![]() |
Log-Analyse und Auswertung: Windows Server 2008 R2: ZeroAccess Rootkit?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Windows Server 2008 R2: ZeroAccess Rootkit? Hallo, nun hat es mich tatsächlich auch mal erwischt. Symptome: - Kein Zugriff über das LAN auf den Rechner - Windows-Firewall im Server-Manager nicht aktivierbar, Fehlermeldung-Code: 0x6D9. (Das Snap-In "Windows-Firewall mit erweiterter Sicherheit" konnte nicht geladen werden. - Hyper-V nicht funktionstüchtig Logs: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by Administrator (administrator) on 30-08-2013 19:44:09 Running from C:\Users\Administrator\Desktop Windows Server 2008 R2 Datacenter Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\memcached\memcached.exe (Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe () C:\programme\mysql\mysql server 5.6\bin\mysqld.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) C:\PROGRA~1\MySQL\ENTERP~1\Monitor\apache-tomcat\bin\tomcat6.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () C:\Program Files (x86)\OpenVPN\bin\openvpn.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files (x86)\Subsonic\subsonic-service.exe () C:\Program Files (x86)\Subsonic\subsonic-service.exe () C:\Program Files\Synergy\synergyd.exe (SparkLabs) C:\Program Files\Viscosity\ViscosityService.exe () C:\Program Files\Synergy\synergyc.exe (Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe (Microsoft Corporation) C:\Windows\system32\vmms.exe (Microsoft Corporation) C:\Windows\system32\wsrm.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe () C:\Program Files (x86)\Subsonic\subsonic-agent.exe () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Users\Administrator\Desktop\gmer_2.1.19163.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKCU\...\Run: [Google Update] - C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-18] (Google Inc.) HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKLM-x32\...\Run: [MSUTray] - C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-13] () HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM-x32\...\Run: [Synergy] - C:/Program Files/Synergy/synergy.exe [x] HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) Lsa: [Notification Packages] scecli rassfm Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Subsonic.lnk ShortcutTarget: Subsonic.lnk -> C:\Program Files (x86)\Subsonic\subsonic-agent.exe () ==================== Internet (Whitelisted) ==================== ProxyServer: localhost:8080 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found () Winsock: Catalog9-x64 02 mswsock.dll File Not found () Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{BB432638-BC65-41DE-83CB-C8F08EA5058B}: [NameServer] Tcpip\..\Interfaces\{EE39A05D-9293-4F32-89B7-684DB83634E9}: [NameServer] FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Administrator\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Administrator\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Html Validator - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} FF Extension: firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\firebug@software.joehewitt.com.xpi FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knrlze48.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook ==================== Services (Whitelisted) ================= R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation) R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation) S3 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 memcache_test; c:\memcached2\memcached.exe [370730 2010-08-02] () S3 MSSQL$MICROSOFT##SSEE; C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe [39627104 2010-12-10] (Microsoft Corporation) R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-22] (Apache Software Foundation) S4 mysql; C:\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] () R2 MySQL56; C:\programme\mysql\mysql server 5.6\bin\mysqld.exe [12837888 2013-04-05] () S2 MySQLEnterpriseMonitorAgent; C:\Program Files (x86)\MySQL\Enterprise\Agent\bin\mysql-monitor-agent.exe [29184 2013-02-12] () R2 MySQLEnterpriseTomcat; C:\PROGRA~1\MySQL\ENTERP~1\Monitor\apache-tomcat\bin\tomcat6.exe [96256 2012-01-19] (Apache Software Foundation) S4 mysql_56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14419 2013-07-23] () R2 nvspwmi; C:\Windows\system32\nvspwmi.dll [407040 2010-11-20] (Microsoft Corporation) R2 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () S2 