-21 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-21 487296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 189288]
R3 SaiK0DC5;SaiK0DC5;C:\Windows\System32\drivers\SaiK0DC5.sys [2012-10-4 176136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2011-12-11 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-6 250808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-3-31 13352]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-21 100912]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-5 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 SaiKF622;SaiKF622;C:\Windows\System32\drivers\SaiKF622.sys [2009-6-10 140800]
S3 Sony PC Companion;Sony PC Companion;"C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" --> C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
.
=============== Created Last 30 ================
.
2012-10-27 21:51:21        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51:08        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-10-27 21:51:07        25928        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-10-27 21:51:06        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42:21        458712        ----a-w-        C:\Windows\System32\drivers\cng.sys
2012-10-27 18:42:21        340992        ----a-w-        C:\Windows\System32\schannel.dll
2012-10-27 18:42:21        307200        ----a-w-        C:\Windows\System32\ncrypt.dll
2012-10-27 18:42:21        247808        ----a-w-        C:\Windows\SysWow64\schannel.dll
2012-10-27 18:42:21        154480        ----a-w-        C:\Windows\System32\drivers\ksecpkg.sys
2012-10-27 18:42:20        220160        ----a-w-        C:\Windows\SysWow64\ncrypt.dll
2012-10-27 18:42:20        22016        ----a-w-        C:\Windows\SysWow64\secur32.dll
2012-10-27 18:42:20        1448448        ----a-w-        C:\Windows\System32\lsasrv.dll
2012-10-27 18:42:19        96768        ----a-w-        C:\Windows\SysWow64\sspicli.dll
2012-10-27 18:07:56        891240        ----a-w-        C:\Windows\System32\nvvsvc.exe
2012-10-27 18:07:56        63336        ----a-w-        C:\Windows\System32\nvshext.dll
2012-10-27 18:07:56        6200680        ----a-w-        C:\Windows\System32\nvcpl.dll
2012-10-27 18:07:56        3536817        ----a-w-        C:\Windows\System32\nvcoproc.bin
2012-10-27 18:07:56        3293544        ----a-w-        C:\Windows\System32\nvsvc64.dll
2012-10-27 18:07:56        2557800        ----a-w-        C:\Windows\System32\nvsvcr.dll
2012-10-27 18:07:56        118120        ----a-w-        C:\Windows\System32\nvmctray.dll
2012-10-27 18:07:25        --------        d-----w-        C:\ProgramData\NVIDIA Corporation
2012-10-27 11:01:37        7720        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe220.dll
2012-10-27 11:01:37        204432        ----a-w-        C:\Users\Michpal\AppData\Roaming\AcroIEHelpe220.dll
2012-10-25 20:35:59        0        ----a-w-        C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.tmp
2012-10-25 15:35:00        7720        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe219.dll
2012-10-22 19:29:48        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.034
2012-10-17 18:21:00        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.033
2012-10-17 12:40:11        95208        ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:54:31        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.031
2012-10-16 14:53:15        --------        d-----w-        C:\Users\Michpal\AppData\Local\Arktos
2012-10-15 18:29:56        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.030
2012-10-11 19:55:44        7424        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll
2012-10-10 18:31:18        1659760        ----a-w-        C:\Windows\System32\drivers\ntfs.sys
2012-10-10 18:31:14        5559664        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-10-10 18:31:01        3914096        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30:59        3968880        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30:43        424448        ----a-w-        C:\Windows\System32\KernelBase.dll
2012-10-10 18:30:43        338432        ----a-w-        C:\Windows\System32\conhost.exe
2012-10-10 18:30:43        215040        ----a-w-        C:\Windows\System32\winsrv.dll
2012-10-10 18:30:26        274944        ----a-w-        C:\Windows\SysWow64\KernelBase.dll
2012-10-10 18:30:26        243200        ----a-w-        C:\Windows\System32\wow64.dll
2012-10-10 18:30:22        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.029
2012-10-10 18:30:14        25600        ----a-w-        C:\Windows\SysWow64\setup16.exe
2012-10-10 18:30:11        7424        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll
2012-10-10 18:30:02        16384        ----a-w-        C:\Windows\System32\ntvdm64.dll
2012-10-10 18:28:59        3584        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27:56        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27:56        3072        ---ha-w-        C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27:55        4608        ---ha-w-        C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27:47        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27:27        3584        ---ha-w-        C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27:16        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25:57        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25:53        4096        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25:47        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25:41        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25:41        3072        ---ha-w-        C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25:32        2048        ----a-w-        C:\Windows\SysWow64\user.exe
2012-10-10 18:25:15        220160        ----a-w-        C:\Windows\System32\wintrust.dll
2012-10-10 18:25:06        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll
2012-10-10 18:22:26        2048        ----a-w-        C:\Windows\System32\tzres.dll
2012-10-10 18:22:24        2048        ----a-w-        C:\Windows\SysWow64\tzres.dll
2012-10-10 18:22:05        715776        ----a-w-        C:\Windows\System32\kerberos.dll
2012-10-10 18:22:02        542208        ----a-w-        C:\Windows\SysWow64\kerberos.dll
2012-10-10 18:21:57        1464320        ----a-w-        C:\Windows\System32\crypt32.dll
2012-10-10 18:21:53        1159680        ----a-w-        C:\Windows\SysWow64\crypt32.dll
2012-10-10 18:21:48        184320        ----a-w-        C:\Windows\System32\cryptsvc.dll
2012-10-10 18:21:48        140288        ----a-w-        C:\Windows\System32\cryptnet.dll
2012-10-10 18:21:40        140288        ----a-w-        C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 18:21:33        103936        ----a-w-        C:\Windows\SysWow64\cryptnet.dll
2012-10-05 14:14:25        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.025
2012-10-04 15:03:41        --------        d-----w-        C:\Users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52:38        --------        d-----w-        C:\Program Files\amBX
2012-10-04 14:52:31        --------        d-----w-        C:\Program Files (x86)\amBX
2012-10-04 14:50:32        176136        ----a-w-        C:\Windows\System32\drivers\SaiK0DC5.sys
2012-10-02 20:51:51        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.024
2012-10-02 11:15:52        430952        ----a-w-        C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 08:53:06        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50:07        --------        d-----w-        C:\Program Files (x86)\The Skins Factory
.
==================== Find3M  ====================
.
2012-10-26 20:03:39        281520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03:39        281520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03:25        280904        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01:49        73656        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01:49        696760        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 18:45:34        7424        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll
2012-09-13 13:26:50        1259888        ----a-w-        C:\Windows\System32\dmwu.exe
2012-09-13 13:25:38        35328        ----a-w-        C:\Windows\System32\ImHttpComm.dll
2012-09-07 17:42:42        821736        ----a-w-        C:\Windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42:42        746984        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2012-09-02 09:45:46        108008        ----a-w-        C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-02 09:45:43        916456        ----a-w-        C:\Windows\System32\deployJava1.dll
2012-09-02 09:45:43        1034216        ----a-w-        C:\Windows\System32\npDeployJava1.dll
2012-08-30 19:14:00        60776        ----a-w-        C:\Windows\System32\OpenCL.dll
2012-08-30 19:14:00        52584        ----a-w-        C:\Windows\SysWow64\OpenCL.dll
2012-08-24 10:31:32        2312704        ----a-w-        C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18        1392128        ----a-w-        C:\Windows\System32\wininet.dll
2012-08-24 10:20:11        1494528        ----a-w-        C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29        599040        ----a-w-        C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17        1800704        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27        1129472        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02        1427968        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26        142848        ----a-w-        C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12        420864        ----a-w-        C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-08-23 14:13:11        243200        ----a-w-        C:\Windows\System32\rdpudd.dll
2012-08-23 14:10:20        19456        ----a-w-        C:\Windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:07:35        57856        ----a-w-        C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20        46592        ----a-w-        C:\Windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20        16896        ----a-w-        C:\Windows\SysWow64\wksprtPS.dll
2012-08-23 13:41:52        13312        ----a-w-        C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-08-23 13:40:56        13312        ----a-w-        C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:24:57        15360        ----a-w-        C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-08-23 13:20:40        54272        ----a-w-        C:\Windows\System32\MsRdpWebAccess.dll
2012-08-23 13:18:14        37376        ----a-w-        C:\Windows\SysWow64\tsgqec.dll
2012-08-23 13:17:54        18432        ----a-w-        C:\Windows\System32\wksprtPS.dll
2012-08-23 13:06:58        43520        ----a-w-        C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-08-23 12:52:53        44032        ----a-w-        C:\Windows\System32\tsgqec.dll
2012-08-23 11:20:06        62976        ----a-w-        C:\Windows\System32\TSWbPrxy.exe
2012-08-23 11:15:57        269312        ----a-w-        C:\Windows\SysWow64\aaclient.dll
2012-08-23 11:14:09        384000        ----a-w-        C:\Windows\System32\wksprt.exe
2012-08-23 11:12:17        192000        ----a-w-        C:\Windows\SysWow64\rdpendp_winip.dll
2012-08-23 10:54:24        322560        ----a-w-        C:\Windows\System32\aaclient.dll
2012-08-23 10:51:14        228864        ----a-w-        C:\Windows\System32\rdpendp_winip.dll
2012-08-23 10:39:24        1048064        ----a-w-        C:\Windows\SysWow64\mstsc.exe
2012-08-23 10:22:22        1123840        ----a-w-        C:\Windows\System32\mstsc.exe
2012-08-23 09:51:57        3174912        ----a-w-        C:\Windows\System32\rdpcorets.dll
2012-08-23 08:19:01        4916224        ----a-w-        C:\Windows\SysWow64\mstscax.dll
2012-08-23 08:13:07        5773824        ----a-w-        C:\Windows\System32\mstscax.dll
2012-08-22 18:12:50        1913200        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40        950128        ----a-w-        C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40        376688        ----a-w-        C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33        288624        ----a-w-        C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00        245760        ----a-w-        C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44        362496        ----a-w-        C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44        13312        ----a-w-        C:\Windows\System32\wow64cpu.dll
2012-08-20 17:40:21        14336        ----a-w-        C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44        44032        ----a-w-        C:\Windows\apppatch\acwow64.dll
2012-08-20 17:37:19        5120        ----a-w-        C:\Windows\SysWow64\wow32.dll
2012-08-20 15:38:21        7680        ----a-w-        C:\Windows\SysWow64\instnm.exe
2012-08-20 15:33:28        6144        ---ha-w-        C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28        4608        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28        3584        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52        574464        ----a-w-        C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20        490496        ----a-w-        C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 12:48:04,74 ===============

