Jump to content

Erikk

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by Erikk

  1. Thanks for your quick response MrCharlie!! Sorry for putting the log files into my post! I have done as you asked and attached the RKreport, I have also attached the previous DDS and Attach again. RKreport1.txt DDS.txt Attach.txt
  2. Hi, I'm infected with two kind of Malwares: Trojan.Dropper.BCMiner and Rootkit.0Access I found out that there were some infections because Internet Explorer didn't start anymore! After using Malware Anti-Malware Internet Explorer did work again, only Malwarebytes keeps on finding the Trojan.Dropper.BCMiner infection! Question, how can I remove the BCMiner infection? Should I be worried about the Rootkit.0Access? I have no idea how to forward from this point on, that is the reason I post here, I really hope you can help me?? [/size][/font][/color][color=#222222][font=Calibri][size=2] Malwarebytes Anti-Malware 1.62.0.1300[/size][/font][/color][color=#222222][font=Calibri][size=2] [url="http://www.malwarebytes.org/"]www.malwarebytes.org[/url][/size][/font][/color][color=#222222][font=Calibri][size=2] Databaseversie: v2012.07.26.14[/size][/font][/color][color=#222222][font=Calibri][size=2] Windows 7 Service Pack 1 x64 NTFS[/size][/font][/color][color=#222222][font=Calibri][size=2] Internet Explorer 9.0.8112.16421[/size][/font][/color][color=#222222][font=Calibri][size=2] Charl :: I7 [administrator][/size][/font][/color][color=#222222][font=Calibri][size=2] 26-7-2012 20:35:22[/size][/font][/color][color=#222222][font=Calibri][size=2] mbam-log-2012-07-26 (20-37-23).txt[/size][/font][/color][color=#222222][font=Calibri][size=2] Scantype: Snelle scan[/size][/font][/color][color=#222222][font=Calibri][size=2] Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM[/size][/font][/color][color=#222222][font=Calibri][size=2] Uitgeschakelde scanopties: P2P[/size][/font][/color][color=#222222][font=Calibri][size=2] Objecten gescand: 253177[/size][/font][/color][color=#222222][font=Calibri][size=2] Verstreken tijd: 1 minuut/minuten, 2 seconde(n)[/size][/font][/color][color=#222222][font=Calibri][size=2] Geheugenprocessen gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Geheugenmodulen gedetecteerd: 1[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Users\Charl\AppData\Roaming\mceli.dll (Trojan.Agent) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] Registersleutels gedetecteerd: 1[/size][/font][/color][color=#222222][font=Calibri][size=2] HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Trojan.FakeMS) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] Registerwaarden gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Registerdata gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Mappen gedetecteerd: 0[/size][/font][/color][color=#222222][font=Calibri][size=2] (Geen kwaadaardige objecten gedetecteerd)[/size][/font][/color][color=#222222][font=Calibri][size=2] Bestanden gedetecteerd: 8[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Users\Charl\AppData\Roaming\mceli.dll (Trojan.Agent) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\msseedir.dll (Trojan.FakeMS) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Users\Charl\AppData\Local\Temp\SonicWALL\Cache\NESetupM.exe (Rogue.Installer) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\n (Rootkit.0Access) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Geen actie ondernomen.[/size][/font][/color][color=#222222][font=Calibri][size=2] (einde)[/size][/font][/color][color=#222222][font=Calibri][size=2] Second scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.29.