redis; C:\Program Files\Redis\redis-service.exe [73728 2012-02-11] () S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-20] (Microsoft Corporation) S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation) S2 SDLService; C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [95264 2010-03-26] () S3 SMTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 Subsonic; C:\Program Files (x86)\Subsonic\subsonic-service.exe [259584 2013-04-17] () R2 Synergy; C:\Program Files\Synergy\synergyd.exe [423424 2013-05-03] () S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation) R2 vhdsvc; C:\Windows\system32\vhdsvc.dll [193024 2010-11-20] (Microsoft Corporation) R2 ViscosityService; C:\Program Files\Viscosity\ViscosityService.exe [46680 2013-07-16] (SparkLabs) R2 vmms; C:\Windows\system32\vmms.exe [4625408 2010-11-20] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 WSRM; C:\Windows\system32\wsrm.exe [1330688 2009-07-14] (Microsoft Corporation) R2 memcached; "C:\memcached\memcached.exe" -d RunService -p 11211 -m 64 -c 1024 -f 1.25 -n 48 [x] U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a0579574-a93c-081b-547b-6155db964047}\ \...\???\{a0579574-a93c-081b-547b-6155db964047}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () S3 etdrv; C:\Windows\etdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider) S3 etdrv; C:\Windows\etdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-05] (Windows (R) Server 2003 DDK provider) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-20] () S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-20] () R1 hvboot; C:\Windows\System32\drivers\hvboot.sys [118128 2012-08-22] (Microsoft Corporation) S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-22] () R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-22] () R3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [20992 2010-11-20] (Microsoft Corporation) R3 rtkio; C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-21] (Windows (R) Codename Longhorn DDK provider) S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation) R3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [17408 2010-11-20] (Microsoft Corporation) S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [38856 2013-07-16] (The OpenVPN Project) R3 VMSMP; C:\Windows\System32\DRIVERS\vmswitch.sys [407552 2011-05-14] (Microsoft Corporation) S3 VMSP; C:\Windows\System32\DRIVERS\vmswitch.sys [407552 2011-05-14] (Microsoft Corporation) U3 pwpdaaog; \??\C:\Users\ADMINI~1\AppData\Local\Temp\1\pwpdaaog.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-08-30 19:30 - 2013-08-30 19:30 - 00000000 _____ C:\Users\Administrator\defogger_reenable 2013-08-30 19:29 - 2013-08-30 19:29 - 01579080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2013-08-30 19:29 - 2013-08-30 19:29 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe 2013-08-30 19:29 - 2013-08-30 19:29 - 00050477 _____ C:\Users\Administrator\Desktop\Defogger.exe 2013-08-30 19:25 - 2013-08-30 19:44 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\1 2013-08-30 19:25 - 2013-08-30 19:25 - 00000022 _____ C:\Windows\S.dirmngr 2013-08-30 19:22 - 2013-08-30 19:22 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\WPDNSE 2013-08-30 19:17 - 2013-08-30 19:17 - 03771904 _____ C:\Users\dev\Downloads\RogueKillerX64.exe 2013-08-30 19:13 - 2013-08-30 19:13 - 00000000 ____D C:\Users\dev\AppData\Roaming\Malwarebytes 2013-08-30 19:04 - 2013-08-30 19:09 - 00000000 ____D C:\Users\dev\AppData\Roaming\vlc 2013-08-30 18:49 - 2013-08-30 18:50 - 00010356 _____ C:\Windows\SP5.LOG 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AD.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AC.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AB.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AA.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp61A0.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp619F.tmp 2013-08-30 17:53 - 2013-08-30 18:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-30 17:53 - 2013-08-30 17:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-30 17:43 - 2013-08-30 17:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-08-30 17:42 - 2013-08-30 17:42 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 17:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-30 17:39 - 2013-08-30 17:39 - 00000000 ____D C:\AdwCleaner 2013-08-30 17:35 - 2013-08-30 17:35 - 00000774 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ScanAgent.log 2013-08-30 17:35 - 2013-08-30 17:35 - 00000400 _____ C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log 2013-08-30 17:35 - 2013-08-30 17:35 - 00000002 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ack.txt 2013-08-30 17:34 - 2013-08-30 17:34 - 00000000 ____D C:\ProgramData\CDB 2013-08-30 17:33 - 2013-08-30 17:35 - 00000127 _____ C:\Windows\Reimage.ini 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3103.