--- --- ---
--- --- ---

ddsDDS Logfile:
Code:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.9.2
Run by Michpal at 12:42:06 on 2012-10-28
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8191.6319 [GMT 1:00]
.
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Installer\MSI8673.tmp
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\amBX\System\amBX_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
C:\Program Files\amBX\Control Panel\amBXDaemon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
D:\Games\Origin\Origin.exe
D:\Games\Origin\OriginClientService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = 122.49.77.1:80
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [imtazuvwobzvvzb] C:\ProgramData\imtazuvw.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [CPU Power Monitor] "C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMBXIL~1.LNK - C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A15BD116-72FB-405F-B624-B9EBD99A7FE0} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E581B93F-7959-48E2-9C4B-B606ACE5784D} : DHCPNameServer = 192.168.2.1 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
SSODL: WebCheck - <orphaned>
STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
x64-Run: [amBX Daemon] "C:\Program Files\amBX\Control Panel\amBXDaemon.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: CAveStartButtonChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Michpal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-21 289664]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-21 75936]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 amBX Saitek HAL Service;amBX Saitek HAL Service;C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2012-10-4 310784]
R2 amBX Service;amBX Service;C:\Program Files (x86)\amBX\System\amBX_Service.exe [2012-10-4 612864]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;C:\Windows\Installer\MSI8673.tmp [2012-10-2 102400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-27 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-27 676936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-29 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-21 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-21 162192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-27 1258856]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-18 188760]
R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-9-10 1259888]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-13 245760]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-21 65264]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-27 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-21 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-21 487296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 189288]
R3 SaiK0DC5;SaiK0DC5;C:\Windows\System32\drivers\SaiK0DC5.sys [2012-10-4 176136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2011-12-11 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-6 250808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-3-31 13352]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-21 100912]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-5 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 SaiKF622;SaiKF622;C:\Windows\System32\drivers\SaiKF622.sys [2009-6-10 140800]
S3 Sony PC Companion;Sony PC Companion;"C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" --> C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
.
=============== Created Last 30 ================
.
2012-10-27 21:51:21        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51:08        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-10-27 21:51:07        25928        ----a-w-        C:\Windows\System32\drivers\mbam.sys
2012-10-27 21:51:06        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42:21        458712        ----a-w-        C:\Windows\System32\drivers\cng.sys
2012-10-27 18:42:21        340992        ----a-w-        C:\Windows\System32\schannel.dll
2012-10-27 18:42:21        307200        ----a-w-        C:\Windows\System32\ncrypt.dll
2012-10-27 18:42:21        247808        ----a-w-        C:\Windows\SysWow64\schannel.dll
2012-10-27 18:42:21        154480        ----a-w-        C:\Windows\System32\drivers\ksecpkg.sys
2012-10-27 18:42:20        220160        ----a-w-        C:\Windows\SysWow64\ncrypt.dll
2012-10-27 18:42:20        22016        ----a-w-        C:\Windows\SysWow64\secur32.dll
2012-10-27 18:42:20        1448448        ----a-w-        C:\Windows\System32\lsasrv.dll
2012-10-27 18:42:19        96768        ----a-w-        C:\Windows\SysWow64\sspicli.dll
2012-10-27 18:07:56        891240        ----a-w-        C:\Windows\System32\nvvsvc.exe
2012-10-27 18:07:56        63336        ----a-w-        C:\Windows\System32\nvshext.dll
2012-10-27 18:07:56        6200680        ----a-w-        C:\Windows\System32\nvcpl.dll
2012-10-27 18:07:56        3536817        ----a-w-        C:\Windows\System32\nvcoproc.bin
2012-10-27 18:07:56        3293544        ----a-w-        C:\Windows\System32\nvsvc64.dll
2012-10-27 18:07:56        2557800        ----a-w-        C:\Windows\System32\nvsvcr.dll
2012-10-27 18:07:56        118120        ----a-w-        C:\Windows\System32\nvmctray.dll
2012-10-27 18:07:25        --------        d-----w-        C:\ProgramData\NVIDIA Corporation
2012-10-27 11:01:37        7720        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe220.dll
2012-10-27 11:01:37        204432        ----a-w-        C:\Users\Michpal\AppData\Roaming\AcroIEHelpe220.dll
2012-10-25 20:35:59        0        ----a-w-        C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.tmp
2012-10-25 15:35:00        7720        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe219.dll
2012-10-22 19:29:48        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.034
2012-10-17 18:21:00        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.033
2012-10-17 12:40:11        95208        ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:54:31        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.031
2012-10-16 14:53:15        --------        d-----w-        C:\Users\Michpal\AppData\Local\Arktos
2012-10-15 18:29:56        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.030
2012-10-11 19:55:44        7424        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll
2012-10-10 18:31:18        1659760        ----a-w-        C:\Windows\System32\drivers\ntfs.sys
2012-10-10 18:31:14        5559664        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-10-10 18:31:01        3914096        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30:59        3968880        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30:43        424448        ----a-w-        C:\Windows\System32\KernelBase.dll
2012-10-10 18:30:43        338432        ----a-w-        C:\Windows\System32\conhost.exe
2012-10-10 18:30:43        215040        ----a-w-        C:\Windows\System32\winsrv.dll
2012-10-10 18:30:26        274944        ----a-w-        C:\Windows\SysWow64\KernelBase.dll
2012-10-10 18:30:26        243200        ----a-w-        C:\Windows\System32\wow64.dll
2012-10-10 18:30:22        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.029
2012-10-10 18:30:14        25600        ----a-w-        C:\Windows\SysWow64\setup16.exe
2012-10-10 18:30:11        7424        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll
2012-10-10 18:30:02        16384        ----a-w-        C:\Windows\System32\ntvdm64.dll
2012-10-10 18:28:59        3584        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27:56        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27:56        3072        ---ha-w-        C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27:55        4608        ---ha-w-        C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27:47        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27:27        3584        ---ha-w-        C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27:16        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25:57        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25:53        4096        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25:47        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25:41        4096        ---ha-w-        C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25:41        3072        ---ha-w-        C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25:32        2048        ----a-w-        C:\Windows\SysWow64\user.exe
2012-10-10 18:25:15        220160        ----a-w-        C:\Windows\System32\wintrust.dll
2012-10-10 18:25:06        172544        ----a-w-        C:\Windows\SysWow64\wintrust.dll
2012-10-10 18:22:26        2048        ----a-w-        C:\Windows\System32\tzres.dll
2012-10-10 18:22:24        2048        ----a-w-        C:\Windows\SysWow64\tzres.dll
2012-10-10 18:22:05        715776        ----a-w-        C:\Windows\System32\kerberos.dll
2012-10-10 18:22:02        542208        ----a-w-        C:\Windows\SysWow64\kerberos.dll
2012-10-10 18:21:57        1464320        ----a-w-        C:\Windows\System32\crypt32.dll
2012-10-10 18:21:53        1159680        ----a-w-        C:\Windows\SysWow64\crypt32.dll
2012-10-10 18:21:48        184320        ----a-w-        C:\Windows\System32\cryptsvc.dll
2012-10-10 18:21:48        140288        ----a-w-        C:\Windows\System32\cryptnet.dll
2012-10-10 18:21:40        140288        ----a-w-        C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 18:21:33        103936        ----a-w-        C:\Windows\SysWow64\cryptnet.dll
2012-10-05 14:14:25        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.025
2012-10-04 15:03:41        --------        d-----w-        C:\Users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52:38        --------        d-----w-        C:\Program Files\amBX
2012-10-04 14:52:31        --------        d-----w-        C:\Program Files (x86)\amBX
2012-10-04 14:50:32        176136        ----a-w-        C:\Windows\System32\drivers\SaiK0DC5.sys
2012-10-02 20:51:51        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\14001.024
2012-10-02 11:15:52        430952        ----a-w-        C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 08:53:06        --------        d-----w-        C:\Users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50:07        --------        d-----w-        C:\Program Files (x86)\The Skins Factory
.
==================== Find3M  ====================
.
2012-10-26 20:03:39        281520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03:39        281520        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03:25        280904        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01:49        73656        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01:49        696760        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 18:45:34        7424        ----a-w-        C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll
2012-09-13 13:26:50        1259888        ----a-w-        C:\Windows\System32\dmwu.exe
2012-09-13 13:25:38        35328        ----a-w-        C:\Windows\System32\ImHttpComm.dll
2012-09-07 17:42:42        821736        ----a-w-        C:\Windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42:42        746984        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2012-09-02 09:45:46        108008        ----a-w-        C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-02 09:45:43        916456        ----a-w-        C:\Windows\System32\deployJava1.dll
2012-09-02 09:45:43        1034216        ----a-w-        C:\Windows\System32\npDeployJava1.dll
2012-08-30 19:14:00        60776        ----a-w-        C:\Windows\System32\OpenCL.dll
2012-08-30 19:14:00        52584        ----a-w-        C:\Windows\SysWow64\OpenCL.dll
2012-08-24 10:31:32        2312704        ----a-w-        C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18        1392128        ----a-w-        C:\Windows\System32\wininet.dll
2012-08-24 10:20:11        1494528        ----a-w-        C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29        599040        ----a-w-        C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17        1800704        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27        1129472        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02        1427968        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26        142848        ----a-w-        C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12        420864        ----a-w-        C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-08-23 14:13:11        243200        ----a-w-        C:\Windows\System32\rdpudd.dll
2012-08-23 14:10:20        19456        ----a-w-        C:\Windows\System32\drivers\rdpvideominiport.sys
2012-08-23 14:07:35        57856        ----a-w-        C:\Windows\System32\drivers\TsUsbFlt.sys
2012-08-23 13:47:20        46592        ----a-w-        C:\Windows\SysWow64\MsRdpWebAccess.dll
2012-08-23 13:46:20        16896        ----a-w-        C:\Windows\SysWow64\wksprtPS.dll
2012-08-23 13:41:52        13312        ----a-w-        C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-08-23 13:40:56        13312        ----a-w-        C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:24:57        15360        ----a-w-        C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-08-23 13:20:40        54272        ----a-w-        C:\Windows\System32\MsRdpWebAccess.dll
2012-08-23 13:18:14        37376        ----a-w-        C:\Windows\SysWow64\tsgqec.dll
2012-08-23 13:17:54        18432        ----a-w-        C:\Windows\System32\wksprtPS.dll
2012-08-23 13:06:58        43520        ----a-w-        C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-08-23 12:52:53        44032        ----a-w-        C:\Windows\System32\tsgqec.dll
2012-08-23 11:20:06        62976        ----a-w-        C:\Windows\System32\TSWbPrxy.exe
2012-08-23 11:15:57        269312        ----a-w-        C:\Windows\SysWow64\aaclient.dll
2012-08-23 11:14:09        384000        ----a-w-        C:\Windows\System32\wksprt.exe
2012-08-23 11:12:17        192000        ----a-w-        C:\Windows\SysWow64\rdpendp_winip.dll
2012-08-23 10:54:24        322560        ----a-w-        C:\Windows\System32\aaclient.dll
2012-08-23 10:51:14        228864        ----a-w-        C:\Windows\System32\rdpendp_winip.dll
2012-08-23 10:39:24        1048064        ----a-w-        C:\Windows\SysWow64\mstsc.exe
2012-08-23 10:22:22        1123840        ----a-w-        C:\Windows\System32\mstsc.exe
2012-08-23 09:51:57        3174912        ----a-w-        C:\Windows\System32\rdpcorets.dll
2012-08-23 08:19:01        4916224        ----a-w-        C:\Windows\SysWow64\mstscax.dll
2012-08-23 08:13:07        5773824        ----a-w-        C:\Windows\System32\mstscax.dll
2012-08-22 18:12:50        1913200        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40        950128        ----a-w-        C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40        376688        ----a-w-        C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33        288624        ----a-w-        C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00        245760        ----a-w-        C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44        362496        ----a-w-        C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44        13312        ----a-w-        C:\Windows\System32\wow64cpu.dll
2012-08-20 17:40:21        14336        ----a-w-        C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44        44032        ----a-w-        C:\Windows\apppatch\acwow64.dll
2012-08-20 17:37:19        5120        ----a-w-        C:\Windows\SysWow64\wow32.dll
2012-08-20 15:38:21        7680        ----a-w-        C:\Windows\SysWow64\instnm.exe
2012-08-20 15:33:28        6144        ---ha-w-        C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28        4608        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28        3584        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28        3072        ---ha-w-        C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52        574464        ----a-w-        C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20        490496        ----a-w-        C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 12:48:04,74 ===============
--- --- ---

2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE Starting protection
2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE Protection started successfully
2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE Starting IP protection
2012/10/28 07:32:35 +0100 MICHPAL-PC Michpal MESSAGE IP Protection started successfully
2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE Starting protection
2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE Protection started successfully
2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE Starting IP protection
2012/10/28 10:26:33 +0100 MICHPAL-PC Michpal MESSAGE IP Protection started successfully
2012/10/28 10:52:13 +0100 MICHPAL-PC Michpal MESSAGE Starting protection
2012/10/28 10:52:13 +0100 MICHPAL-PC Michpal MESSAGE Protection started successfully
2012/10/28 10:52:13 +0100 MICHPAL-PC Michpal MESSAGE Starting IP protection
2012/10/28 10:52:14 +0100 MICHPAL-PC Michpal MESSAGE IP Protection started successfully

2012/10/27 23:51:34 +0200 MICHPAL-PC Michpal MESSAGE Starting protection
2012/10/27 23:51:34 +0200 MICHPAL-PC Michpal MESSAGE Protection started successfully
2012/10/27 23:51:34 +0200 MICHPAL-PC Michpal MESSAGE Starting IP protection
2012/10/27 23:51:35 +0200 MICHPAL-PC Michpal MESSAGE IP Protection started successfully
2012/10/27 23:51:45 +0200 MICHPAL-PC Michpal MESSAGE Starting database refresh
2012/10/27 23:51:45 +0200 MICHPAL-PC Michpal MESSAGE Stopping IP protection
2012/10/27 23:51:45 +0200 MICHPAL-PC Michpal MESSAGE IP Protection stopped successfully
2012/10/27 23:51:48 +0200 MICHPAL-PC Michpal MESSAGE Database refreshed successfully
2012/10/27 23:51:48 +0200 MICHPAL-PC Michpal MESSAGE Starting IP protection
2012/10/27 23:51:49 +0200 MICHPAL-PC Michpal MESSAGE IP Protection started successfully
2012/10/27 23:55:38 +0200 MICHPAL-PC (null) MESSAGE Executing scheduled update: Daily
2012/10/27 23:55:46 +0200 MICHPAL-PC Michpal MESSAGE Starting protection
2012/10/27 23:55:46 +0200 MICHPAL-PC Michpal MESSAGE Protection started successfully
2012/10/27 23:55:46 +0200 MICHPAL-PC Michpal MESSAGE Starting IP protection
2012/10/27 23:55:47 +0200 MICHPAL-PC Michpal MESSAGE IP Protection started successfully
2012/10/27 23:56:16 +0200 MICHPAL-PC Michpal MESSAGE Database already up-to-date

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.10.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michpal :: MICHPAL-PC [Administrator]

Schutz: Aktiviert

27.10.2012 23:51:59
mbam-log-2012-10-27 (23-51-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 30191
Laufzeit: 1 Minute(n), 40 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CodecUpdater (Trojan.Dropper.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Downloader) -> Daten: C:\Users\Michpal\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Michpal\AppData\Roaming\appconf32.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michpal\AppData\Roaming\AcroIEHelpe219.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe212.dll (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe214.dll (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michpal :: MICHPAL-PC [Administrator]

Schutz: Aktiviert

27.10.2012 23:57:06
mbam-log-2012-10-27 (23-57-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 253206
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Michpal\AppData\Local\Temp\g7i0ol_kaz.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Michpal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.10.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michpal :: MICHPAL-PC [Administrator]

Schutz: Aktiviert

28.10.2012 07:33:13
mbam-log-2012-10-28 (07-33-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 622987
Laufzeit: 2 Stunde(n), 25 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

so hier haben wir den Defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:07 on 28/10/2012 (Michpal)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
HKCU:AlcoholAutomount -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-28 13:13:51
-----------------------------
13:13:51.000 OS Version: Windows x64 6.1.7601 Service Pack 1
13:13:51.000 Number of processors: 2 586 0x1706
13:13:51.001 ComputerName: MICHPAL-PC UserName: Michpal
13:13:51.870 Initialize success
13:14:44.534 AVAST engine defs: 12102800
13:15:42.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:15:42.519 Disk 0 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
13:15:42.524 Disk 0 MBR read successfully
13:15:42.526 Disk 0 MBR scan
13:15:42.531 Disk 0 Windows 7 default MBR code
13:15:42.538 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 74998 MB offset 63
13:15:42.543 Disk 0 Partition - 00 0F Extended LBA 401930 MB offset 153597465
13:15:42.574 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 401930 MB offset 153597528
13:15:42.643 Disk 0 scanning C:\Windows\system32\drivers
13:15:54.170 Service scanning
13:16:12.149 Modules scanning
13:16:12.156 Disk 0 trace - called modules:
13:16:12.174 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys
13:16:12.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079e0410]
13:16:12.184 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007802580]
13:16:12.189 5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007804060]
13:16:12.879 AVAST engine scan C:\Windows
13:16:14.666 AVAST engine scan C:\Windows\system32
13:19:43.966 AVAST engine scan C:\Windows\system32\drivers
13:19:55.100 AVAST engine scan C:\Users\Michpal
13:26:34.494 File: C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll **INFECTED** Win32:Agent-AQEB [Trj]
13:26:34.575 File: C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll **INFECTED** Win32:Agent-AQEW [Trj]
13:26:34.602 File: C:\Users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll **INFECTED** Win32:Agent-AQFL [Trj]
13:27:57.134 AVAST engine scan C:\ProgramData
13:33:52.783 Disk 0 MBR has been saved successfully to "C:\Users\Michpal\Desktop\MBR.dat"
13:33:52.786 The log file has been saved successfully to "C:\Users\Michpal\Desktop\aswMBR.txt"