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Charl :: I7 [administrator] 29-7-2012 21:52:44 mbam-log-2012-07-29 (21-52-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 254598 Time elapsed: 1 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{c78efb76-7bad-b77c-1131-310fbb0fa300}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) DDS scan result: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Charl at 21:57:33 on 2012-07-29 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8089.5223 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k ftpsvc C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\NetLimiter 3\nlsvc.exe C:\Windows\SysWOW64\nlssrv32.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe D:\Program_Files (x86)\Zune\ZuneLauncher.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe D:\Program_Files (x86)\Steam\Steam.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Users\Charl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Users\Charl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\No-IP\DUC30.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Windows\SysWOW64\mdm.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\notepad.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\No-IP\DUC30.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE \\?\C:\Windows\system32\wbem\WMIADAP.EXE "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.nl/ uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - d:\Program_Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Steam] "D:\Program_Files (x86)\Steam\steam.exe" -silent uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" uRun: [SkyDrive] "C:\Users\Charl\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [Spotify Web Helper] "C:\Users\Charl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Charl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - C:\Program Files (x86)\No-IP\DUC30.exe StartupFolder: C:\Users\Charl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://ssl2.uitkomst.nl/NELX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab TCP: DhcpNameServer = 172.16.0.10 195.241.77.55 195.241.77.58 TCP: Interfaces\{3879A0CF-5B62-438C-9DDF-56BBD13EF8BD} : DhcpNameServer = 172.16.0.10 195.241.77.55 195.241.77.58 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {3049C3E9-B461-4BC5-8870-4C09146192CA} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} {9030D464-4C02-4ABF-8ECC-5164760863C6} {9FDDE16B-836F-4806-AB1F-1455CBEFF289} {AE7CD045-E861-484f-8273-0445EE161910} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} {DDA57003-0068-4ed2-9D32-4D1EC707D94D} {F4971EE7-DAA0-4053-9964-665D8EE6A077} {47833539-D0C5-4125-9FA8-0819E2EAAC93} EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(standaard)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ============= SERVICES / DRIVERS =============== . R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2011-9-20 29568] R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-2 915584] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-9-18 586880] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592] R2 ftpsvc;Microsoft FTP-service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-14 20992] R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?] R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-6 655944] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-31 66560] R2 NoIPDUCService3;No-IP DUC Service;C:\Program Files (x86)\No-IP\DUC30.exe -service --> C:\Program Files (x86)\No-IP\DUC30.exe -service [?] R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592] R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2012-6-28 2169056] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?] R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?] R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?] R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-10-11 102752] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?] S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgx64gps.sys --> C:\Windows\system32\DRIVERS\lgx64gps.sys [?] S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program_Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;D:\Program_Files (x86)\Zune\WMZuneComm.exe [2011-8-5 306400] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-29 18:41:33 -------- d-----w- C:\TDSSStarter 2012-07-29 10:34:51 -------- d-----w- C:\Users\Charl\AppData\Local\{BB4234D1-C36F-4341-BB52-EAA5ABB13416} 2012-07-29 10:34:41 -------- d-----w- C:\Users\Charl\AppData\Local\{8C544BE1-01D7-47EA-B53C-06DCE68F36AE} 2012-07-28 10:13:54 -------- d-----w- C:\Users\Charl\AppData\Local\{360FCF4E-B031-4C80-B873-511147AB6F3E} 2012-07-28 10:13:44 -------- d-----w- C:\Users\Charl\AppData\Local\{2880DB89-88A6-4569-A264-05748756D9C9} 2012-07-27 22:13:20 -------- d-----w- C:\Users\Charl\AppData\Local\{809B5FD7-7BAB-4793-BB2F-F59A50C69984} 2012-07-27 22:13:11 -------- d-----w- C:\Users\Charl\AppData\Local\{A4A376E2-8305-4120-8A36-874AFD70C93D} 2012-07-27 10:12:59 -------- d-----w- C:\Users\Charl\AppData\Local\{B7EB355C-AE43-44BB-AB4D-E708C6B7222D} 2012-07-27 10:12:50 -------- d-----w- C:\Users\Charl\AppData\Local\{EA88CCDA-8E77-4061-AFB8-8F4BB47DD424} 2012-07-26 22:12:26 -------- d-----w- C:\Users\Charl\AppData\Local\{AFCAE0CF-8EAC-4CD8-82B3-8400C16A0C37} 2012-07-26 22:12:17 -------- d-----w- C:\Users\Charl\AppData\Local\{7EE33153-9667-4EAB-AF62-587BDC609FED} 2012-07-26 18:52:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-26 18:30:04 -------- d-----w- C:\Users\Charl\AppData\Roaming\xsecva 2012-07-26 18:05:40 -------- d-----w- C:\ProgramData\Windows 2012-07-26 10:11:53 -------- d-----w- C:\Users\Charl\AppData\Local\{0E0BF657-34FF-4027-9FD3-D5E050F5003C} 2012-07-26 10:11:44 -------- d-----w- C:\Users\Charl\AppData\Local\{099B1222-672E-4892-8DAD-01D3B8C7EDF4} 2012-07-26 09:13:33 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56D5334D-B9A8-4B76-9FDF-C56061115D11}\mpengine.dll 2012-07-25 22:11:19 -------- d-----w- C:\Users\Charl\AppData\Local\{DC1BB44B-1CF5-443C-B69B-0CFBC2A486AE} 2012-07-25 10:10:58 -------- d-----w- C:\Users\Charl\AppData\Local\{F87C1C42-22F4-4B6D-9C6C-5DDB9C8B9440} 2012-07-25 10:10:48 -------- d-----w- C:\Users\Charl\AppData\Local\{1488AFB1-C621-4A10-B312-2871C59181E3} 2012-07-25 08:12:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-24 22:10:24 -------- d-----w- C:\Users\Charl\AppData\Local\{C8F85AA5-726C-4713-873A-0B49D9B04EF1} 2012-07-24 22:10:14 -------- d-----w- C:\Users\Charl\AppData\Local\{80C90CD6-B2B3-45C4-B657-0E263890D55A} 2012-07-24 10:10:03 -------- d-----w- C:\Users\Charl\AppData\Local\{CD991D6F-2A04-4A29-8DCF-688DAA7CBCC9} 2012-07-24 10:09:53 -------- d-----w- C:\Users\Charl\AppData\Local\{114036CC-A886-4567-89FA-9AE1005845B8} 2012-07-23 22:09:29 -------- d-----w- C:\Users\Charl\AppData\Local\{DBB74D24-8CF7-438C-B28E-E6876760B615} 2012-07-23 22:09:18 -------- d-----w- C:\Users\Charl\AppData\Local\{E2631F7E-C4A3-496B-BDBD-4BDEEDBDEF5C} 2012-07-23 10:09:07 -------- d-----w- C:\Users\Charl\AppData\Local\{2185122B-F3AF-4FC4-8BBE-35A6F92C2CEF} 2012-07-23 10:08:58 -------- d-----w- C:\Users\Charl\AppData\Local\{3C757E2A-8DDC-4ED5-A321-EE16716DB721} 2012-07-22 19:21:53 -------- d-----w- C:\Users\Charl\AppData\Local\{1267BA62-4F63-495E-9E2B-E48B3681D8CF} 2012-07-22 19:21:43 -------- d-----w- C:\Users\Charl\AppData\Local\{BFAEC9E3-F2F9-46EF-A248-2AA19EB54B84} 2012-07-22 07:21:32 -------- d-----w- C:\Users\Charl\AppData\Local\{BE902197-096F-4733-82BB-54C4CABDCC3B} 2012-07-22 07:21:22 -------- d-----w- C:\Users\Charl\AppData\Local\{3C673283-C080-4AB5-B89E-647AEC2C023D} 2012-07-21 13:03:32 -------- d-----w- C:\Users\Charl\AppData\Local\{C346C9D2-4B04-4DD5-BEFC-BEDC6D6757CF} 2012-07-21 13:03:22 -------- d-----w- C:\Users\Charl\AppData\Local\{B2985F47-715A-4E7F-B579-C9D74DC5E7DE} 2012-07-18 12:55:36 -------- d-----w- C:\Users\Charl\AppData\Local\{B96EC8F7-4374-4794-AA48-E457C89B9B37} 2012-07-18 12:55:26 -------- d-----w- C:\Users\Charl\AppData\Local\{66423FF5-8859-474A-B92E-6198D773DD1A} 2012-07-17 13:27:35 -------- d-----w- C:\Users\Charl\AppData\Local\{806354A0-F71C-4966-BFE2-45225827D5BB} 