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3102.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F1.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F0.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3025.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3024.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000085 _____ C:\Windows\wininit.ini 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8C.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8B.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8A.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E89.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8F.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8E.tmp 2013-08-30 17:24 - 2013-07-31 18:01 - 00001079 _____ C:\Windows\system32\Drivers\etc\hosts.20130830-172453.backup 2013-08-30 17:15 - 2013-08-30 17:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-30 17:15 - 2013-08-30 17:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-08-30 17:14 - 2013-08-30 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-30 17:11 - 2013-08-30 17:11 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-30 03:36 - 2013-08-30 03:37 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\CR_0EEF1.tmp 2013-08-27 18:54 - 2013-08-27 18:54 - 00000000 ____D C:\Program Files (x86)\Seagate 2013-08-27 18:53 - 2013-08-27 18:53 - 21700280 _____ C:\Users\dev\Downloads\SeaToolsforWindowsSetup-1208.exe 2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD.zip 2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD(1).zip 2013-08-24 15:15 - 2005-05-02 14:23 - 00006757 _____ C:\Users\Administrator\Documents\MacMerc.comComicArtEffect.atn 2013-08-22 17:19 - 2013-08-22 17:19 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-22 17:19 - 2013-08-22 17:19 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-22 17:19 - 2013-08-22 17:19 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-22 17:19 - 2013-08-22 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-22 17:19 - 2013-08-22 17:19 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-22 17:19 - 2013-08-22 17:19 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 ____D C:\Program Files\Java 2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\RDA24.tmp 2013-08-22 17:15 - 2013-08-22 17:32 - 00000000 ____D C:\closure 2013-08-20 19:04 - 2013-08-20 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GalileoPress 2013-08-17 08:33 - 2013-08-19 08:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-15 10:27 - 2013-08-15 10:27 - 00002406 _____ C:\Users\Administrator\Documents\Hilfecenter.sql 2013-08-15 08:42 - 2013-08-30 19:25 - 00000963 _____ C:\Windows\setupact.log 2013-08-15 08:42 - 2013-08-15 08:42 - 00000000 _____ C:\Windows\setuperr.log 2013-08-14 14:10 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 14:10 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 14:10 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 14:10 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 14:10 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 14:10 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 14:10 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 14:10 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 14:10 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 14:10 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 14:10 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 14:10 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 14:10 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 14:10 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 14:09 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 14:09 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 14:09 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 14:09 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 14:09 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 14:09 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 14:09 