Michpal 28.10.2012 13:37
und zum schluss schritt 4 + Ergebnis

13:36:02.0551 0300 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:36:03.0675 0300 ============================================================
13:36:03.0675 0300 Current date / time: 2012/10/28 13:36:03.0675
13:36:03.0675 0300 SystemInfo:
13:36:03.0675 0300
13:36:03.0675 0300 OS Version: 6.1.7601 ServicePack: 1.0
13:36:03.0675 0300 Product type: Workstation
13:36:03.0675 0300 ComputerName: MICHPAL-PC
13:36:03.0676 0300 UserName: Michpal
13:36:03.0676 0300 Windows directory: C:\Windows
13:36:03.0676 0300 System windows directory: C:\Windows
13:36:03.0676 0300 Running under WOW64
13:36:03.0676 0300 Processor architecture: Intel x64
13:36:03.0676 0300 Number of processors: 2
13:36:03.0676 0300 Page size: 0x1000
13:36:03.0676 0300 Boot type: Normal boot
13:36:03.0676 0300 ============================================================
13:36:04.0523 0300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:36:04.0555 0300 ============================================================
13:36:04.0556 0300 \Device\Harddisk0\DR0:
13:36:04.0556 0300 MBR partitions:
13:36:04.0556 0300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x927B5DA
13:36:04.0565 0300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927B658, BlocksNum 0x31105728
13:36:04.0565 0300 ============================================================
13:36:04.0582 0300 C: <-> \Device\Harddisk0\DR0\Partition1
13:36:04.0596 0300 D: <-> \Device\Harddisk0\DR0\Partition2
13:36:04.0596 0300 ============================================================
13:36:04.0596 0300 Initialize success
13:36:04.0596 0300 ============================================================
13:36:06.0260 5080 ============================================================
13:36:06.0260 5080 Scan started
13:36:06.0260 5080 Mode: Manual;
13:36:06.0260 5080 ============================================================
13:36:07.0082 5080 ================ Scan system memory ========================
13:36:07.0082 5080 System memory - ok
13:36:07.0083 5080 ================ Scan services =============================
13:36:07.0219 5080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:36:07.0222 5080 1394ohci - ok
13:36:07.0257 5080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:36:07.0293 5080 ACPI - ok
13:36:07.0311 5080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:36:07.0311 5080 AcpiPmi - ok
13:36:07.0323 5080 ADIHdAudAddService - ok
13:36:07.0405 5080 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:36:07.0406 5080 AdobeARMservice - ok
13:36:07.0547 5080 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:36:07.0549 5080 AdobeFlashPlayerUpdateSvc - ok
13:36:07.0595 5080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:36:07.0601 5080 adp94xx - ok
13:36:07.0618 5080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:36:07.0626 5080 adpahci - ok
13:36:07.0644 5080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:36:07.0646 5080 adpu320 - ok
13:36:07.0675 5080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:36:07.0677 5080 AeLookupSvc - ok
13:36:07.0714 5080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:36:07.0757 5080 AFD - ok
13:36:07.0788 5080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:36:07.0790 5080 agp440 - ok
13:36:07.0803 5080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:36:07.0804 5080 ALG - ok
13:36:07.0817 5080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:36:07.0820 5080 aliide - ok
13:36:07.0867 5080 [ 766328EE8F5F372D66B45F4A86655E3F ] amBX Saitek HAL Service C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
13:36:07.0869 5080 amBX Saitek HAL Service - ok
13:36:07.0930 5080 [ 9D76B432DBE317A6437C8F157A67C097 ] amBX Service C:\Program Files (x86)\amBX\System\amBX_Service.exe
13:36:07.0972 5080 amBX Service - ok
13:36:07.0989 5080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:36:07.0990 5080 amdide - ok
13:36:08.0012 5080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:36:08.0015 5080 AmdK8 - ok
13:36:08.0018 5080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:36:08.0019 5080 AmdPPM - ok
13:36:08.0047 5080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:36:08.0048 5080 amdsata - ok
13:36:08.0052 5080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:36:08.0055 5080 amdsbs - ok
13:36:08.0080 5080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:36:08.0080 5080 amdxata - ok
13:36:08.0120 5080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:36:08.0153 5080 AppID - ok
13:36:08.0166 5080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:36:08.0169 5080 AppIDSvc - ok
13:36:08.0194 5080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:36:08.0195 5080 Appinfo - ok
13:36:08.0204 5080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:36:08.0207 5080 arc - ok
13:36:08.0221 5080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:36:08.0222 5080 arcsas - ok
13:36:08.0261 5080 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
13:36:08.0300 5080 AsIO - ok
13:36:08.0369 5080 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:36:08.0402 5080 aspnet_state - ok
13:36:08.0457 5080 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
13:36:08.0458 5080 AsUpIO - ok
13:36:08.0469 5080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:08.0470 5080 AsyncMac - ok
13:36:08.0487 5080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:36:08.0487 5080 atapi - ok
13:36:08.0522 5080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:36:08.0538 5080 AudioEndpointBuilder - ok
13:36:08.0552 5080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:36:08.0555 5080 AudioSrv - ok
13:36:08.0607 5080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:36:08.0631 5080 AxInstSV - ok
13:36:08.0660 5080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:36:08.0665 5080 b06bdrv - ok
13:36:08.0690 5080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:36:08.0693 5080 b57nd60a - ok
13:36:08.0728 5080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:36:08.0731 5080 BDESVC - ok
13:36:08.0751 5080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:36:08.0752 5080 Beep - ok
13:36:08.0791 5080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:36:08.0819 5080 BFE - ok
13:36:08.0842 5080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:36:08.0847 5080 BITS - ok
13:36:08.0867 5080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:36:08.0868 5080 blbdrive - ok
13:36:08.0884 5080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:36:08.0886 5080 bowser - ok
13:36:08.0888 5080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:36:08.0892 5080 BrFiltLo - ok
13:36:08.0895 5080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:36:08.0898 5080 BrFiltUp - ok
13:36:08.0921 5080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:36:08.0924 5080 Browser - ok
13:36:08.0936 5080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:36:08.0939 5080 Brserid - ok
13:36:08.0943 5080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:08.0944 5080 BrSerWdm - ok
13:36:08.0948 5080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:08.0949 5080 BrUsbMdm - ok
13:36:08.0953 5080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:08.0954 5080 BrUsbSer - ok
13:36:09.0007 5080 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
13:36:09.0044 5080 BrYNSvc - ok
13:36:09.0047 5080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:09.0048 5080 BTHMODEM - ok
13:36:09.0060 5080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:36:09.0061 5080 bthserv - ok
13:36:09.0074 5080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:36:09.0075 5080 cdfs - ok
13:36:09.0095 5080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:36:09.0125 5080 cdrom - ok
13:36:09.0144 5080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:36:09.0145 5080 CertPropSvc - ok
13:36:09.0178 5080 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
13:36:09.0179 5080 cfwids - ok
13:36:09.0199 5080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:36:09.0200 5080 circlass - ok
13:36:09.0224 5080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:36:09.0227 5080 CLFS - ok
13:36:09.0270 5080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:09.0273 5080 clr_optimization_v2.0.50727_32 - ok
13:36:09.0304 5080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:36:09.0309 5080 clr_optimization_v2.0.50727_64 - ok
13:36:09.0356 5080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:09.0391 5080 clr_optimization_v4.0.30319_32 - ok
13:36:09.0403 5080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:36:09.0439 5080 clr_optimization_v4.0.30319_64 - ok
13:36:09.0442 5080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:09.0443 5080 CmBatt - ok
13:36:09.0462 5080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:36:09.0465 5080 cmdide - ok
13:36:09.0487 5080 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:36:09.0491 5080 CNG - ok
13:36:09.0501 5080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:36:09.0505 5080 Compbatt - ok
13:36:09.0526 5080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:36:09.0560 5080 CompositeBus - ok
13:36:09.0568 5080 COMSysApp - ok
13:36:09.0582 5080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:09.0583 5080 crcdisk - ok
13:36:09.0609 5080 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:36:09.0611 5080 CryptSvc - ok
13:36:09.0644 5080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:36:09.0661 5080 DcomLaunch - ok
13:36:09.0679 5080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:36:09.0683 5080 defragsvc - ok
13:36:09.0713 5080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:36:09.0714 5080 DfsC - ok
13:36:09.0750 5080 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:36:09.0751 5080 dg_ssudbus - ok
13:36:09.0777 5080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:36:09.0778 5080 Dhcp - ok
13:36:09.0786 5080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:36:09.0787 5080 discache - ok
13:36:09.0806 5080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:36:09.0807 5080 Disk - ok
13:36:09.0841 5080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:36:09.0843 5080 Dnscache - ok
13:36:09.0874 5080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:36:09.0899 5080 dot3svc - ok
13:36:09.0920 5080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:36:09.0922 5080 DPS - ok
13:36:09.0950 5080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:36:09.0954 5080 drmkaud - ok
13:36:09.0994 5080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:36:10.0020 5080 DXGKrnl - ok
13:36:10.0032 5080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:36:10.0037 5080 EapHost - ok
13:36:10.0101 5080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:36:10.0148 5080 ebdrv - ok
13:36:10.0165 5080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:36:10.0166 5080 EFS - ok
13:36:10.0215 5080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:36:10.0264 5080 ehRecvr - ok
13:36:10.0279 5080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:36:10.0282 5080 ehSched - ok
13:36:10.0307 5080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:36:10.0312 5080 elxstor - ok
13:36:10.0328 5080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:36:10.0329 5080 ErrDev - ok
13:36:10.0354 5080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:36:10.0358 5080 EventSystem - ok
13:36:10.0367 5080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:36:10.0369 5080 exfat - ok
13:36:10.0380 5080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:36:10.0384 5080 fastfat - ok
13:36:10.0423 5080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:36:10.0456 5080 Fax - ok
13:36:10.0469 5080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:36:10.0470 5080 fdc - ok
13:36:10.0480 5080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:36:10.0483 5080 fdPHost - ok
13:36:10.0490 5080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:36:10.0491 5080 FDResPub - ok
13:36:10.0501 5080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:36:10.0502 5080 FileInfo - ok
13:36:10.0515 5080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:36:10.0516 5080 Filetrace - ok
13:36:10.0529 5080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:10.0531 5080 flpydisk - ok
13:36:10.0558 5080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:36:10.0561 5080 FltMgr - ok
13:36:10.0594 5080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:36:10.0634 5080 FontCache - ok
13:36:10.0678 5080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:10.0713 5080 FontCache3.0.0.0 - ok
13:36:10.0718 5080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:36:10.0720 5080 FsDepends - ok
13:36:10.0739 5080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:36:10.0740 5080 Fs_Rec - ok
13:36:10.0760 5080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:36:10.0763 5080 fvevol - ok
13:36:10.0769 5080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:10.0773 5080 gagp30kx - ok
13:36:10.0808 5080 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
13:36:10.0842 5080 ggflt - ok
13:36:10.0868 5080 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
13:36:10.0901 5080 ggsemc - ok
13:36:10.0931 5080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:36:10.0946 5080 gpsvc - ok
13:36:11.0024 5080 GPU-Z - ok
13:36:11.0037 5080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:36:11.0039 5080 hcw85cir - ok
13:36:11.0079 5080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:36:11.0118 5080 HdAudAddService - ok
13:36:11.0143 5080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:11.0144 5080 HDAudBus - ok
13:36:11.0147 5080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:11.0149 5080 HidBatt - ok
13:36:11.0154 5080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:36:11.0155 5080 HidBth - ok
13:36:11.0170 5080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:36:11.0171 5080 HidIr - ok
13:36:11.0193 5080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:36:11.0194 5080 hidserv - ok
13:36:11.0222 5080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:36:11.0254 5080 HidUsb - ok
13:36:11.0275 5080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:36:11.0276 5080 hkmsvc - ok
13:36:11.0303 5080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:36:11.0327 5080 HomeGroupListener - ok
13:36:11.0348 5080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:36:11.0351 5080 HomeGroupProvider - ok
13:36:11.0360 5080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:36:11.0394 5080 HpSAMD - ok
13:36:11.0426 5080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:36:11.0444 5080 HTTP - ok
13:36:11.0465 5080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:36:11.0466 5080 hwpolicy - ok
13:36:11.0526 5080 [ EA644A529809D2218C0D7062582DD4DD ] HyperDeskCustomThemeEnabler C:\Windows\Installer\MSI8673.tmp
13:36:11.0527 5080 HyperDeskCustomThemeEnabler - ok
13:36:11.0552 5080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:36:11.0556 5080 i8042prt - ok
13:36:11.0615 5080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:36:11.0636 5080 iaStorV - ok
13:36:11.0736 5080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:36:11.0789 5080 idsvc - ok
13:36:11.0803 5080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:36:11.0807 5080 iirsp - ok
13:36:11.0830 5080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:36:11.0845 5080 IKEEXT - ok
13:36:11.0854 5080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:36:11.0855 5080 intelide - ok
13:36:11.0879 5080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:36:11.0882 5080 intelppm - ok
13:36:11.0896 5080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:36:11.0897 5080 IPBusEnum - ok
13:36:11.0919 5080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:11.0949 5080 IpFilterDriver - ok
13:36:11.0977 5080 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:36:12.0004 5080 iphlpsvc - ok
13:36:12.0025 5080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:36:12.0027 5080 IPMIDRV - ok
13:36:12.0044 5080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:36:12.0047 5080 IPNAT - ok
13:36:12.0066 5080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:36:12.0068 5080 IRENUM - ok
13:36:12.0079 5080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:36:12.0082 5080 isapnp - ok
13:36:12.0110 5080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:36:12.0143 5080 iScsiPrt - ok
13:36:12.0175 5080 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
13:36:12.0177 5080 JRAID - ok
13:36:12.0188 5080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:12.0192 5080 kbdclass - ok
13:36:12.0202 5080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:36:12.0236 5080 kbdhid - ok
13:36:12.0248 5080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:36:12.0249 5080 KeyIso - ok
13:36:12.0274 5080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:36:12.0299 5080 KSecDD - ok
13:36:12.0319 5080 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:36:12.0321 5080 KSecPkg - ok
13:36:12.0334 5080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:36:12.0335 5080 ksthunk - ok
13:36:12.0356 5080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:36:12.0361 5080 KtmRm - ok
13:36:12.0385 5080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:36:12.0389 5080 LanmanServer - ok
13:36:12.0414 5080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:36:12.0417 5080 LanmanWorkstation - ok
13:36:12.0451 5080 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
13:36:12.0483 5080 LGBusEnum - ok
13:36:12.0508 5080 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
13:36:12.0508 5080 LGVirHid - ok
13:36:12.0522 5080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:36:12.0523 5080 lltdio - ok
13:36:12.0552 5080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:36:12.0554 5080 lltdsvc - ok
13:36:12.0564 5080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:36:12.0568 5080 lmhosts - ok
13:36:12.0597 5080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:12.0599 5080 LSI_FC - ok
13:36:12.0611 5080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:12.0613 5080 LSI_SAS - ok
13:36:12.0630 5080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:12.0632 5080 LSI_SAS2 - ok
13:36:12.0645 5080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:12.0649 5080 LSI_SCSI - ok
13:36:12.0686 5080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:36:12.0687 5080 luafv - ok
13:36:12.0713 5080 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:36:12.0714 5080 MBAMProtector - ok
13:36:12.0790 5080 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:36:12.0792 5080 MBAMScheduler - ok
13:36:12.0831 5080 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:36:12.0834 5080 MBAMService - ok
13:36:12.0914 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:36:12.0915 5080 McMPFSvc - ok
13:36:12.0921 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:36:12.0923 5080 mcmscsvc - ok
13:36:12.0939 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:36:12.0941 5080 McNaiAnn - ok
13:36:12.0956 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:36:12.0958 5080 McNASvc - ok
13:36:13.0016 5080 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
13:36:13.0018 5080 McODS - ok
13:36:13.0033 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:36:13.0034 5080 McProxy - ok
13:36:13.0070 5080 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:36:13.0103 5080 McShield - ok
13:36:13.0129 5080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:36:13.0155 5080 Mcx2Svc - ok
13:36:13.0172 5080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:36:13.0173 5080 megasas - ok
13:36:13.0193 5080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:13.0197 5080 MegaSR - ok
13:36:13.0218 5080 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
13:36:13.0220 5080 mfeapfk - ok
13:36:13.0232 5080 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
13:36:13.0266 5080 mfeavfk - ok
13:36:13.0288 5080 mfeavfk01 - ok
13:36:13.0295 5080 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:36:13.0328 5080 mfefire - ok
13:36:13.0358 5080 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
13:36:13.0362 5080 mfefirek - ok
13:36:13.0390 5080 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
13:36:13.0404 5080 mfehidk - ok
13:36:13.0423 5080 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
13:36:13.0454 5080 mfenlfk - ok
13:36:13.0467 5080 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
13:36:13.0469 5080 mferkdet - ok
13:36:13.0495 5080 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe
13:36:13.0496 5080 mfevtp - ok
13:36:13.0520 5080 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
13:36:13.0523 5080 mfewfpk - ok
13:36:13.0542 5080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:36:13.0544 5080 MMCSS - ok
13:36:13.0562 5080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:36:13.0564 5080 Modem - ok
13:36:13.0583 5080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:36:13.0584 5080 monitor - ok
13:36:13.0612 5080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:36:13.0615 5080 mouclass - ok
13:36:13.0624 5080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:36:13.0625 5080 mouhid - ok
13:36:13.0646 5080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:36:13.0648 5080 mountmgr - ok
13:36:13.0694 5080 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:36:13.0696 5080 MozillaMaintenance - ok
13:36:13.0716 5080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:36:13.0718 5080 mpio - ok
13:36:13.0737 5080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:36:13.0742 5080 mpsdrv - ok
13:36:13.0781 5080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:36:13.0797 5080 MpsSvc - ok
13:36:13.0817 5080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:36:13.0852 5080 MRxDAV - ok
13:36:13.0874 5080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:13.0876 5080 mrxsmb - ok
13:36:13.0900 5080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:13.0904 5080 mrxsmb10 - ok
13:36:13.0911 5080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:13.0913 5080 mrxsmb20 - ok
13:36:13.0924 5080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:36:13.0925 5080 msahci - ok
13:36:13.0950 5080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:36:13.0987 5080 msdsm - ok
13:36:14.0001 5080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:36:14.0006 5080 MSDTC - ok
13:36:14.0030 5080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:36:14.0031 5080 Msfs - ok
13:36:14.0058 5080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:36:14.0058 5080 mshidkmdf - ok
13:36:14.0079 5080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:36:14.0080 5080 msisadrv - ok
13:36:14.0100 5080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:36:14.0101 5080 MSiSCSI - ok
13:36:14.0105 5080 msiserver - ok
13:36:14.0122 5080 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:36:14.0124 5080 MSK80Service - ok
13:36:14.0155 5080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:36:14.0156 5080 MSKSSRV - ok
13:36:14.0159 5080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:14.0160 5080 MSPCLOCK - ok
13:36:14.0164 5080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:36:14.0166 5080 MSPQM - ok
13:36:14.0192 5080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:36:14.0196 5080 MsRPC - ok
13:36:14.0208 5080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:36:14.0209 5080 mssmbios - ok
13:36:14.0222 5080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:36:14.0223 5080 MSTEE - ok