2012-07-16 10:33:15 -------- d-----w- C:\Users\Charl\AppData\Local\{FE34762A-3966-4FED-9221-8AC80BECDB87} 2012-07-16 10:33:06 -------- d-----w- C:\Users\Charl\AppData\Local\{13609A86-D797-4ECE-AEA0-374CA0D52A24} 2012-07-15 04:15:11 -------- d-----w- C:\Users\Charl\AppData\Local\{317E7485-9BAA-4E08-A2DA-636113C141FE} 2012-07-15 04:15:01 -------- d-----w- C:\Users\Charl\AppData\Local\{FF246F1B-FECF-49D6-B12C-5858CC4744DD} 2012-07-14 10:27:35 -------- d-----w- C:\Users\Charl\AppData\Local\{3D75122C-2BC1-4693-B717-F70992F21CDB} 2012-07-14 10:27:25 -------- d-----w- C:\Users\Charl\AppData\Local\{640480E6-7951-4B14-A1F4-7D512D2B2D2A} 2012-07-13 21:23:23 -------- d-----w- C:\Users\Charl\AppData\Local\{08C146C7-786A-489E-AAD1-33AC126B5EB1} 2012-07-13 09:23:02 -------- d-----w- C:\Users\Charl\AppData\Local\{28830C1A-961F-4E72-AA4C-39ACB3BAE5C3} 2012-07-13 09:22:52 -------- d-----w- C:\Users\Charl\AppData\Local\{FB6E8105-FC3E-4CE9-ACAD-2EF1C8AD2F89} 2012-07-12 21:22:28 -------- d-----w- C:\Users\Charl\AppData\Local\{B8FC7D6A-10CD-4F3F-8BE9-FE3DE256643F} 2012-07-12 09:22:07 -------- d-----w- C:\Users\Charl\AppData\Local\{2C6D7EED-ADD7-4197-ADB9-C2584FFB3C8F} 2012-07-12 09:21:57 -------- d-----w- C:\Users\Charl\AppData\Local\{31743456-6941-45E5-AEC4-06364DFCE2BA} 2012-07-11 21:36:38 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 10:49:31 -------- d-----w- C:\Users\Charl\AppData\Local\{789551FB-8206-4CF4-8EF1-D82AB89B6575} 2012-07-11 10:49:20 -------- d-----w- C:\Users\Charl\AppData\Local\{CA5AD31A-F8A4-4C7E-B55E-C00E3C1E39B2} 2012-07-11 10:11:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 10:11:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 10:11:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 10:11:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 10:11:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 10:11:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-10 22:48:56 -------- d-----w- C:\Users\Charl\AppData\Local\{427DBDBF-4070-4B74-8F68-67D95FC95BA4} 2012-07-10 22:48:46 -------- d-----w- C:\Users\Charl\AppData\Local\{6375B89B-D791-457F-9DAE-0004BB1831C6} 2012-07-10 10:48:35 -------- d-----w- C:\Users\Charl\AppData\Local\{D3231C3E-968E-4D31-8D77-B11E5B5837AB} 2012-07-10 10:48:25 -------- d-----w- C:\Users\Charl\AppData\Local\{0EF418F8-153C-4F4F-A3BE-0A9FBF72CCB2} 2012-07-09 22:48:01 -------- d-----w- C:\Users\Charl\AppData\Local\{4B395D58-D578-40CB-9BF9-70C55B1FAF9E} 2012-07-09 22:47:51 -------- d-----w- C:\Users\Charl\AppData\Local\{4948BFD5-B8E8-413E-AC79-05E98FB0F9BA} 2012-07-09 10:47:40 -------- d-----w- C:\Users\Charl\AppData\Local\{A26608A1-6C19-49A4-8A54-459A3073FA98} 2012-07-09 10:47:30 -------- d-----w- C:\Users\Charl\AppData\Local\{A6CFD477-9EB8-4125-B909-44E15EA546A4} 2012-07-08 22:47:10 -------- d-----w- C:\Users\Charl\AppData\Local\{3460C609-7DB4-4846-B82A-F00C7BF014A4} 2012-07-08 22:47:00 -------- d-----w- C:\Users\Charl\AppData\Local\{D9B9B86F-2ED6-4DEF-B4CA-E6761F90C63C} 2012-07-08 10:46:48 -------- d-----w- C:\Users\Charl\AppData\Local\{4C56AC06-1A97-4976-81F0-2F39D553AD87} 2012-07-08 10:46:38 -------- d-----w- C:\Users\Charl\AppData\Local\{1E0C333B-6C2A-4422-AD54-B6561ABD5B10} 2012-07-07 12:21:49 -------- d-----w- C:\Users\Charl\AppData\Local\{CD189737-33B0-4069-A00B-39967245DDE0} 2012-07-07 12:21:39 -------- d-----w- C:\Users\Charl\AppData\Local\{A0AFBA76-3EE8-428D-8C14-50E3AABCB172} 2012-07-06 22:26:05 -------- d-----w- C:\Users\Charl\AppData\Local\{08141B20-FD22-4EC2-BB77-4E3C8BB326B7} 2012-07-06 22:25:54 -------- d-----w- C:\Users\Charl\AppData\Local\{553CD04E-5C2D-4536-8008-92A33389E290} 2012-07-06 10:25:43 -------- d-----w- C:\Users\Charl\AppData\Local\{6D70629E-DCEB-472B-967B-BAB07C5AB7E5} 2012-07-06 10:25:33 -------- d-----w- C:\Users\Charl\AppData\Local\{D0018BD2-5036-4FFB-99B9-7B60F5BD1492} 2012-07-05 22:25:09 -------- d-----w- C:\Users\Charl\AppData\Local\{782B520C-5CFD-4329-BF78-23ACF65291F6} 