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 14:09 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 14:09 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 14:09 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 14:09 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 14:09 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 14:09 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 14:09 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 14:09 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 14:09 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 14:09 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 14:09 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 14:09 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 14:09 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 14:09 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 14:09 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 14:09 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 14:09 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 14:09 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 14:09 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 14:09 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 14:09 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 14:09 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 14:09 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 14:09 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 14:09 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 14:09 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 14:09 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 14:09 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 14:09 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 14:09 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 14:09 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-14 09:29 - 2013-08-14 09:31 - 00000000 ____D C:\Users\Administrator\Documents\dumps 2013-08-14 09:25 - 2013-08-14 09:25 - 64762592 _____ C:\Users\Administrator\Documents\db_backup_20130814.zip 2013-08-13 10:59 - 2013-08-13 11:01 - 00000000 ____D C:\Program Files\Common Files\Viscosity 2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Viscosity 2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Program Files\Viscosity 2013-08-13 09:20 - 2013-07-16 00:54 - 00038856 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\visctap0901.sys 2013-08-12 08:03 - 2013-08-12 08:03 - 00000602 _____ C:\Users\Administrator\w2dcpchk.php 2013-08-10 15:25 - 2013-08-14 14:12 - 00000000 ____D C:\Windows\system32\MRT 2013-08-09 16:49 - 2013-08-09 16:49 - 00000000 ____D C:\memcached2 2013-08-09 16:35 - 2013-08-09 16:44 - 00000000 ____D C:\msysgit 2013-08-06 16:43 - 2013-08-06 16:43 - 00000000 ____D C:\Program Files\MemCacheD 2013-08-06 16:41 - 2013-08-06 16:41 - 00000123 _____ C:\Users\ADMINI~1\AppData\Local\Temp\CFG3E5B.tmp 2013-08-06 16:41 - 2013-08-06 16:41 - 00000000 ____D C:\Program Files (x86)\MemCacheD Manager 2013-08-06 11:16 - 2009-12-16 11:47 - 00000000 ____D C:\memcached 2013-08-01 09:37 - 2013-08-01 09:41 - 00000000 ____D C:\Users\Administrator\Documents\Fiddler2 2013-08-01 09:37 - 2013-08-01 09:37 - 00000000 ____D C:\Program Files (x86)\Fiddler2 2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\DMIC41E.tmp 2013-07-31 16:56 - 2013-07-31 17:25 - 00029536 _____ C:\Users\Administrator\Documents\categories_neu.sql 2013-07-31 11:57 - 2013-07-31 11:57 - 00042057 _____ C:\Users\Administrator\Documents\categories.sql ==================== One Month Modified Files and Folders ======= 2013-08-30 19:44 - 2012-12-18 12:57 - 00000512 _____ C:\Windows\SysWOW64\za_mv_raid.ev 2013-08-30 19:44 - 2012-12-18 11:36 - 00000112 _____ C:\Windows\seqlog 2013-08-30 19:44 - 2011-11-22 05:08 - 00089088 _____ C:\Windows\SysWOW64\freqdb.db 2013-08-30 19:36 - 2012-12-18 11:45 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500UA.job 2013-08-30 19:35 - 2009-07-14 06:49 - 00034768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-30 19:35 - 2009-07-14 06:49 - 00034768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-30 19:30 - 2013-08-30 19:30 - 00000000 ____D C:\FRST 2013-08-30 19:30 - 2013-08-30 19:30 - 00000000 _____ C:\Users\Administrator\defogger_reenable 2013-08-30 19:30 - 2013-04-05 18:37 - 25808896 _____ C:\Windows\system32\vmguest.iso 2013-08-30 19:30 - 2012-12-18 18:22 - 01464653 _____ C:\Windows\WindowsUpdate.log 2013-08-30 