13:36:14.0225 5080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:36:14.0228 5080 MTConfig - ok
13:36:14.0258 5080 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:36:14.0259 5080 MTsensor - ok
13:36:14.0275 5080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:36:14.0276 5080 Mup - ok
13:36:14.0302 5080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:36:14.0307 5080 napagent - ok
13:36:14.0338 5080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:36:14.0341 5080 NativeWifiP - ok
13:36:14.0378 5080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:36:14.0393 5080 NDIS - ok
13:36:14.0406 5080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:14.0407 5080 NdisCap - ok
13:36:14.0429 5080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:14.0431 5080 NdisTapi - ok
13:36:14.0462 5080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:14.0492 5080 Ndisuio - ok
13:36:14.0519 5080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:14.0552 5080 NdisWan - ok
13:36:14.0573 5080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:36:14.0604 5080 NDProxy - ok
13:36:14.0615 5080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:36:14.0616 5080 NetBIOS - ok
13:36:14.0638 5080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:36:14.0640 5080 NetBT - ok
13:36:14.0648 5080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:36:14.0649 5080 Netlogon - ok
13:36:14.0683 5080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:36:14.0687 5080 Netman - ok
13:36:14.0733 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:14.0735 5080 NetMsmqActivator - ok
13:36:14.0738 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:14.0739 5080 NetPipeActivator - ok
13:36:14.0756 5080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:36:14.0758 5080 netprofm - ok
13:36:14.0762 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:14.0763 5080 NetTcpActivator - ok
13:36:14.0766 5080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:14.0766 5080 NetTcpPortSharing - ok
13:36:14.0788 5080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:36:14.0791 5080 nfrd960 - ok
13:36:14.0809 5080 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:36:14.0834 5080 NlaSvc - ok
13:36:14.0840 5080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:36:14.0841 5080 Npfs - ok
13:36:14.0855 5080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:36:14.0857 5080 nsi - ok
13:36:14.0868 5080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:36:14.0869 5080 nsiproxy - ok
13:36:14.0914 5080 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:36:14.0940 5080 Ntfs - ok
13:36:14.0948 5080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:36:14.0948 5080 Null - ok
13:36:14.0989 5080 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
13:36:15.0021 5080 NVHDA - ok
13:36:15.0239 5080 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:36:15.0442 5080 nvlddmkm - ok
13:36:15.0462 5080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:36:15.0494 5080 nvraid - ok
13:36:15.0530 5080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:36:15.0533 5080 nvstor - ok
13:36:15.0592 5080 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
13:36:15.0599 5080 nvsvc - ok
13:36:15.0650 5080 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:36:15.0656 5080 nvUpdatusService - ok
13:36:15.0687 5080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:36:15.0689 5080 nv_agp - ok
13:36:15.0712 5080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:36:15.0716 5080 ohci1394 - ok
13:36:15.0737 5080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:36:15.0742 5080 p2pimsvc - ok
13:36:15.0758 5080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:36:15.0764 5080 p2psvc - ok
13:36:15.0781 5080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:36:15.0782 5080 Parport - ok
13:36:15.0810 5080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:36:15.0812 5080 partmgr - ok
13:36:15.0823 5080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:36:15.0827 5080 PcaSvc - ok
13:36:15.0845 5080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:36:15.0847 5080 pci - ok
13:36:15.0859 5080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:36:15.0860 5080 pciide - ok
13:36:15.0875 5080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:36:15.0877 5080 pcmcia - ok
13:36:15.0895 5080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:36:15.0896 5080 pcw - ok
13:36:15.0915 5080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:36:15.0928 5080 PEAUTH - ok
13:36:15.0970 5080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:36:15.0973 5080 PerfHost - ok
13:36:16.0023 5080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:36:16.0051 5080 pla - ok
13:36:16.0095 5080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:36:16.0098 5080 PlugPlay - ok
13:36:16.0120 5080 PnkBstrA - ok
13:36:16.0134 5080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:36:16.0139 5080 PNRPAutoReg - ok
13:36:16.0154 5080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:36:16.0159 5080 PNRPsvc - ok
13:36:16.0175 5080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:36:16.0177 5080 PolicyAgent - ok
13:36:16.0202 5080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:36:16.0206 5080 Power - ok
13:36:16.0232 5080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:36:16.0233 5080 PptpMiniport - ok
13:36:16.0242 5080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:36:16.0243 5080 Processor - ok
13:36:16.0267 5080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:36:16.0270 5080 ProfSvc - ok
13:36:16.0281 5080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:36:16.0282 5080 ProtectedStorage - ok
13:36:16.0309 5080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:36:16.0310 5080 Psched - ok
13:36:16.0351 5080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:36:16.0376 5080 ql2300 - ok
13:36:16.0387 5080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:36:16.0390 5080 ql40xx - ok
13:36:16.0403 5080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:36:16.0407 5080 QWAVE - ok
13:36:16.0416 5080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:36:16.0417 5080 QWAVEdrv - ok
13:36:16.0425 5080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:36:16.0426 5080 RasAcd - ok
13:36:16.0438 5080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:16.0440 5080 RasAgileVpn - ok
13:36:16.0454 5080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:36:16.0459 5080 RasAuto - ok
13:36:16.0468 5080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:16.0469 5080 Rasl2tp - ok
13:36:16.0486 5080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:36:16.0489 5080 RasMan - ok
13:36:16.0496 5080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:16.0497 5080 RasPppoe - ok
13:36:16.0507 5080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:36:16.0509 5080 RasSstp - ok
13:36:16.0530 5080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:36:16.0534 5080 rdbss - ok
13:36:16.0547 5080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:36:16.0550 5080 rdpbus - ok
13:36:16.0559 5080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:16.0560 5080 RDPCDD - ok
13:36:16.0581 5080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:36:16.0582 5080 RDPENCDD - ok
13:36:16.0589 5080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:36:16.0591 5080 RDPREFMP - ok
13:36:16.0634 5080 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:36:16.0636 5080 RdpVideoMiniport - ok
13:36:16.0656 5080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:36:16.0696 5080 RDPWD - ok
13:36:16.0731 5080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:36:16.0756 5080 rdyboost - ok
13:36:16.0778 5080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:36:16.0781 5080 RemoteAccess - ok
13:36:16.0790 5080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:36:16.0793 5080 RemoteRegistry - ok
13:36:16.0809 5080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:36:16.0811 5080 RpcEptMapper - ok
13:36:16.0828 5080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:36:16.0829 5080 RpcLocator - ok
13:36:16.0860 5080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:36:16.0863 5080 RpcSs - ok
13:36:16.0871 5080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:36:16.0873 5080 rspndr - ok
13:36:16.0903 5080 [ DDC0CEE273C7BF3E66A70F776A4F6E8C ] SaiK0DC5 C:\Windows\system32\DRIVERS\SaiK0DC5.sys
13:36:16.0906 5080 SaiK0DC5 - ok
13:36:16.0940 5080 [ 08D41F2633FC330749ABA842259483F8 ] SaiKF622 C:\Windows\system32\DRIVERS\SaiKF622.sys
13:36:16.0941 5080 SaiKF622 - ok
13:36:16.0956 5080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:36:16.0957 5080 SamSs - ok
13:36:16.0981 5080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:36:17.0025 5080 sbp2port - ok
13:36:17.0039 5080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:36:17.0041 5080 SCardSvr - ok
13:36:17.0065 5080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:36:17.0066 5080 scfilter - ok
13:36:17.0099 5080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:36:17.0105 5080 Schedule - ok
13:36:17.0127 5080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:36:17.0128 5080 SCPolicySvc - ok
13:36:17.0147 5080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:36:17.0171 5080 SDRSVC - ok
13:36:17.0189 5080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:36:17.0190 5080 secdrv - ok
13:36:17.0205 5080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:36:17.0231 5080 seclogon - ok
13:36:17.0238 5080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:36:17.0240 5080 SENS - ok
13:36:17.0251 5080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:36:17.0254 5080 SensrSvc - ok
13:36:17.0263 5080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:36:17.0264 5080 Serenum - ok
13:36:17.0279 5080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:36:17.0281 5080 Serial - ok
13:36:17.0296 5080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:36:17.0297 5080 sermouse - ok
13:36:17.0323 5080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:36:17.0349 5080 SessionEnv - ok
13:36:17.0374 5080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:36:17.0374 5080 sffdisk - ok
13:36:17.0387 5080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:36:17.0388 5080 sffp_mmc - ok
13:36:17.0401 5080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:36:17.0402 5080 sffp_sd - ok
13:36:17.0405 5080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:36:17.0406 5080 sfloppy - ok
13:36:17.0434 5080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:36:17.0438 5080 SharedAccess - ok
13:36:17.0465 5080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:36:17.0467 5080 ShellHWDetection - ok
13:36:17.0498 5080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:36:17.0499 5080 SiSRaid2 - ok
13:36:17.0509 5080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:36:17.0513 5080 SiSRaid4 - ok
13:36:17.0521 5080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:36:17.0523 5080 Smb - ok
13:36:17.0549 5080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:36:17.0550 5080 SNMPTRAP - ok
13:36:17.0575 5080 Sony PC Companion - ok
13:36:17.0604 5080 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys
13:36:17.0606 5080 speedfan - ok
13:36:17.0617 5080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:36:17.0618 5080 spldr - ok
13:36:17.0646 5080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:36:17.0649 5080 Spooler - ok
13:36:17.0712 5080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:36:17.0726 5080 sppsvc - ok
13:36:17.0742 5080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:36:17.0744 5080 sppuinotify - ok
13:36:17.0751 5080 sptd - ok
13:36:17.0776 5080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:36:17.0808 5080 srv - ok
13:36:17.0836 5080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:36:17.0840 5080 srv2 - ok
13:36:17.0853 5080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:36:17.0855 5080 srvnet - ok
13:36:17.0876 5080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:36:17.0878 5080 SSDPSRV - ok
13:36:17.0886 5080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:36:17.0889 5080 SstpSvc - ok
13:36:17.0928 5080 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
13:36:17.0930 5080 StarWindServiceAE - ok
13:36:17.0949 5080 Steam Client Service - ok
13:36:18.0002 5080 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:36:18.0004 5080 Stereo Service - ok
13:36:18.0016 5080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:36:18.0018 5080 stexstor - ok
13:36:18.0059 5080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:36:18.0064 5080 stisvc - ok
13:36:18.0091 5080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:36:18.0094 5080 swenum - ok
13:36:18.0124 5080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:36:18.0130 5080 swprv - ok
13:36:18.0176 5080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:36:18.0210 5080 SysMain - ok
13:36:18.0232 5080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:36:18.0234 5080 TabletInputService - ok
13:36:18.0262 5080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:36:18.0264 5080 TapiSrv - ok
13:36:18.0277 5080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:36:18.0280 5080 TBS - ok
13:36:18.0337 5080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:36:18.0371 5080 Tcpip - ok
13:36:18.0414 5080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:36:18.0422 5080 TCPIP6 - ok
13:36:18.0444 5080 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:36:18.0475 5080 tcpipreg - ok
13:36:18.0491 5080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:36:18.0492 5080 TDPIPE - ok
13:36:18.0517 5080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:36:18.0518 5080 TDTCP - ok
13:36:18.0550 5080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:36:18.0551 5080 tdx - ok
13:36:18.0560 5080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:36:18.0561 5080 TermDD - ok
13:36:18.0596 5080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:36:18.0625 5080 TermService - ok
13:36:18.0636 5080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:36:18.0637 5080 Themes - ok
13:36:18.0658 5080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:36:18.0660 5080 THREADORDER - ok
13:36:18.0673 5080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:36:18.0676 5080 TrkWks - ok
13:36:18.0713 5080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:36:18.0744 5080 TrustedInstaller - ok
13:36:18.0763 5080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:18.0794 5080 tssecsrv - ok
13:36:18.0812 5080 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:36:18.0844 5080 TsUsbFlt - ok
13:36:18.0882 5080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:36:18.0914 5080 tunnel - ok
13:36:18.0924 5080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:36:18.0927 5080 uagp35 - ok
13:36:18.0951 5080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:36:18.0984 5080 udfs - ok
13:36:18.0994 5080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:36:18.0998 5080 UI0Detect - ok
13:36:19.0017 5080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:36:19.0019 5080 uliagpkx - ok
13:36:19.0057 5080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:36:19.0088 5080 umbus - ok
13:36:19.0099 5080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:36:19.0100 5080 UmPass - ok
13:36:19.0122 5080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:36:19.0126 5080 upnphost - ok
13:36:19.0143 5080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:19.0175 5080 usbccgp - ok
13:36:19.0200 5080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:36:19.0203 5080 usbcir - ok
13:36:19.0210 5080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:36:19.0242 5080 usbehci - ok
13:36:19.0265 5080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:36:19.0297 5080 usbhub - ok
13:36:19.0304 5080 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:36:19.0307 5080 usbohci - ok
13:36:19.0327 5080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:36:19.0328 5080 usbprint - ok
13:36:19.0357 5080 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:36:19.0360 5080 usbscan - ok
13:36:19.0381 5080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:19.0383 5080 USBSTOR - ok
13:36:19.0401 5080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:19.0402 5080 usbuhci - ok
13:36:19.0416 5080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:36:19.0418 5080 UxSms - ok
13:36:19.0424 5080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:36:19.0425 5080 VaultSvc - ok
13:36:19.0432 5080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:36:19.0433 5080 vdrvroot - ok
13:36:19.0462 5080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:36:19.0465 5080 vds - ok
13:36:19.0473 5080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:19.0474 5080 vga - ok
13:36:19.0482 5080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:36:19.0486 5080 VgaSave - ok
13:36:19.0496 5080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:36:19.0498 5080 vhdmp - ok
13:36:19.0513 5080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:36:19.0514 5080 viaide - ok
13:36:19.0524 5080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:36:19.0525 5080 volmgr - ok
13:36:19.0556 5080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:36:19.0559 5080 volmgrx - ok
13:36:19.0586 5080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:36:19.0590 5080 volsnap - ok
13:36:19.0612 5080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:36:19.0619 5080 vsmraid - ok
13:36:19.0669 5080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:36:19.0677 5080 VSS - ok
13:36:19.0687 5080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:36:19.0689 5080 vwifibus - ok
13:36:19.0709 5080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:36:19.0714 5080 W32Time - ok
13:36:19.0726 5080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:36:19.0730 5080 WacomPen - ok
13:36:19.0752 5080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:36:19.0754 5080 WANARP - ok
13:36:19.0756 5080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:36:19.0757 5080 Wanarpv6 - ok
13:36:19.0803 5080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:36:19.0851 5080 wbengine - ok
13:36:19.0864 5080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:36:19.0866 5080 WbioSrvc - ok
13:36:19.0900 5080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:36:19.0903 5080 wcncsvc - ok
13:36:19.0914 5080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:36:19.0917 5080 WcsPlugInService - ok
13:36:19.0935 5080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:36:19.0936 5080 Wd - ok
13:36:19.0957 5080 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:36:19.0972 5080 Wdf01000 - ok
13:36:19.0981 5080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:36:19.0984 5080 WdiServiceHost - ok
13:36:19.0988 5080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:36:19.0990 5080 WdiSystemHost - ok
13:36:20.0065 5080 [ 5941B8AA229C6E5D7924919D3EDE0843 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
13:36:20.0067 5080 Web Assistant Updater - ok
13:36:20.0091 5080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:36:20.0093 5080 WebClient - ok
13:36:20.0144 5080 [ 688399FF25A4012AF16DA2E5C3DAF050 ] WebOptimizer C:\Windows\system32\dmwu.exe
13:36:20.0151 5080 WebOptimizer - ok
13:36:20.0167 5080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:36:20.0172 5080 Wecsvc - ok
13:36:20.0185 5080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:36:20.0187 5080 wercplsupport - ok
13:36:20.0205 5080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:36:20.0207 5080 WerSvc - ok
13:36:20.0220 5080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:20.0220 5080 WfpLwf - ok
13:36:20.0237 5080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:36:20.0237 5080 WIMMount - ok
13:36:20.0240 5080 WinDefend - ok
13:36:20.0256 5080 WinHttpAutoProxySvc - ok
13:36:20.0300 5080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:36:20.0304 5080 Winmgmt - ok
13:36:20.0358 5080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:36:20.0390 5080 WinRM - ok
13:36:20.0433 5080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:36:20.0464 5080 WinUsb - ok
13:36:20.0479 5080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:36:20.0483 5080 Wlansvc - ok
13:36:20.0567 5080 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:36:20.0602 5080 wlidsvc - ok
13:36:20.0641 5080 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
13:36:20.0642 5080 WmBEnum - ok
13:36:20.0678 5080 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
13:36:20.0679 5080 WmFilter - ok
13:36:20.0709 5080 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
13:36:20.0710 5080 WmHidLo - ok
13:36:20.0732 5080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:36:20.0733 5080 WmiAcpi - ok
13:36:20.0745 5080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:36:20.0750 5080 wmiApSrv - ok
13:36:20.0782 5080 WMPNetworkSvc - ok
13:36:20.0805 5080 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
13:36:20.0842 5080 WmVirHid - ok
13:36:20.0853 5080 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
13:36:20.0887 5080 WmXlCore - ok
13:36:20.0902 5080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:36:20.0903 5080 WPCSvc - ok
13:36:20.0925 5080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:36:20.0949 5080 WPDBusEnum - ok
13:36:20.0971 5080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:36:20.0972 5080 ws2ifsl - ok
13:36:20.0986 5080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:36:20.0990 5080 wscsvc - ok
13:36:20.0992 5080 WSearch - ok
13:36:21.0049 5080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:36:21.0092 5080 wuauserv - ok
13:36:21.0112 5080 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:36:21.0144 5080 WudfPf - ok
13:36:21.0167 5080 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:21.0198 5080 WUDFRd - ok
13:36:21.0215 5080 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:36:21.0217 5080 wudfsvc - ok
13:36:21.0228 5080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:36:21.0231 5080 WwanSvc - ok
13:36:21.0262 5080 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:36:21.0295 5080 yukonw7 - ok
13:36:21.0299 5080 ================ Scan global ===============================
13:36:21.0315 5080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:36:21.0343 5080 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:36:21.0350 5080 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:36:21.0371 5080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:36:21.0388 5080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:36:21.0390 5080 [Global] - ok
13:36:21.0391 5080 ================ Scan MBR ==================================
13:36:21.0399 5080 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:36:21.0585 5080 \Device\Harddisk0\DR0 - ok
13:36:21.0585 5080 ================ Scan VBR ==================================
13:36:21.0588 5080 [ DFD7F29A6CFB77622E1AE756A8A09931 ] \Device\Harddisk0\DR0\Partition1
13:36:21.0589 5080 \Device\Harddisk0\DR0\Partition1 - ok
13:36:21.0599 5080 [ 0AA0BC5BC062B3DB3A16F2E92931D8F5 ] \Device\Harddisk0\DR0\Partition2
13:36:21.0600 5080 \Device\Harddisk0\DR0\Partition2 - ok
13:36:21.0601 5080 ============================================================
13:36:21.0601 5080 Scan finished
13:36:21.0601 5080 ============================================================
13:36:21.0606 5660 Detected object count: 0
13:36:21.0606 5660 Actual detected object count: 0