2012-07-05 10:24:48 -------- d-----w- C:\Users\Charl\AppData\Local\{881FE83B-F30E-499F-9C4E-DAEBDBC22211} 2012-07-05 10:24:38 -------- d-----w- C:\Users\Charl\AppData\Local\{0115ED8F-2BB1-489E-959C-19315F55F654} 2012-07-04 22:24:14 -------- d-----w- C:\Users\Charl\AppData\Local\{54B77F8D-157E-44FE-A684-CB8FB43E9CFF} 2012-07-04 22:24:04 -------- d-----w- C:\Users\Charl\AppData\Local\{084EBAEE-DB6B-4967-8F3E-6431DF0EC185} 2012-07-04 10:23:52 -------- d-----w- C:\Users\Charl\AppData\Local\{54FFACFA-3246-46FC-B089-A1A3C1A389BC} 2012-07-04 10:23:43 -------- d-----w- C:\Users\Charl\AppData\Local\{B0461553-2E31-4B44-9A31-615CF2567EAC} 2012-07-04 00:04:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-04 00:04:25 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-03 22:23:18 -------- d-----w- C:\Users\Charl\AppData\Local\{037E4043-7F9F-4B35-BE36-BFA1C1F5002F} 2012-07-03 22:23:08 -------- d-----w- C:\Users\Charl\AppData\Local\{0FAA343F-890B-4C76-9D40-720B43D70FAD} 2012-07-03 10:22:57 -------- d-----w- C:\Users\Charl\AppData\Local\{BDF5A052-6647-43F5-8840-F597516FC977} 2012-07-03 10:22:47 -------- d-----w- C:\Users\Charl\AppData\Local\{F2D53231-D63B-4EB3-B6AE-FBAB79C41D0C} 2012-07-02 22:22:22 -------- d-----w- C:\Users\Charl\AppData\Local\{AD126AE2-1D78-4B71-8E82-C51E140C2A89} 2012-07-02 22:22:12 -------- d-----w- C:\Users\Charl\AppData\Local\{0AF42034-2BCD-49C3-A212-1C3EF99EA7C9} 2012-07-02 21:32:53 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-07-02 20:39:31 -------- d-----w- C:\Users\Charl\AppData\Local\PunkBuster 2012-07-02 20:39:31 -------- d-----w- C:\Users\Charl\AppData\Local\CrashRpt 2012-07-02 20:38:16 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-07-02 20:38:16 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-07-02 20:38:16 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-07-02 20:38:15 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-07-02 10:22:01 -------- d-----w- C:\Users\Charl\AppData\Local\{9DFD863D-FE7C-48F8-8BDC-13E76F22DF22} 2012-07-02 10:21:51 -------- d-----w- C:\Users\Charl\AppData\Local\{2BE54875-5EA2-41E5-890A-5CFF618D75B0} 2012-07-01 22:21:30 -------- d-----w- C:\Users\Charl\AppData\Local\{DFA4121A-A474-4433-A906-4B8A9D7A0E04} 2012-07-01 22:21:20 -------- d-----w- C:\Users\Charl\AppData\Local\{2DB41D81-8D83-40BB-83ED-EE90FD751663} 2012-07-01 10:21:09 -------- d-----w- C:\Users\Charl\AppData\Local\{7D6A70E3-40FF-49C9-9F0F-1247C97E6BC0} 2012-07-01 10:20:59 -------- d-----w- C:\Users\Charl\AppData\Local\{5B44A6F9-94FD-4061-9C6F-4FEB7ED132C0} 2012-06-30 21:35:43 -------- d-----w- C:\Users\Charl\AppData\Local\{40FC26F8-5610-4E01-8990-83B26A103A6D} 2012-06-30 21:35:33 -------- d-----w- C:\Users\Charl\AppData\Local\{AC77BD86-A9AF-4B84-B67C-8B0EB5CC1CBF} 2012-06-30 09:35:22 -------- d-----w- C:\Users\Charl\AppData\Local\{4AE49593-5442-4539-B85D-33CC2A5C77A6} 2012-06-30 09:35:11 -------- d-----w- C:\Users\Charl\AppData\Local\{1B7E3D8B-2CAB-48A5-8635-EBCA1140C8B2} 2012-06-29 21:32:26 -------- d-----w- C:\Users\Charl\AppData\Local\{0608F0EA-F1F7-46AC-A633-45D4A69F5EC3} 2012-06-29 21:32:16 -------- d-----w- C:\Users\Charl\AppData\Local\{A52BB15E-5FE6-4F50-9BFE-84654DAD9A19} . ==================== Find3M ==================== . 2012-07-27 21:02:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 21:02:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-14 08:56:23 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-04 22:28:01 4046560 ----a-w- C:\Windows\PE_Rom.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-29 12:15:30 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys 2012-05-29 12:15:30 26112 ----a-w- C:\Windows\System32\vncmirror.dll 2012-05-28 12:59:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-28 12:59:34 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll . ============= FINISH: 21:57:42,45 =============== Thanks in advance!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.