19:30 - 2012-12-18 18:22 - 00000000 ____D C:\Users\Administrator 2013-08-30 19:30 - 2009-07-14 09:17 - 00839796 _____ C:\Windows\system32\perfh007.dat 2013-08-30 19:30 - 2009-07-14 09:17 - 00201772 _____ C:\Windows\system32\perfc007.dat 2013-08-30 19:30 - 2009-07-14 07:10 - 01989262 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-30 19:29 - 2013-08-30 19:29 - 01579080 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2013-08-30 19:29 - 2013-08-30 19:29 - 00377856 _____ C:\Users\Administrator\Desktop\gmer_2.1.19163.exe 2013-08-30 19:29 - 2013-08-30 19:29 - 00050477 _____ C:\Users\Administrator\Desktop\Defogger.exe 2013-08-30 19:25 - 2013-08-30 19:25 - 00000022 _____ C:\Windows\S.dirmngr 2013-08-30 19:25 - 2013-08-15 08:42 - 00000963 _____ C:\Windows\setupact.log 2013-08-30 19:25 - 2012-12-18 18:28 - 00008260 _____ C:\Windows\SysWOW64\mvaccelerator.log 2013-08-30 19:25 - 2012-12-18 11:36 - 00008710 _____ C:\Windows\Tray.log 2013-08-30 19:25 - 2009-07-14 07:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-30 19:24 - 2012-12-18 12:11 - 00013460 _____ C:\Windows\PFRO.log 2013-08-30 19:22 - 2013-08-30 19:22 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\WPDNSE 2013-08-30 19:17 - 2013-08-30 19:17 - 03771904 _____ C:\Users\dev\Downloads\RogueKillerX64.exe 2013-08-30 19:13 - 2013-08-30 19:13 - 00000000 ____D C:\Users\dev\AppData\Roaming\Malwarebytes 2013-08-30 19:10 - 2013-04-12 11:47 - 00000000 ____D C:\subsonic 2013-08-30 19:09 - 2013-08-30 19:04 - 00000000 ____D C:\Users\dev\AppData\Roaming\vlc 2013-08-30 18:54 - 2013-08-30 17:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-30 18:50 - 2013-08-30 18:49 - 00010356 _____ C:\Windows\SP5.LOG 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AD.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AC.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AB.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp62AA.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp61A0.tmp 2013-08-30 18:00 - 2013-08-30 18:00 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp619F.tmp 2013-08-30 17:53 - 2013-08-30 17:53 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-30 17:43 - 2013-08-30 17:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-08-30 17:42 - 2013-08-30 17:42 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-30 17:42 - 2013-08-30 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 17:39 - 2013-08-30 17:39 - 00000000 ____D C:\AdwCleaner 2013-08-30 17:35 - 2013-08-30 17:35 - 00000774 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ScanAgent.log 2013-08-30 17:35 - 2013-08-30 17:35 - 00000400 _____ C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log 2013-08-30 17:35 - 2013-08-30 17:35 - 00000002 _____ C:\Users\ADMINI~1\AppData\Local\Temp\ack.txt 2013-08-30 17:35 - 2013-08-30 17:33 - 00000127 _____ C:\Windows\Reimage.ini 2013-08-30 17:34 - 2013-08-30 17:34 - 00000000 ____D C:\ProgramData\CDB 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3103.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3102.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F1.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp30F0.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3025.tmp 2013-08-30 17:29 - 2013-08-30 17:29 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp3024.tmp 2013-08-30 17:27 - 2013-08-30 17:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-30 17:26 - 2013-08-30 17:26 - 00000085 _____ C:\Windows\wininit.ini 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8C.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8B.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E8A.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1E89.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8F.tmp 2013-08-30 17:26 - 2013-08-30 17:26 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\tmp1D8E.tmp 2013-08-30 17:24 - 2013-08-30 17:15 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-30 17:16 - 2013-07-23 07:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.purple 2013-08-30 17:15 - 2013-08-30 17:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2013-08-30 17:11 - 2013-08-30 17:11 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-30 17:07 - 2013-07-05 08:34 - 00000600 _____ C:\Users\Administrator\AppData\Roaming\winscp.rnd 2013-08-30 09:45 - 2013-07-10 02:00 - 00350534 _____ C:\Users\ADMINI~1\AppData\Local\Temp\PDApp.log 2013-08-30 09:44 - 2013-05-02 18:02 - 00000453 _____ C:\Users\Administrator\Documents\diverses.sql 2013-08-30 03:37 - 2013-08-30 03:36 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\CR_0EEF1.tmp 2013-08-30 03:37 - 2012-12-18 11:45 - 00052553 _____ C:\Users\ADMINI~1\AppData\Local\Temp\chrome_installer.log 2013-08-30 03:37 - 2012-12-18 11:45 - 00002366 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk 2013-08-30 02:59 - 2012-12-18 18:29 - 64847575 _____ C:\Windows\backend.log 2013-08-30 02:00 - 2013-07-10 02:00 - 04134162 _____ C:\Users\ADMINI~1\AppData\Local\Temp\oobelib.log 2013-08-29 17:46 - 2013-03-20 12:36 - 00000000 ____D C:\Program Files (x86)\NetBeans 7.3 2013-08-29 16:58 - 2013-01-08 18:30 - 00000000 ____D C:\Program Files (x86)\JDownloader 2 2013-08-29 10:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2013-08-29 07:45 - 2012-12-18 11:45 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500Core.job 2013-08-29 02:00 - 2012-12-18 17:25 - 00000000 ____D C:\backups 2013-08-27 18:54 - 2013-08-27 18:54 - 00000000 ____D C:\Program Files (x86)\Seagate 2013-08-27 18:53 - 2013-08-27 18:53 - 21700280 _____ C:\Users\dev\Downloads\SeaToolsforWindowsSetup-1208.exe 2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD.zip 2013-08-27 18:50 - 2013-08-27 18:50 - 00554465 _____ C:\Users\dev\Downloads\Hutil210_FDD(1).zip 2013-08-24 16:18 - 2013-04-12 11:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc 2013-08-24 15:40 - 2009-07-14 07:07 - 00000000 ____D C:\Windows\system32\ServerManager 2013-08-22 17:32 - 2013-08-22 17:15 - 00000000 ____D C:\closure 2013-08-22 17:19 - 2013-08-22 17:19 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-22 17:19 - 2013-08-22 17:19 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-22 17:19 - 2013-08-22 17:19 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-22 17:19 - 2013-08-22 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-22 17:19 - 2013-08-22 17:19 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-22 17:19 - 2013-08-22 17:19 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 ____D C:\Program Files\Java 2013-08-22 17:19 - 2013-08-22 17:19 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\RDA24.tmp 2013-08-22 17:19 - 2013-06-26 07:59 - 00011291 _____ C:\Users\ADMINI~1\AppData\Local\Temp\JavaDeployReg.log 2013-08-22 17:19 - 2013-03-20 12:34 - 00161742 _____ C:\Users\ADMINI~1\AppData\Local\Temp\java_install.log 2013-08-22 17:19 - 2013-03-20 12:34 - 00009133 _____ C:\Users\ADMINI~1\AppData\Local\Temp\java_install_reg.log 2013-08-22 17:19 - 2013-03-20 12:34 - 00000000 ____D C:\Users\ADMINI~1\AppData\Local\Temp\hsperfdata_Administrator 2013-08-22 10:24 - 2013-07-17 10:36 - 00000000 ____D C:\Users\dev\AppData\Roaming\HandBrake 2013-08-22 08:10 - 2013-07-26 08:16 - 00000000 ____D C:\Users\Administrator\Documents\Jan 2013-08-20 19:04 - 2013-08-20 19:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GalileoPress 2013-08-19 11:03 - 2013-07-12 10:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg 2013-08-19 08:49 - 2013-08-17 08:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-19 08:49 - 2013-03-20 13:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-15 10:27 - 2013-08-15 10:27 - 00002406 _____ C:\Users\Administrator\Documents\Hilfecenter.sql 2013-08-15 08:42 - 2013-08-15 08:42 - 00000000 _____ C:\Windows\setuperr.log 2013-08-14 14:12 - 2013-08-10 15:25 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 14:11 - 2012-12-18 11:54 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-14 09:31 - 2013-08-14 09:29 - 00000000 ____D C:\Users\Administrator\Documents\dumps 2013-08-14 09:25 - 2013-08-14 09:25 - 64762592 _____ C:\Users\Administrator\Documents\db_backup_20130814.zip 2013-08-13 11:01 - 2013-08-13 10:59 - 00000000 ____D C:\Program Files\Common Files\Viscosity 2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Viscosity 2013-08-13 09:20 - 2013-08-13 09:20 - 00000000 ____D C:\Program Files\Viscosity 2013-08-12 08:03 - 2013-08-12 08:03 - 00000602 _____ C:\Users\Administrator\w2dcpchk.php 2013-08-09 16:49 - 2013-08-09 16:49 - 00000000 ____D C:\memcached2 2013-08-09 16:44 - 2013-08-09 16:35 - 00000000 ____D C:\msysgit 2013-08-08 10:57 - 2013-07-12 10:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-08-08 10:11 - 2013-03-20 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++ 2013-08-08 10:11 - 2013-03-20 12:54 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2013-08-06 16:43 - 2013-08-06 16:43 - 00000000 ____D C:\Program Files\MemCacheD 2013-08-06 16:41 - 2013-08-06 16:41 - 00000123 _____ C:\Users\ADMINI~1\AppData\Local\Temp\CFG3E5B.tmp 2013-08-06 16:41 - 2013-08-06 16:41 - 00000000 ____D C:\Program Files (x86)\MemCacheD Manager 2013-08-02 07:52 - 2013-07-29 16:02 - 00000000 ____D C:\Users\Administrator\ownCloud 2013-08-01 14:33 - 2012-12-18 17:07 - 00090880 _____ C:\Users\dev\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-01 13:05 - 2013-07-04 15:35 - 00002312 ____H C:\Users\Administrator\Documents\Default.rdp 2013-08-01 09:41 - 2013-08-01 09:37 - 00000000 ____D C:\Users\Administrator\Documents\Fiddler2 2013-08-01 09:37 - 2013-08-01 09:37 - 00000000 ____D C:\Program Files (x86)\Fiddler2 2013-07-31 19:28 - 2013-07-31 19:28 - 00000000 _____ C:\Users\ADMINI~1\AppData\Local\Temp\DMIC41E.tmp 2013-07-31 18:01 - 2013-08-30 17:24 - 00001079 _____ C:\Windows\system32\Drivers\etc\hosts.20130830-172453.backup 2013-07-31 17:25 - 2013-07-31 16:56 - 00029536 _____ C:\Users\Administrator\Documents\categories_neu.sql 2013-07-31 11:57 - 2013-07-31 11:57 - 00042057 _____ C:\Users\Administrator\Documents\categories.sql ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Files to move or delete: ==================== ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install\{a0579574-a93c-081b-547b-6155db964047} C:\Users\ADMINI~1\AppData\Local\Temp\1\e4jBC8A.tmp_dir1377883539\i4jdel.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-07-13 00:30 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013 Ran by Administrator at 2013-08-30 19:44:19 Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32) 3DPower B12.0406.2 (x32 Version: 1.00.0000) 3TB+Unlock B11.0919.1 (x32 Version: 1.00.0001) 7-Zip 9.20 (x64 edition) (Version: ActivePerl 5.16.3 Build 1603 (64-bit) (Version: 5.16.1603) Adobe AIR (x32 Version: Adobe Creative Suite 6 Master Collection (x32 Version: 6) Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Help Manager (x32 Version: 4.0.244) Adobe Premiere Pro CS6 (x32 Version: 6.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe® Content Viewer (x32 Version: 3.1.0) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: Apple Software Update (x32 Version: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: bl (x32 Version: 1.0.0) Bonjour (Version: Dell Open Print Driver (x32 Version: 1.70.7813.0) DriverCD (x32) Easy Tune 6 B12.0626.1 (x32 Version: 1.00.0000) EZ Setup B12.0509.01 (x32 Version: 1.00.0000) Fiddler (x32 Version: GIGABYTE TweakLauncher (x32 Version: Google Chrome (HKCU Version: 29.0.1547.62) Gpg4win (2.1.1) (x32 Version: 2.1.1) HeidiSQL (x32 Version: 8.0) iisnode for iis 7.x (x64) full (Version: Intel(R) Network Connections (Version: Intel(R) Processor Graphics (x32 Version: Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: iTunes (Version: Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: Java SE Development Kit 7 Update 25 (64-bit) (Version: l Druckersoftware-Deinstallation Malwarebytes Anti-Malware Version (x32 Version: marvell 91xx driver (x32 Version: Marvell Storage Utility V4 (x32 Version: MemCacheD Manager (x32 Version: 1.0.3) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Filter Pack 1.0 (Version: 12.0.4518.1104) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8) MySQL Connector C++ 1.1.2 (Version: 1.1.2) MySQL Connector J (x32 Version: 5.1.24) MySQL Connector Net 6.6.5 (x32 Version: 6.6.5) MySQL Connector/ODBC 5.2(w) (Version: 5.2.4) MySQL Documents 5.6 (x32 Version: 5.6.11) MySQL Enterprise Backup 3.8.2 (Version: 3.8.2) MySQL Enterprise Monitor (x32 Version: MySQL Enterprise Monitor Agent (x32 Version: MySQL Examples and Samples 5.6 (x32 Version: 5.6.11) MySQL Installer (x32 Version: MySQL Notifier 1.0.3 (x32 Version: 1.0.3) MySQL Server 5.6 (Version: 5.6.11) MySQL Workbench 5.2 CE (x32 Version: 5.2.47) NcFTP 3.2.2 (x32) NetBeans IDE 7.3 (x32 Version: 7.3) Node.js (Version: 0.10.0) Notepad++ (x32 Version: 6.4.3) ON_OFF Charge B11.1102.1 (x32 Version: 1.00.0001) OpenSSL 1.0.1c Light (32-bit) (x32) OpenSSL 1.0.1e (64-bit) OpenVPN 2.2.2 (x32 Version: 2.2.2) ownCloud (x32 Version: 1.3.0) PDF Settings CS6 (x32 Version: 11.0) ph (x32 Version: 1.0.0) Pidgin (x32 Version: 2.10.7) pidgin-otr 4.0.0-1 (x32 Version: 4.0.0-1) PremiumSoft Navicat 9.1 for MySQL (x32) PremiumSoft Navicat Premium 10.1 (x32 Version: 10.1.7) QNAP Finder (x32 Version: Qualcomm SmartNet Controller (x32 Version: Realtek High Definition Audio Driver (x32 Version: Redis