thx

M-K-D-B 28.10.2012 14:00
Servus,



du bist immer noch mit Malware infiziert... und zwar seit mindestens Anfang Oktober.
Wird Zeit, dass wir deinen Rechner erst mal bereinigen. ;)




Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • DAEMON Tools Toolbar
    • toolplugin
    • Web Assistant
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Schritt 3
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Bitte poste mit deiner nächsten Antwort
  • eventuell auftretende Probleme bei den Deinstallationen,
  • die Logdatei von AdwCleaner,
  • die Logdatei von ComboFix.

Michpal 28.10.2012 14:27
Schritt 1+2

Software ohne Probleme deinstalliert.

ADW Cleaner wollte erst nach einem manuellen Neustart starten.

logfile dazu

# AdwCleaner v2.005 - Datei am 28/10/2012 um 14:23:44 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Michpal - MICHPAL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michpal\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Michpal\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\Michpal\AppData\Local\Temp\searchqutoolbar-manifest.xml
Datei Gelöscht : C:\Users\Michpal\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Codecv
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Michpal\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Michpal\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Michpal\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Michpal\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Michpal\AppData\Roaming\Toolplugin

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\prefs.js

Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[S2].txt - [5642 octets] - [28/10/2012 14:23:44]

########## EOF - C:\AdwCleaner[S2].txt - [5702 octets] ##########

Combofix Logfile:
Code:
ComboFix 12-10-26.05 - Michpal 28.10.2012  14:32:19.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8191.6153 [GMT 1:00]
ausgeführt von:: c:\users\Michpal\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kp_0loor.pad
c:\users\Michpal\AppData\Local\Microsoft\Windows\Temporary Internet Files\logo-gamesrocket-gold.png
c:\users\Michpal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Webradio.gadget
c:\users\Michpal\AppData\Roaming\AcroIEHelpe.txt
c:\users\Michpal\AppData\Roaming\AcroIEHelpe220.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe207.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe215.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe216.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe219.dll
c:\users\Michpal\AppData\Roaming\BAcroIEHelpe220.dll
c:\users\Michpal\AppData\Roaming\p8jmn4dj.default.tmp
c:\users\Michpal\AppData\Roaming\srvblck5.tmp
c:\windows\SysWow64\tmp15E9.tmp
c:\windows\SysWow64\tmp15EA.tmp
c:\windows\SysWow64\tmp3E38.tmp
c:\windows\SysWow64\tmp3E39.tmp
c:\windows\SysWow64\tmp8B6D.tmp
c:\windows\SysWow64\tmp8BEB.tmp
c:\windows\SysWow64\tmpBA10.tmp
c:\windows\SysWow64\tmpBA11.tmp
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-28 bis 2012-10-28  ))))))))))))))))))))))))))))))
.
.
2012-10-28 14:03 . 2012-10-28 14:03        --------        d-----w-        c:\users\UpdatusUser.Michpal-PC\AppData\Local\temp
2012-10-27 21:51 . 2012-10-27 21:51        --------        d-----w-        c:\users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51 . 2012-10-27 21:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-10-27 21:51 . 2012-09-29 17:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-10-27 21:51 . 2012-10-27 21:51        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42 . 2012-08-24 18:13        154480        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 18:42 . 2012-08-24 18:09        458712        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-10-27 18:42 . 2012-08-24 18:05        340992        ----a-w-        c:\windows\system32\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:04        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:03        1448448        ----a-w-        c:\windows\system32\lsasrv.dll
2012-10-27 18:42 . 2012-08-24 16:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2012-10-27 18:42 . 2012-08-24 16:57        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2012-10-27 18:09 . 2012-10-27 18:09        --------        d-----w-        c:\users\UpdatusUser.Michpal-PC.000
2012-10-27 18:07 . 2012-10-02 19:51        3536817        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-10-27 18:07 . 2012-10-02 19:51        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-10-27 18:07 . 2012-10-02 19:51        6200680        ----a-w-        c:\windows\system32\nvcpl.dll
2012-10-27 18:07 . 2012-10-02 19:50        891240        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-10-27 18:07 . 2012-10-02 19:50        63336        ----a-w-        c:\windows\system32\nvshext.dll
2012-10-27 18:07 . 2012-10-02 19:50        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-10-27 18:07 . 2012-10-02 19:50        118120        ----a-w-        c:\windows\system32\nvmctray.dll
2012-10-27 18:07 . 2012-10-27 18:07        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-10-22 19:29 . 2012-10-22 19:29        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.034
2012-10-17 18:21 . 2012-10-17 18:21        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.033
2012-10-17 12:40 . 2012-09-24 21:16        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:54 . 2012-10-16 14:54        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.031
2012-10-16 14:53 . 2012-10-16 14:53        --------        d-----w-        c:\users\Michpal\AppData\Local\Arktos
2012-10-15 18:29 . 2012-10-15 18:29        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.030
2012-10-10 18:31 . 2012-08-31 18:19        1659760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-10-10 18:31 . 2012-08-30 18:03        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-10-10 18:31 . 2012-08-30 17:12        3914096        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30 . 2012-08-30 17:12        3968880        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30 . 2012-08-20 18:48        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-10-10 18:30 . 2012-08-20 18:48        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-10-10 18:30 . 2012-08-20 18:48        1162240        ----a-w-        c:\windows\system32\kernel32.dll
2012-10-10 18:30 . 2012-08-20 18:46        338432        ----a-w-        c:\windows\system32\conhost.exe
2012-10-10 18:30 . 2012-08-20 18:48        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-10-10 18:30 . 2012-08-20 17:37        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-10-10 18:30 . 2012-10-10 18:30        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.029
2012-10-10 18:30 . 2012-08-20 17:38        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2012-10-10 18:30 . 2012-08-20 18:48        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-10-10 18:28 . 2012-08-20 17:32        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 17:32        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 15:38        2048        ----a-w-        c:\windows\SysWow64\user.exe
2012-10-10 18:25 . 2012-08-24 18:05        220160        ----a-w-        c:\windows\system32\wintrust.dll
2012-10-10 18:25 . 2012-08-24 16:57        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-10-10 18:22 . 2012-09-14 19:19        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-10-10 18:22 . 2012-09-14 18:28        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-10-10 18:22 . 2012-08-11 00:56        715776        ----a-w-        c:\windows\system32\kerberos.dll
2012-10-10 18:22 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll
2012-10-10 18:21 . 2012-06-02 05:41        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-10 18:21 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-10-10 18:21 . 2012-06-02 05:41        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 05:41        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-10 18:21 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-10-08 16:58 . 2012-10-08 16:58        --------        d-----w-        c:\users\Michpal\AppData\Roaming\Apple Computer
2012-10-08 13:21 . 2012-10-08 13:21        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2012-10-08 13:20 . 2012-10-08 13:21        --------        d-----w-        c:\program files (x86)\QuickTime
2012-10-08 13:20 . 2012-10-08 13:20        --------        d-----w-        c:\programdata\Apple Computer
2012-10-05 14:14 . 2012-10-05 14:14        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.025
2012-10-04 15:03 . 2012-10-04 15:03        --------        d-----w-        c:\users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52 . 2012-10-04 14:52        --------        d-----w-        c:\program files\amBX
2012-10-04 14:52 . 2012-10-04 14:52        --------        d-----w-        c:\program files (x86)\amBX
2012-10-04 14:50 . 2011-03-10 16:07        176136        ----a-w-        c:\windows\system32\drivers\SaiK0DC5.sys
2012-10-02 20:51 . 2012-10-02 20:51        --------        d-----w-        c:\users\Michpal\AppData\Roaming\14001.024
2012-10-02 11:15 . 2012-10-02 11:15        430952        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-10-02 08:53 . 2012-10-02 08:53        --------        d-----w-        c:\users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50 . 2012-10-02 08:50        --------        d-----w-        c:\program files (x86)\The Skins Factory
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 20:03 . 2011-03-22 16:59        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03 . 2011-03-22 14:57        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03 . 2011-03-22 14:57        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01 . 2012-08-06 09:42        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01 . 2012-08-06 09:42        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 21:48 . 2011-03-22 06:48        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-09-13 13:26 . 2012-09-10 12:46        1259888        ----a-w-        c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-10 12:46        35328        ----a-w-        c:\windows\system32\ImHttpComm.dll
2012-09-07 17:42 . 2012-08-10 17:48        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42 . 2011-03-31 14:07        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-02 09:45 . 2012-09-02 09:45        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 09:45 . 2012-09-02 09:45        289768        ----a-w-        c:\windows\system32\javaws.exe
2012-09-02 09:45 . 2012-09-02 09:45        189416        ----a-w-        c:\windows\system32\javaw.exe
2012-09-02 09:45 . 2012-09-02 09:45        188904        ----a-w-        c:\windows\system32\java.exe
2012-09-02 09:45 . 2012-08-10 17:41        916456        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-02 09:45 . 2012-08-10 17:41        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-30 19:14 . 2012-09-21 16:58        60776        ----a-w-        c:\windows\system32\OpenCL.dll
2012-08-30 19:14 . 2012-09-21 16:58        52584        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-08-24 11:15 . 2012-09-22 07:39        17810944        ----a-w-        c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:39        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:39        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:39        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:39        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:39        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:39        237056        ----a-w-        c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:39        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:39        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:39        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:39        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:39        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:39        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:39        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:39        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:39        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:39        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:39        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:39        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:39        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:39        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:39        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:33        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:33        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:33        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:33        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:20        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 18:30        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 14:33        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 14:33        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Illuminate.lnk - c:\program files (x86)\amBX\Illuminate\Illuminate.exe [2009-2-13 2559823]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-03-31 13352]
R3 GPU-Z;GPU-Z;c:\users\Michpal\AppData\Local\Temp\GPU-Z.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-10 140800]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 amBX Saitek HAL Service;amBX Saitek HAL Service;c:\program files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2011-02-10 310784]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI8673.tmp [2012-10-02 102400]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 SaiK0DC5;SaiK0DC5;c:\windows\system32\DRIVERS\SaiK0DC5.sys [2011-03-10 176136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-12-11 402720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\x64\amBXFxGen.exe" [2011-11-09 143360]
"amBX Daemon"="c:\program files\amBX\Control Panel\amBXDaemon.exe" [2011-06-10 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 122.49.77.1:80
IE: Free YouTube to MP3 Converter - c:\users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-imtazuvwobzvvzb - c:\programdata\imtazuvw.exe
Toolbar-10 - (no file)
AddRemove-BattlEye for A2 - d:\games\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-SEMC OMSI Module - c:\program files (x86)\Sony Ericsson\Update Engine\uninst.exe
AddRemove-{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1 - d:\games\Gilde\unins000.exe
AddRemove-UnityWebPlayer - c:\users\Michpal\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI8673.tmp\" -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,8b,64,24,94,4d,a7,87,0b,d9,70,40,73,f1,6f,49,36,53,3c,b3,0d,
  01,79,0d,14,f9,a7,0d,d6,97,03,2e,80,35,b7,b3,c4,6e,db,c1,37,17,ff,a9,d3,25,\
"rkeysecu"=hex:96,70,13,0b,31,82,74,5e,0b,b9,c3,d5,c0,8e,a6,46
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
c:\program files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-28  15:16:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-28 14:16
.
Vor Suchlauf: 8.279.269.376 Bytes frei
Nach Suchlauf: 8.274.931.712 Bytes frei
.
- - End Of File - - 1ED1F24B4186C5706C89BB0CAB2A3F99
--- --- ---

M-K-D-B 28.10.2012 18:47
Servus,


da hat ComboFix ja nochmal jede Menge Malware gelöscht.
Aber wir müssen nochmal ran... :kloppen:




Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
Folder::
c:\users\Michpal\AppData\Roaming\14001.034
c:\users\Michpal\AppData\Roaming\14001.033
c:\users\Michpal\AppData\Roaming\14001.031
c:\users\Michpal\AppData\Roaming\14001.030
c:\users\Michpal\AppData\Roaming\14001.029
c:\users\Michpal\AppData\Roaming\14001.025
c:\users\Michpal\AppData\Roaming\14001.024

DirLook::
c:\users\Michpal\AppData\Local\Arktos
c:\users\Michpal\AppData\Roaming\Skinux

DDS::
uInternet Settings,ProxyServer = 122.49.77.1:80
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Michpal 28.10.2012 20:22
Combofix Logfile:
Code:
ComboFix 12-10-26.05 - Michpal 28.10.2012  20:03:06.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8191.6562 [GMT 1:00]
ausgeführt von:: c:\users\Michpal\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Michpal\Desktop\CFScript.txt
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee  Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michpal\AppData\Roaming\14001.024
c:\users\Michpal\AppData\Roaming\14001.024\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.024\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.024\install.rdf
c:\users\Michpal\AppData\Roaming\14001.025
c:\users\Michpal\AppData\Roaming\14001.025\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.025\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.025\install.rdf
c:\users\Michpal\AppData\Roaming\14001.029
c:\users\Michpal\AppData\Roaming\14001.029\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.029\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.029\install.rdf
c:\users\Michpal\AppData\Roaming\14001.030
c:\users\Michpal\AppData\Roaming\14001.030\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.030\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.030\install.rdf
c:\users\Michpal\AppData\Roaming\14001.031
c:\users\Michpal\AppData\Roaming\14001.031\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.031\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.031\install.rdf
c:\users\Michpal\AppData\Roaming\14001.033
c:\users\Michpal\AppData\Roaming\14001.033\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.033\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.033\install.rdf
c:\users\Michpal\AppData\Roaming\14001.034
c:\users\Michpal\AppData\Roaming\14001.034\chrome.manifest
c:\users\Michpal\AppData\Roaming\14001.034\components\AcroFF.txt
c:\users\Michpal\AppData\Roaming\14001.034\components\AcroFF034.dll
c:\users\Michpal\AppData\Roaming\14001.034\install.rdf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-28 bis 2012-10-28  ))))))))))))))))))))))))))))))
.
.
2012-10-28 19:10 . 2012-10-28 19:10        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-10-28 19:10 . 2012-10-28 19:10        --------        d-----w-        c:\users\UpdatusUser.Michpal-PC\AppData\Local\temp
2012-10-28 19:10 . 2012-10-28 19:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-27 21:51 . 2012-10-27 21:51        --------        d-----w-        c:\users\Michpal\AppData\Roaming\Malwarebytes
2012-10-27 21:51 . 2012-10-27 21:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-10-27 21:51 . 2012-09-29 17:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-10-27 21:51 . 2012-10-27 21:51        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-27 18:42 . 2012-08-24 18:13        154480        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 18:42 . 2012-08-24 18:09        458712        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-10-27 18:42 . 2012-08-24 18:05        340992        ----a-w-        c:\windows\system32\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:04        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll
2012-10-27 18:42 . 2012-08-24 18:03        1448448        ----a-w-        c:\windows\system32\lsasrv.dll
2012-10-27 18:42 . 2012-08-24 16:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2012-10-27 18:42 . 2012-08-24 16:57        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2012-10-27 18:42 . 2012-08-24 16:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2012-10-27 18:09 . 2012-10-27 18:09        --------        d-----w-        c:\users\UpdatusUser.Michpal-PC.000
2012-10-27 18:07 . 2012-10-02 19:51        3536817        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-10-27 18:07 . 2012-10-02 19:51        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-10-27 18:07 . 2012-10-02 19:51        6200680        ----a-w-        c:\windows\system32\nvcpl.dll
2012-10-27 18:07 . 2012-10-02 19:50        891240        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-10-27 18:07 . 2012-10-02 19:50        63336        ----a-w-        c:\windows\system32\nvshext.dll
2012-10-27 18:07 . 2012-10-02 19:50        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-10-27 18:07 . 2012-10-02 19:50        118120        ----a-w-        c:\windows\system32\nvmctray.dll
2012-10-27 18:07 . 2012-10-27 18:07        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-10-17 12:40 . 2012-09-24 21:16        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 14:53 . 2012-10-16 14:53        --------        d-----w-        c:\users\Michpal\AppData\Local\Arktos
2012-10-10 18:31 . 2012-08-31 18:19        1659760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-10-10 18:31 . 2012-08-30 18:03        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-10-10 18:31 . 2012-08-30 17:12        3914096        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 18:30 . 2012-08-30 17:12        3968880        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 18:30 . 2012-08-20 18:48        215040        ----a-w-        c:\windows\system32\winsrv.dll
2012-10-10 18:30 . 2012-08-20 18:48        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2012-10-10 18:30 . 2012-08-20 18:48        1162240        ----a-w-        c:\windows\system32\kernel32.dll
2012-10-10 18:30 . 2012-08-20 18:46        338432        ----a-w-        c:\windows\system32\conhost.exe
2012-10-10 18:30 . 2012-08-20 18:48        243200        ----a-w-        c:\windows\system32\wow64.dll
2012-10-10 18:30 . 2012-08-20 17:37        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2012-10-10 18:30 . 2012-08-20 17:38        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2012-10-10 18:30 . 2012-08-20 18:48        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2012-10-10 18:28 . 2012-08-20 17:32        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 17:32        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 18:27 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 17:32        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 18:38        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 18:25 . 2012-08-20 15:38        2048        ----a-w-        c:\windows\SysWow64\user.exe
2012-10-10 18:25 . 2012-08-24 18:05        220160        ----a-w-        c:\windows\system32\wintrust.dll
2012-10-10 18:25 . 2012-08-24 16:57        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-10-10 18:22 . 2012-09-14 19:19        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-10-10 18:22 . 2012-09-14 18:28        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-10-10 18:22 . 2012-08-11 00:56        715776        ----a-w-        c:\windows\system32\kerberos.dll
2012-10-10 18:22 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll
2012-10-10 18:21 . 2012-06-02 05:41        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-10 18:21 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-10-10 18:21 . 2012-06-02 05:41        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 05:41        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-10 18:21 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-10-10 18:21 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-10-08 16:58 . 2012-10-08 16:58        --------        d-----w-        c:\users\Michpal\AppData\Roaming\Apple Computer
2012-10-08 13:21 . 2012-10-08 13:21        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2012-10-08 13:20 . 2012-10-08 13:21        --------        d-----w-        c:\program files (x86)\QuickTime
2012-10-08 13:20 . 2012-10-08 13:20        --------        d-----w-        c:\programdata\Apple Computer
2012-10-04 15:03 . 2012-10-04 15:03        --------        d-----w-        c:\users\Michpal\AppData\Local\IsolatedStorage
2012-10-04 14:52 . 2012-10-04 14:52        --------        d-----w-        c:\program files\amBX
2012-10-04 14:52 . 2012-10-04 14:52        --------        d-----w-        c:\program files (x86)\amBX
2012-10-04 14:50 . 2011-03-10 16:07        176136        ----a-w-        c:\windows\system32\drivers\SaiK0DC5.sys
2012-10-02 11:15 . 2012-10-02 11:15        430952        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-10-02 08:53 . 2012-10-02 08:53        --------        d-----w-        c:\users\Michpal\AppData\Roaming\Skinux
2012-10-02 08:50 . 2012-10-02 08:50        --------        d-----w-        c:\program files (x86)\The Skins Factory
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 20:03 . 2011-03-22 16:59        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-10-26 20:03 . 2011-03-22 14:57        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-10-26 20:03 . 2011-03-22 14:57        280904        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-10-16 13:01 . 2012-08-06 09:42        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 13:01 . 2012-08-06 09:42        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 21:48 . 2011-03-22 06:48        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-09-13 13:26 . 2012-09-10 12:46        1259888        ----a-w-        c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-10 12:46        35328        ----a-w-        c:\windows\system32\ImHttpComm.dll
2012-09-07 17:42 . 2012-08-10 17:48        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-07 17:42 . 2011-03-31 14:07        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-02 09:45 . 2012-09-02 09:45        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 09:45 . 2012-09-02 09:45        289768        ----a-w-        c:\windows\system32\javaws.exe
2012-09-02 09:45 . 2012-09-02 09:45        189416        ----a-w-        c:\windows\system32\javaw.exe
2012-09-02 09:45 . 2012-09-02 09:45        188904        ----a-w-        c:\windows\system32\java.exe
2012-09-02 09:45 . 2012-08-10 17:41        916456        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-02 09:45 . 2012-08-10 17:41        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-30 19:14 . 2012-09-21 16:58        60776        ----a-w-        c:\windows\system32\OpenCL.dll
2012-08-30 19:14 . 2012-09-21 16:58        52584        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-08-24 11:15 . 2012-09-22 07:39        17810944        ----a-w-        c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:39        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:39        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:39        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:39        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:39        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:39        237056        ----a-w-        c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:39        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:39        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:39        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:39        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:39        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:39        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:39        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:39        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:39        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:39        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:39        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:39        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:39        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:39        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:39        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:33        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:33        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:33        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:33        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:20        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 18:30        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 14:33        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 14:33        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Michpal\AppData\Local\Arktos ----
.
.
---- Directory of c:\users\Michpal\AppData\Roaming\Skinux ----
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"CPU Power Monitor"="c:\program files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Illuminate.lnk - c:\program files (x86)\amBX\Illuminate\Illuminate.exe [2009-2-13 2559823]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-03-31 13352]
R3 GPU-Z;GPU-Z;c:\users\Michpal\AppData\Local\Temp\GPU-Z.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SaiKF622;SaiKF622;c:\windows\system32\DRIVERS\SaiKF622.sys [2009-06-10 140800]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 amBX Saitek HAL Service;amBX Saitek HAL Service;c:\program files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2011-02-10 310784]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI8673.tmp [2012-10-02 102400]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 SaiK0DC5;SaiK0DC5;c:\windows\system32\DRIVERS\SaiK0DC5.sys [2011-03-10 176136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2011-12-11 402720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 13:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\Michpal\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\x64\amBXFxGen.exe" [2011-11-09 143360]
"amBX Daemon"="c:\program files\amBX\Control Panel\amBXDaemon.exe" [2011-06-10 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Michpal\AppData\Roaming\Mozilla\Firefox\Profiles\p8jmn4dj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
AddRemove-BattlEye for A2 - d:\games\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-SEMC OMSI Module - c:\program files (x86)\Sony Ericsson\Update Engine\uninst.exe
AddRemove-{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1 - d:\games\Gilde\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
"ImagePath"="\"c:\windows\Installer\MSI8673.tmp\" -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\SecuROM\License information*]
"datasecu"=hex:ca,8b,64,24,94,4d,a7,87,0b,d9,70,40,73,f1,6f,49,36,53,3c,b3,0d,
  01,79,0d,14,f9,a7,0d,d6,97,03,2e,80,35,b7,b3,c4,6e,db,c1,37,17,ff,a9,d3,25,\
"rkeysecu"=hex:96,70,13,0b,31,82,74,5e,0b,b9,c3,d5,c0,8e,a6,46
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-28  20:21:34
ComboFix-quarantined-files.txt  2012-10-28 19:21
ComboFix2.txt  2012-10-28 14:16
.
Vor Suchlauf: 9.161.367.552 Bytes frei
Nach Suchlauf: 8.950.484.992 Bytes frei
.
- - End Of File - - A6C5A101291E329D0AD72CE07738DC9D
--- --- ---

M-K-D-B 29.10.2012 09:30
Servus,


bitte die folgenden Anleitung genau lesen und nichts auslassen!





Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Datei-Alter wähle bitte 60 Tage aus.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Code:
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
c:\users\Michpal\AppData\Roaming /S
CREATERESTOREPOINT
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Michpal 29.10.2012 14:36
OTL Logfile:
Code:
OTL logfile created on: 29.10.2012 14:26:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Michpal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,05% Memory free
14,00 Gb Paging File | 12,24 Gb Available in Paging File | 87,42% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,24 Gb Total Space | 8,00 Gb Free Space | 10,92% Space Free | Partition Type: NTFS
Drive D: | 392,51 Gb Total Space | 135,23 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
 
Computer Name: MICHPAL-PC | User Name: Michpal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.29 14:24:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michpal\Desktop\OTL.exe
PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.17 20:05:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.09 15:45:16 | 000,139,264 | ---- | M] (amBX UK Ltd.) -- C:\Programme\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.02.10 18:17:46 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009.10.14 14:43:08 | 000,612,864 | -HS- | M] (amBX) -- C:\Program Files (x86)\amBX\System\amBX_Service.exe
PRC - [2009.07.01 20:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009.04.23 18:43:12 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
PRC - [2009.01.22 20:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
PRC - [2008.01.09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.07.01 20:23:52 | 001,435,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2009.04.23 18:43:12 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
MOD - [2009.04.13 10:37:34 | 000,188,928 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\aasp.dll
MOD - [2009.01.22 20:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe
MOD - [2009.01.22 20:43:54 | 000,409,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\AnimationView.dll
MOD - [2008.02.25 15:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2008.01.17 16:46:20 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\cpuutil.dll
MOD - [2008.01.09 10:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
MOD - [2007.01.03 22:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
MOD - [2006.01.10 16:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005.06.22 17:39:56 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.95\PowerDll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012.03.20 12:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.03.20 11:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.03.20 11:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012.10.25 20:38:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.16 14:01:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 09:50:15 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI8673.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.14 01:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.17 20:05:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.02.10 18:17:46 | 000,310,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe -- (amBX Saitek HAL Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.10.14 14:43:08 | 000,612,864 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files (x86)\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.02.22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.02.22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011.12.11 12:58:04 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2011.03.31 15:08:09 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.03.31 15:08:09 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:07:29 | 000,176,136 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0DC5.sys -- (SaiK0DC5)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.01.27 16:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 11:14:20 | 000,140,800 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiKF622.sys -- (SaiKF622)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 26 22 92 DD E7 CB 01  [binary data]
IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michpal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.06 16:16:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.27 20:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.08 14:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.08 14:20:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Michpal\AppData\Roaming\14001.034
 
[2012.08.05 12:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michpal\AppData\Roaming\mozilla\Extensions
[2012.09.02 10:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.27 20:38:20 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012.01.06 16:16:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.07.14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 16:20:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.28 20:10:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627185322.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4:64bit: - HKLM..\Run: [amBX System Tray Application] C:\Programme\amBX\Gaming FXGen\x64\amBXFxGen.exe (amBX UK Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files (x86)\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2051330578-1478212451-1897483881-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michpal\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A15BD116-72FB-405F-B624-B9EBD99A7FE0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E581B93F-7959-48E2-9C4B-B606ACE5784D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.10.29 14:24:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michpal\Desktop\OTL.exe
[2012.10.29 06:33:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.28 20:21:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.28 19:56:45 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\Michpal\Desktop\ComboFix.exe
[2012.10.28 14:30:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.28 14:30:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.28 14:30:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.28 14:30:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.28 14:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.28 13:35:31 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michpal\Desktop\tdsskiller.exe
[2012.10.28 13:13:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michpal\Desktop\aswMBR.exe
[2012.10.28 12:41:22 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Michpal\Desktop\dds.com
[2012.10.27 22:51:21 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\Malwarebytes
[2012.10.27 22:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.27 22:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.27 22:51:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.27 22:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.27 22:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012.10.27 19:43:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.10.27 19:43:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.10.27 19:43:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.10.27 19:43:19 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.10.27 19:43:19 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.10.27 19:43:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.10.27 19:43:19 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.10.27 19:43:19 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.10.27 19:43:19 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.10.27 19:43:19 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.10.27 19:43:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.10.27 19:43:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.10.27 19:43:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.10.27 19:43:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.10.27 19:43:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.10.27 19:43:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.10.27 19:43:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.10.27 19:43:18 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.10.27 19:43:18 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.10.27 19:43:18 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.10.27 19:43:18 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.10.27 19:43:18 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.10.27 19:43:18 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.10.27 19:43:18 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.10.27 19:42:21 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.27 19:42:20 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.10.27 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\Michpal\Desktop\Neuer Ordner
[2012.10.27 19:07:56 | 006,200,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.10.27 19:07:56 | 003,293,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.10.27 19:07:56 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.10.27 19:07:56 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.10.27 19:07:56 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.10.27 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.10.27 19:06:51 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.27 19:06:50 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.27 19:06:50 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.27 19:06:49 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.27 19:06:49 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.27 19:06:49 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.27 19:06:49 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.27 19:06:49 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.27 19:06:48 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.27 19:06:48 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.27 19:06:48 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.27 19:06:48 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.27 19:06:48 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.27 19:06:48 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.27 19:06:47 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.27 19:06:47 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.27 19:06:47 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.27 19:06:47 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.27 19:06:47 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.27 19:06:47 | 000,973,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.10.27 19:06:47 | 000,831,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.10.27 19:06:46 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.27 19:06:46 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.10.27 19:06:46 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.10.17 13:40:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.17 13:40:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.17 13:40:11 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.16 15:53:15 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\Arktos
[2012.10.16 15:53:14 | 000,000,000 | ---D | C] -- C:\Users\Michpal\Documents\Arktos
[2012.10.16 14:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012.10.10 19:31:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:31:01 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:30:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:30:43 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 19:30:43 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 19:30:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 19:30:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 19:30:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 19:30:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 19:30:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 19:29:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 19:29:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 19:29:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 19:29:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 19:29:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 19:29:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 19:29:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 19:29:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 19:29:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 19:29:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 19:29:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 19:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 19:29:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 19:29:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 19:29:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 19:28:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 19:28:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 19:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 19:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 19:28:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 19:28:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 19:28:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 19:28:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 19:28:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 19:28:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 19:28:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 19:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 19:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 19:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 19:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 19:28:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 19:28:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 19:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 19:27:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 19:27:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 19:27:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 19:27:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 19:27:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 19:26:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 19:26:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 19:26:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 19:26:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 19:26:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 19:26:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 19:26:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 19:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 19:26:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 19:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 19:26:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 19:25:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 19:25:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 19:25:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 19:25:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 19:25:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 19:25:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 19:25:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:21:57 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:21:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.08 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\Apple Computer
[2012.10.08 14:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.10.08 14:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.10.08 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.10.08 14:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.10.04 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\IsolatedStorage
[2012.10.04 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\amBX
[2012.10.04 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
[2012.10.04 15:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\amBX
[2012.10.04 15:50:32 | 000,176,136 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0DC5.sys
[2012.10.02 12:15:52 | 000,430,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2012.10.02 09:53:06 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\Skinux
[2012.10.02 09:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory
[2012.10.02 09:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Skins Factory
[2012.09.27 14:33:02 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.022
[2012.09.26 14:20:21 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.22 08:39:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 08:39:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 08:39:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 08:39:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 08:39:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 08:39:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 08:39:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 08:39:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 08:39:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 08:39:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 08:39:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 08:39:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 08:39:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 08:39:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 08:39:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.21 17:58:50 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.09.21 17:58:50 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.09.21 17:58:50 | 000,000,000 | ---D | C] -- C:\temp
[2012.09.21 17:58:18 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.09.21 17:58:18 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.09.20 19:45:43 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.021
[2012.09.20 17:32:05 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\FLT
[2012.09.12 15:33:46 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 15:33:45 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 15:33:36 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 15:33:36 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.10 13:46:21 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012.09.10 13:46:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012.09.10 13:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2012.09.08 09:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.09.07 19:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.09.07 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.09.07 18:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.09.07 18:59:12 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.09.07 18:59:12 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.09.07 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.07 18:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.03 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.020
[2012.09.02 10:45:57 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.02 10:45:52 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.02 10:45:52 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.02 10:45:51 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.02 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.02 10:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.09.02 10:33:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.09.02 10:08:16 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Local\Monte Cristo
[2012.09.01 06:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.08.30 16:18:31 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.019
 
========== Files - Modified Within 60 Days ==========
 
[2012.10.29 14:28:45 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 14:28:45 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 14:26:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.29 14:26:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.29 14:26:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.29 14:26:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.29 14:26:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.29 14:24:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michpal\Desktop\OTL.exe
[2012.10.29 14:21:37 | 000,000,439 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.10.29 14:21:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 14:21:20 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.28 22:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.28 20:10:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.28 19:56:35 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\Michpal\Desktop\ComboFix.exe
[2012.10.28 14:17:59 | 000,538,941 | ---- | M] () -- C:\Users\Michpal\Desktop\adwcleaner.exe
[2012.10.28 13:35:41 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michpal\Desktop\tdsskiller.exe
[2012.10.28 13:33:52 | 000,000,512 | ---- | M] () -- C:\Users\Michpal\Desktop\MBR.dat
[2012.10.28 13:13:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Michpal\Desktop\aswMBR.exe
[2012.10.28 13:07:04 | 000,000,382 | ---- | M] () -- C:\Users\Michpal\defogger_reenable
[2012.10.28 13:06:35 | 000,050,477 | ---- | M] () -- C:\Users\Michpal\Desktop\Defogger.exe
[2012.10.28 12:41:24 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Michpal\Desktop\dds.com
[2012.10.27 21:40:33 | 000,000,034 | ---- | M] () -- C:\Users\Michpal\AppData\Roaming\blckdom.res
[2012.10.27 14:06:48 | 000,065,536 | ---- | M] () -- C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.dat
[2012.10.26 21:03:39 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.26 21:03:39 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.26 21:03:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.23 21:02:32 | 000,007,615 | ---- | M] () -- C:\Users\Michpal\AppData\Local\Resmon.ResmonCfg
[2012.10.21 09:23:15 | 001,338,211 | ---- | M] () -- C:\Users\Michpal\Desktop\warzmapalpha.png
[2012.10.16 14:29:28 | 000,395,528 | ---- | M] () -- C:\Users\Michpal\Desktop\S3.pdf
[2012.10.16 14:01:49 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.16 14:01:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.04 15:52:45 | 000,001,152 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2012.10.04 15:50:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2012.10.02 23:21:00 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.02 23:21:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.02 23:21:00 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.02 23:21:00 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.02 23:21:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.02 23:21:00 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.02 23:21:00 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.02 23:21:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.02 23:21:00 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.02 23:21:00 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.02 23:21:00 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.02 23:21:00 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.02 23:21:00 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.02 23:21:00 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.02 23:21:00 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.02 23:21:00 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.02 23:21:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.02 23:21:00 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.02 23:21:00 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.02 23:21:00 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.02 23:21:00 | 000,973,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.10.02 23:21:00 | 000,831,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.10.02 23:21:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.10.02 23:21:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.10.02 23:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.02 20:51:15 | 003,536,817 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.10.02 20:51:11 | 003,293,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.10.02 20:51:04 | 006,200,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.10.02 20:50:57 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.10.02 20:50:57 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.10.02 20:50:57 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.10.02 12:15:52 | 000,430,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.27 17:26:21 | 000,000,208 | ---- | M] () -- C:\Users\Michpal\Desktop\F1 2012.url
[2012.09.24 22:16:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.24 22:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.24 22:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.21 17:45:01 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2012.09.13 14:26:50 | 001,259,888 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2012.09.13 14:25:38 | 000,035,328 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012.09.07 18:42:42 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.07 18:42:42 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.02 10:45:46 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.02 10:45:44 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.02 10:45:44 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.02 10:45:44 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.02 10:45:43 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.02 10:45:43 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.08.30 20:14:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.08.30 20:14:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.08.30 19:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.08.30 18:12:02 | 003,968,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.08.30 18:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.08.30 16:20:00 | 000,000,033 | ---- | M] () -- C:\Users\Michpal\AppData\Roaming\urhtps.dat
 
========== Files Created - No Company Name ==========
 
[2012.10.28 14:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.28 14:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.28 14:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.28 14:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.28 14:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.28 14:17:55 | 000,538,941 | ---- | C] () -- C:\Users\Michpal\Desktop\adwcleaner.exe
[2012.10.28 13:33:52 | 000,000,512 | ---- | C] () -- C:\Users\Michpal\Desktop\MBR.dat
[2012.10.28 13:07:02 | 000,000,382 | ---- | C] () -- C:\Users\Michpal\defogger_reenable
[2012.10.28 13:06:34 | 000,050,477 | ---- | C] () -- C:\Users\Michpal\Desktop\Defogger.exe
[2012.10.27 19:07:56 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.10.27 19:06:46 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.21 09:23:14 | 001,338,211 | ---- | C] () -- C:\Users\Michpal\Desktop\warzmapalpha.png
[2012.10.18 16:34:18 | 000,065,536 | ---- | C] () -- C:\Users\Michpal\AppData\Roaming\p8jmn4dj.default.dat
[2012.10.16 14:29:28 | 000,395,528 | ---- | C] () -- C:\Users\Michpal\Desktop\S3.pdf
[2012.10.16 14:01:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 15:52:45 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2012.10.04 15:50:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2012.09.27 14:32:20 | 000,000,208 | ---- | C] () -- C:\Users\Michpal\Desktop\F1 2012.url
[2012.09.21 17:45:01 | 000,000,000 | ---- | C] () -- C:\Windows\Path.idx
[2012.09.20 19:45:28 | 000,000,034 | ---- | C] () -- C:\Users\Michpal\AppData\Roaming\blckdom.res
[2012.09.10 13:46:21 | 001,259,888 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2012.08.27 05:37:20 | 000,000,033 | ---- | C] () -- C:\Users\Michpal\AppData\Roaming\urhtps.dat
[2012.07.19 16:21:54 | 000,000,051 | ---- | C] () -- C:\ProgramData\krjzwqfjgnxvbwe
[2012.03.06 23:09:00 | 000,007,615 | ---- | C] () -- C:\Users\Michpal\AppData\Local\Resmon.ResmonCfg
[2011.12.13 15:42:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.12.10 11:20:28 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.10 11:20:28 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.10 11:19:44 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.02 00:10:14 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.31 20:57:41 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.22 15:57:33 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.22 15:57:31 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.03.22 15:57:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.22 14:59:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.03.22 14:55:10 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.22 14:55:10 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.22 14:55:07 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.03.22 14:55:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.03.21 17:24:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< c:\users\Michpal\AppData\Roaming /S >

< End of report >
--- --- ---

Michpal 29.10.2012 14:37
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 29.10.2012 14:26:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Michpal\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 81,05% Memory free
14,00 Gb Paging File | 12,24 Gb Available in Paging File | 87,42% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,24 Gb Total Space | 8,00 Gb Free Space | 10,92% Space Free | Partition Type: NTFS
Drive D: | 392,51 Gb Total Space | 135,23 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
 
Computer Name: MICHPAL-PC | User Name: Michpal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BB2C97-CEA5-4294-A282-FBF9A3C67334}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{013AC9C5-E20F-48C5-807E-F4B2F8A41F7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E602D01-74AB-4BA5-9ED9-C5E6E38E010E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12A13A76-F4E1-4A07-ABF7-0F70AA0534EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB7648C-480E-4E1E-A59E-951541220B55}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26B9BBD0-DDE6-43EC-BD6B-E0D46957E0CE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2D401084-70C2-43EA-9D39-9A39502E2C41}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{30F59929-6626-477D-B971-D2728A50412D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DEEB7D2-781C-4F06-933F-6478637DE0F6}" = rport=138 | protocol=17 | dir=out | app=system |
"{4157191F-D4AD-44AD-8B8C-AEC68FD16247}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{44480E7E-8F40-4457-8419-E9FAC90AEC9B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{44F10CB5-5A25-45D2-9E93-C750A566DB91}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{469479B3-0F6B-4748-973C-402143A4F1B5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{48E22393-4BDF-45B6-A97D-C79921BAB922}" = lport=137 | protocol=17 | dir=in | app=system |
"{49CEB0D3-C867-4F34-9FA5-9C18A28CF29A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4CC31C07-0DE3-4EE6-B158-53DCC8A5CDBA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5686138C-ABBF-49F8-BD6C-498C514011AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5AC58B11-4BD2-4190-A104-38CEE1FEE3DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71EA4BDB-33E7-4134-91F6-0B053CA4AF9B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{80CE03B1-B4DD-40BA-B70D-891EDE05526A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{866250A4-AD7A-4EC5-BF4D-9B1A54522A3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C356EFB-9B3C-4D92-9D77-FD35ACC8F2F2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A3F11A8-C06C-4E87-8997-ED4FA1599BEE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A51E9437-559E-44A6-A2A1-034DE90930EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6C00D73-6F96-452F-AE6B-E9B472D91195}" = rport=445 | protocol=6 | dir=out | app=system |
"{A78529DB-AAB0-436D-B9C8-83175FD1B79D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AE0D6C43-A23A-4EAE-A4AA-80EA977BC1AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0F9D425-FDF4-44DC-BC5E-D9020DBAF3F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B34E23E4-16F7-4FBF-AD7F-B6C8226405AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B7B77575-C513-4F71-A1BB-942DBE5237C3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BA2F4F5F-6DC7-4F0C-A019-C1E240C7724F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC07A483-4D9A-438A-BECC-98C30DA2C1CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0363324-D454-40CD-ABC8-BC183ED5BB5B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2D802E4-C5C1-4DBF-9A59-5200ED15496C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C899AE87-B706-4A00-81BE-A158D367718D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C98FC929-6AFA-4AC7-AA39-64219D9B3278}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D787E623-F6AD-4DEF-B846-AE2A84640440}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D7E098D4-6832-484A-AF3F-63B723D425E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{FD80065E-35DF-4C80-A00C-79ABA855E096}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01625243-BCF0-41DC-A439-E59BB9D2934C}" = protocol=17 | dir=in | app=c:\users\michpal\appdata\roaming\dropbox\bin\dropbox.exe |
"{0522D45E-CD7E-4D3B-ADFA-A1A3557CAA1A}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow\launcher.patch.exe |
"{0622389F-BD10-48B6-98FD-18BEB2CBE050}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\f1 2012\f1_2012.exe |
"{062CAE2A-638F-4F46-8177-33469D86641F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0888A55A-CCA9-4E9E-96EF-D6ACB6C8E574}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{0D9D831E-9601-44E0-BE23-5D359F912017}" = protocol=17 | dir=in | app=d:\games\anno 2070\initengine.exe |
"{1060B5F2-C549-41F8-9667-A91372D2D9D2}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{135A771E-F428-4738-94A4-50A84B599948}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{1447C2B3-486A-4C2F-BDBB-DA738B1ED50C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1609B3C9-030C-49B9-B4EF-67DDEDA28BAA}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{1630FC85-60E3-40B9-AB97-5248CE25684E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{166F500D-3F04-4440-BCF3-B191465284F1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe |
"{1958CBE9-9183-4EE7-AA93-461BDB33DE7C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1D59019E-D332-4842-91AB-6CF41396E996}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{24EE4944-B6AD-48A1-B32A-06464B2851F7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{2579178B-678B-4417-A7CC-3AEBD5D8838B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{271C6B88-90D7-47FF-8BFD-3DED7AE30409}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{2E47A5D7-A49A-41B7-945D-BFF0C0C42003}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{32FF2C3E-3611-4A5E-A9A6-C7B55BD4238E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{36594A31-48ED-4F68-BC7C-00A5B8ED9BE0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3990A6FB-9846-47EE-B19A-8D330351CA2A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A131836-51B9-40F8-9985-35744A54F9AB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3ADEA9DE-0899-4208-819E-09F0E0AA02EB}" = protocol=17 | dir=in | app=d:\games\assasine\acrmp.exe |
"{3B239137-CDFE-49AB-8BB2-7E3D486B1324}" = protocol=6 | dir=in | app=d:\games\bfbc 2\bfbc2updater.exe |
"{3C6218B8-A79E-4A35-B012-45B58C418BD1}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{3D8DED8C-B14F-410A-A277-73D8033CCDCD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3E12B0CF-FAB2-4645-A4BA-95600624BCAB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3EEB9190-833A-4D24-8A7F-AD45B22EA784}" = protocol=6 | dir=in | app=d:\games\assasine\acbmp.exe |
"{3FA289E9-FA76-4AB6-AA61-C10C069BF2A8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{404F74DF-6FC7-4C23-95F1-D10FA3F46B91}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{420F0DE3-59CA-4358-82B9-69303FC5328F}" = protocol=17 | dir=in | app=d:\games\anno 2070\anno5.exe |
"{4425F034-4FDF-46F1-AA8F-1086C6ABE49E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{453F5EF6-7D98-4C92-84E0-4BC2AD20BDFD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4EAA009F-898C-4EF6-9DB0-FF1F59A057FB}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{4F651236-4A0A-40D0-A57C-A8C58C6174B5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{50E00C56-4019-4E20-8886-C0D3856EE09D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{51BAC6B9-2305-4E57-93C4-092EC100A47C}" = protocol=6 | dir=in | app=d:\games\anno 2070\initengine.exe |
"{52E5853D-2672-4CAD-B26C-763C1CCF0C27}" = protocol=17 | dir=in | app=d:\games\diablo 3\diablo iii\diablo iii.exe |
"{5617CDA2-D0E0-412E-B4C1-48CFA0F652AB}" = protocol=17 | dir=in | app=d:\games\anno 2070\autopatcher.exe |
"{5891ADBF-5F73-4268-95FD-B8D6CBCDC43C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{58B9B1BD-F765-420E-B0A4-C61DBDB8AB84}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{5922B4A7-D6FB-43D0-A421-688511C568D6}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{5A904B1F-4ECB-4C83-BA99-E975EB1A3EEE}" = protocol=6 | dir=in | app=d:\games\dirt 3\dirt3_game.exe |
"{5C385321-64F7-4438-8F4E-6CA9F36FA51C}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow\launcher.exe |
"{5DB488A3-8E6C-45B5-B4BD-D3C435E44A68}" = protocol=6 | dir=in | app=d:\games\anno 2070\autopatcher.exe |
"{5F1450D1-5820-449C-9E0C-15F8C92DA9D9}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow\launcher.patch.exe |
"{60306C8F-AC48-4499-B92A-431748C1ED35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{63BD3491-4C55-4632-84C8-554D8AB542E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{646C8DEA-1113-42C1-B9F4-3F3C81A95954}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{67DB3C4A-F555-4A56-9655-88EC811BFEAB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{67EE73E7-00D5-4356-9080-4C7AADE0DDF6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6C7B26B0-0D8E-4F51-94E6-52EF192A4250}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6D6E574F-3B0B-48E7-8E20-285624482D12}" = protocol=17 | dir=in | app=d:\games\assasine\acbmp.exe |
"{6F52A965-8022-46F3-8687-52473432045A}" = protocol=17 | dir=in | app=d:\games\bfbc 2\bfbc2updater.exe |
"{6FD3AB04-EA48-4FBA-9967-DE9356E47AA6}" = dir=in | app=d:\games\the war z\warz.exe |
"{7182DC95-7685-490A-B8BE-C36E189EB4AE}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\endless space\endlessspace.exe |
"{74051338-F20B-456A-8C13-8A5B8A4C86AA}" = protocol=17 | dir=in | app=d:\games\need for speed\launcher.exe |
"{745F9C98-E1A9-4C20-9327-92E7154DE37D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe |
"{766CF96A-6E7F-4526-B98A-AB79B0148DFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77FB37BD-07DE-4DEC-9F0B-89EAB4E0AA43}" = protocol=17 | dir=in | app=d:\games\silent hunter 5\sh5.exe |
"{799CC32F-9D95-40ED-8938-E3B5CB0998D1}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{7AD74863-B184-4658-8F9D-BF1511D05A9A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E5E47E7-56E2-43A7-BFF0-18C77459ABB3}" = protocol=6 | dir=in | app=d:\games\diablo 3\diablo iii\diablo iii.exe |
"{8384A255-7959-4DEA-8CC1-D2D79466110F}" = protocol=6 | dir=in | app=d:\games\anno 2070\anno5.exe |
"{83A28E61-2983-4C38-94AE-BCBA25C833EE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{84E226A9-6AE6-4B88-B9FB-D17BA90CB6A9}" = protocol=6 | dir=in | app=d:\games\origin games\bf 3\battlefield 3\bf3.exe |
"{8734A600-1358-4F95-9052-76C875D55E40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8832802C-9EEA-4B19-877D-2EACA9DCA115}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{88DC59BA-980B-43A5-BB31-9AD696A6EDD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{89D2DB71-D794-49CC-945D-7BDE6C51539E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8A13FB81-0103-4365-803C-709D8CB5FAA9}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3tc.exe |
"{8D6D3BF6-3D2F-4434-9E4C-E286CE2F6D50}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"{8DB24F68-31BC-44E0-86E2-8A2C09F4593F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{911BD869-DE9F-4AA6-BF7C-6C04A7A82A85}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{95079AB3-EB48-4315-B16B-7C8A48518D99}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{97522052-91F0-452D-B5F2-9F2A060559EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A063555-46C4-49F8-A034-C79FB51CFA7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9BF22015-095F-4E0D-B493-F17AAD6761F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9E2333CA-7E19-46D5-9B4F-2C1FF028822E}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{9E66C6F5-4127-45D9-912E-CD73097ECE59}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9F4ED5FD-7986-48BC-A2DA-1687ED493F8A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1B2E6B7-4775-40A8-8E01-B068D631D402}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\endless space\endlessspace.exe |
"{A64E5C56-0720-429E-866A-71AC01A6CA69}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\f1 2012\f1_2012.exe |
"{A7BF9B64-0292-476A-A80F-5813700C2C49}" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{B1B8F12E-666F-4DDA-B99B-62247BDBC94F}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow\launcher.exe |
"{B28CE8C3-4CFB-40D7-B4B0-2ED70FED6FC2}" = protocol=6 | dir=in | app=c:\users\michpal\appdata\roaming\dropbox\bin\dropbox.exe |
"{B55F0E6E-D059-461D-BCA3-7E56314FF7DC}" = protocol=6 | dir=in | app=d:\games\need for speed\launcher.exe |
"{BCD91DEB-727C-4516-ACCA-37630AC7BEB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C03B08A1-6713-4A07-AF9B-D33B55FF7D53}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{C7A683C5-2056-49FA-B562-4447241EA289}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C951E6C7-3DE1-4122-8AFB-DD2D94CA3BEC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{C97E2770-0B13-4B35-9647-338BE61A5BAD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{C9CBC0FE-1D25-43B3-85C4-CB00FE022148}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB2B7758-C363-4621-984D-DA0510E4D65F}" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"{CC6CA92C-8386-47B3-8E58-E52F413CAC0F}" = protocol=17 | dir=in | app=d:\games\origin games\bf 3\battlefield 3\bf3.exe |
"{CED03644-73F5-47EE-B915-9DF2458503A5}" = protocol=17 | dir=in | app=d:\games\dirt 3\dirt3_game.exe |
"{D1E97F4D-9A9C-4B69-97AD-0CAFB3634247}" = protocol=6 | dir=in | app=d:\games\silent hunter 5\sh5.exe |
"{D6C8EFBA-3939-483F-886D-C07F9CE43EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DCC9DC91-1E79-46FA-913E-9528A21174D5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\x3 terran conflict\x3ap.exe |
"{DEB58912-D42D-4EF5-9B68-D2E1DC7EE1BB}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{DF61C2CB-F59A-4506-A87D-4D0086073D53}" = protocol=6 | dir=in | app=d:\games\assasine\acrmp.exe |
"{E0C0E3E0-D720-4985-9D5E-0ECD36BC0365}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"{E10C89DD-F7B5-42D2-BDCA-223E9FB57DB4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E18F2942-89CF-4A37-99DC-A8A532674DC1}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{E715DC28-0497-47D6-808D-4077CA580859}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EE96720A-593F-4DD9-8A38-ED998CC3B5FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F33F6144-4A84-4123-BFCB-20FF85370A0C}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{F7A2132B-74F7-4537-849C-61965FBB62CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{FC735581-2EA1-4A83-AFED-EFA27921A6E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF0C3B01-EC67-4FC9-B65B-4E6AE5F7DE7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{2597BAC8-6D52-4D37-814F-2729E03C5ADC}C:\users\michpal\appdata\roaming\xonu\vado.exe" = protocol=6 | dir=in | app=c:\users\michpal\appdata\roaming\xonu\vado.exe |
"UDP Query User{2853AA23-4C13-4EF0-808D-E2E85FC6B1FF}C:\users\michpal\appdata\roaming\xonu\vado.exe" = protocol=17 | dir=in | app=c:\users\michpal\appdata\roaming\xonu\vado.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{257A63C6-A669-43F1-8C75-E16CDB617841}_is1" = amBX Gaming FXGen 3.7.6
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{3A76C69A-09A7-4DDB-BFFF-EDFDC33814D1}_is1" = amBX Audio FXGen 3.1.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{93F00A69-865C-4FEE-AB52-EF2312A28252}_is1" = amBX Control Panel 1.2.7
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"WNLT" = Web Optimizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AFAB5E-0631-4A3F-934F-EFC59479A26E}" = Hyperdesk - DarkMatter Subspace
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018202}" = DiRT 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{920A4937-9D4D-4457-A323-F3EA79A84A3D}_is1" = amBX Saitek HAL 1.0.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A140B991-FC80-475C-B569-7197EA261A45}_is1" = amBX System 1.1.4.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D6861C-7537-4BD5-B792-AA5206411138}" = Hyperdesk - DarkMatter RedShift
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J415W
"{FCC0865A-F6E3-45E6-A5C8-099BE5AE3247}" = Hyperdesk - DarkMatter Solar Flare
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"amBX Illuminate" = amBX Illuminate 1.0.2
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cities XL" = Cities XL
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Free Video to Samsung Phones Converter_is1" = Free Video to Samsung Phones Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"Lucikes Rundum-Sorglos-Paket_is1" = Lucikes Rundum-Sorglos-Paket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 201310" = X3: Albion Prelude
"Steam App 207610" = The Walking Dead
"Steam App 208140" = Endless Space
"Steam App 208500" = F1 2012
"Steam App 2820" = X3: Terran Conflict
"Steam App 550" = Left 4 Dead 2
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 2.0.3
"World of Warcraft" = World of Warcraft
"X3AP Bonus Pack_is1" = X3 Albion Prelude Bonuspaket 5.1.0.0
"X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2051330578-1478212451-1897483881-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.09.2012 16:36:15 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_268.exe,
 Version: 11.3.300.268, Zeitstempel: 0x500adb58  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset:
 0x000ce6c3  ID des fehlerhaften Prozesses: 0x874  Startzeit der fehlerhaften Anwendung:
 0x01cd8881653ae290  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ac4e3ebd-f474-11e1-a960-90e6ba0d3330
 
Error - 02.09.2012 03:37:34 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mchost.exe, Version: 5.0.185.0, Zeitstempel:
 0x4d0998be  Name des fehlerhaften Moduls: mcmscshm.dll, Version: 11.0.669.0, Zeitstempel:
 0x4f6a7c22  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0000000000084878  ID des fehlerhaften
 Prozesses: 0xee8  Startzeit der fehlerhaften Anwendung: 0x01cd88ddcf2197d1  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\Core\mchost.exe  Pfad
 des fehlerhaften Moduls: c:\PROGRA~1\mcafee\msc\mcmscshm.dll  Berichtskennung: 0efb24b2-f4d1-11e1-bf79-90e6ba0d3330
 
Error - 02.09.2012 04:03:12 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1446.623,
 Zeitstempel: 0x5004ae1a  Name des fehlerhaften Moduls: iertutil.dll, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf051  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00114f5b  ID des fehlerhaften
 Prozesses: 0x898  Startzeit der fehlerhaften Anwendung: 0x01cd88e1529f32af  Pfad der
 fehlerhaften Anwendung: D:\Games\Steam\Steam.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\iertutil.dll
Berichtskennung:
 a3b5e786-f4d4-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 04:03:23 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: brccMCtl.exe, Version: 3.6.8.14,
Zeitstempel: 0x49c7422a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022568  ID des fehlerhaften
 Prozesses: 0xfb0  Startzeit der fehlerhaften Anwendung: 0x01cd88e1598c93db  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a9ff09bf-f4d4-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 04:03:31 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DTLite.exe, Version: 4.41.3.173,
Zeitstempel: 0x4e37a841  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xa4c  Startzeit der fehlerhaften Anwendung: 0x01cd88e152d853b6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: aecdb12d-f4d4-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 04:03:38 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: jusched.exe, Version: 2.1.6.0, Zeitstempel:
 0x4f15c703  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften Prozesses:
 0xfa0  Startzeit der fehlerhaften Anwendung: 0x01cd88e1595a96f5  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b354ef52-f4d4-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 04:03:49 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SSScheduler.exe, Version: 3.0.207.0,
 Zeitstempel: 0x4dfb637d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000345ce  ID des fehlerhaften
 Prozesses: 0xc0c  Startzeit der fehlerhaften Anwendung: 0x01cd88e1533c4d81  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b9994ecb-f4d4-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 04:06:48 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mchost.exe, Version: 5.0.185.0, Zeitstempel:
 0x4d0998be  Name des fehlerhaften Moduls: mcmscshm.dll, Version: 11.0.669.0, Zeitstempel:
 0x4f6a7c22  Ausnahmecode: 0xc0000417  Fehleroffset: 0x0000000000084878  ID des fehlerhaften
 Prozesses: 0x6878  Startzeit der fehlerhaften Anwendung: 0x01cd88e1e57ac1ed  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\Core\mchost.exe  Pfad
 des fehlerhaften Moduls: c:\PROGRA~1\mcafee\msc\mcmscshm.dll  Berichtskennung: 2463e3d2-f4d5-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 05:15:49 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CitiesXL.exe, Version: 1.0.0.0, Zeitstempel:
 0x4b4f53dc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fab8  ID des fehlerhaften Prozesses:
 0x6ad8  Startzeit der fehlerhaften Anwendung: 0x01cd88eb89c25323  Pfad der fehlerhaften
 Anwendung: D:\Games\Cities XL\CitiesXL.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 c874b562-f4de-11e1-a341-90e6ba0d3330
 
Error - 02.09.2012 05:30:45 | Computer Name = Michpal-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SSScheduler.exe, Version: 3.0.207.0,
 Zeitstempel: 0x4dfb637d  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198f5  ID des fehlerhaften
 Prozesses: 0xbc8  Startzeit der fehlerhaften Anwendung: 0x01cd88ed99611959  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: debcb395-f4e0-11e1-9f33-90e6ba0d3330
 
[ System Events ]
Error - 28.10.2012 15:21:39 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
 ist bereits 353 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.10.2012 15:21:41 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
 ist bereits 354 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.10.2012 15:21:43 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
 ist bereits 355 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.10.2012 15:21:45 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
 ist bereits 356 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.10.2012 15:21:49 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
 ist bereits 357 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.10.2012 15:21:52 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "amBX Saitek HAL Service" wurde unerwartet beendet. Dies
 ist bereits 358 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.10.2012 18:36:46 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "amBX Service" wurde mit folgendem Fehler beendet:  %%1115
 
Error - 29.10.2012 01:33:04 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 29.10.2012 01:34:47 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "amBX Service" wurde mit folgendem Fehler beendet:  %%1115
 
Error - 29.10.2012 09:21:36 | Computer Name = Michpal-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
 
< End of report >
--- --- ---

M-K-D-B 29.10.2012 14:58
Servus,



du bist seit mindestens August mit Malware infiziert!




Schritt 1
Code:
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 122.49.77.1:80
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Michpal\AppData\Roaming\14001.034
[2011.11.05 16:20:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
[2012.09.27 14:33:02 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.022
[2012.09.20 19:45:43 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.021
[2012.09.03 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.020
[2012.08.30 16:18:31 | 000,000,000 | ---D | C] -- C:\Users\Michpal\AppData\Roaming\14001.019

:files
C:\users\michpal\appdata\roaming\xonu
C:\Users\Michpal\AppData\Roaming\14001.*

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2597BAC8-6D52-4D37-814F-2729E03C5ADC}C:\users\michpal\appdata\roaming\xonu\vado.exe"=-
"UDP Query User{2853AA23-4C13-4EF0-808D-E2E85FC6B1FF}C:\users\michpal\appdata\roaming\xonu\vado.exe"=-
 
:commands
[Emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Datei-Alter, wähle bitte 180 Tage.
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs wird 1 Logdatei erstellt.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei des neuen OTL-Scans.

Michpal 29.10.2012 15:22
All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found.
File C:\Users\Michpal\AppData\Roaming\14001.034 not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\Michpal\AppData\Roaming\14001.022\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.022 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.021\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.021 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.020\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.020 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.019\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.019 folder moved successfully.
========== FILES ==========
C:\users\michpal\appdata\roaming\Xonu folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.008\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.008 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.009\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.009 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.010\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.010 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.011\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.011 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.012\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.012 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.013\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.013 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.014\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.014 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.016\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.016 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.017\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.017 folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.018\components folder moved successfully.
C:\Users\Michpal\AppData\Roaming\14001.018 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2597BAC8-6D52-4D37-814F-2729E03C5ADC}C:\users\michpal\appdata\roaming\xonu\vado.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2853AA23-4C13-4EF0-808D-E2E85FC6B1FF}C:\users\michpal\appdata\roaming\xonu\vado.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michpal
->Temp folder emptied: 3895 bytes
->Temporary Internet Files folder emptied: 38984670 bytes
->Java cache emptied: 16110858 bytes
->FireFox cache emptied: 300904372 bytes
->Flash cache emptied: 72963 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Michpal-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: UpdatusUser.Michpal-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3160597 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 343,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10292012_151644

Files\Folders moved on Reboot...
C:\Users\Michpal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131