version (Version: Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: ScriptFTP (x32) SeaTools for Windows (x32 Version: Smart Dual Lan (x32 Version: 1.00.0000) SYSTEM_INFO B07.1219.01 (x32 Version: 1.00.0000) Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1) Update Manager B12.0418.1 (x32 Version: 1.00.0000) VirtualCloneDrive (x32) Viscosity 1.4.5 (1203) (Version: 1.4.5) VLC media player 2.0.6 (x32 Version: 2.0.6) Windows Internal Database (MICROSOFT##SSEE) (Version: 9.4.5000.00) WinRAR 4.20 (64-Bit) (Version: 4.20.0) WinSCP 5.1.5 (x32 Version: 5.1.5) XAMPP 1.8.1 (x32) Zend Guard - 6.0.0 (x32 Version: ==================== Restore Points ========================= Could not list Restore Points. ==================== Scheduled Tasks (whitelisted) ============= Task: {07F5D52A-541D-49EA-9E47-E1DC0F0F2454} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500UA => C:\Users\Administrator\AppData\Local\Google\Update \GoogleUpdate.exe [2012-12-18] (Google Inc.) Task: {0B640635-5983-4A8F-968D-EEAD97DD2880} - System32\Tasks\htdocs Backup => C:\xampp\htdocs\backup2.bat [2013-05-22] () Task: {0F0C5743-83DD-4742-9381-D5AB5E9FC3BA} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {1CB625B4-0E20-4C9F-A325-B5C89152390F} - System32\Tasks\{0E500784-8FEE-4B81-96A3-9997F082C249} => G:\MasterCollection_CS6_LS4.exe No File Task: {2C95061C-C27E-4824-81C8-8560D1D7F979} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500Core => C:\Users\Administrator\AppData\Local\Google\Update \GoogleUpdate.exe [2012-12-18] (Google Inc.) Task: {39D2E239-8DFB-47B7-8250-78EC016AC1AD} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {44D7AF55-E690-4A32-87C2-F37078108FED} - System32\Tasks\Microsoft\Windows\Backup\Microsoft-Windows-WindowsBackup => C:\Windows\System32\wbadmin.exe [2009-07-14] (Microsoft Corporation) Task: {5111A68C-AFA5-4FE7-A739-B2C53EFF6DDD} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation) Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation) Task: {65C92896-A8D0-469F-83A5-7A760F3482E8} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation) Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation) Task: {76A07612-5486-4150-8BD8-65898B6650A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated) Task: {9DB965EB-B63C-4C86-887A-001EC3A6F194} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation) Task: {9FF7F184-DE35-4679-B342-B0951352218C} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010- 11-20] (Microsoft Corporation) Task: {C9F2692D-1110-457E-A817-80729C170B8E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010- 11-20] (Microsoft Corporation) Task: {EB86E776-AE8B-4318-977B-A5CC8CFC7AB8} - System32\Tasks\AdobeAAMUpdater-1.0-HOMER-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {EE644074-1D4A-432A-801A-840D85F9B1FD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201025288-3154995276-2411232997-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\Microsoft:DFjPxTZPgGbshduMJuKCFznT6EUbK AlternateDataStreams: C:\ProgramData\Microsoft:id7ybTIBzZXq0AZAyTr AlternateDataStreams: C:\ProgramData\TEMP:4A29ED9D ==================== Faulty Device Manager Devices ============= Name: Viscosity Virtual Adapter V9.1 Description: Viscosity Virtual Adapter V9.1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Sparklabs Service: visctap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Description: Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Service: L1C Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/30/2013 07:43:46 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:42:44 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:41:42 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:40:40 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:39:38 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:38:36 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:37:34 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:36:32 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:35:30 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (08/30/2013 07:34:28 PM) (Source: MySQL) (User: ) Description: Failed to open table mem/log_db_actions#p#p15 after 10 attempts. For more information, see Help and Support Center at hxxp://www.mysql.com. System errors: ============= Error: (08/30/2013 07:25:05 PM) (Source: Service Control Manager) (User: ) Description: Dienst "SDLService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (08/30/2013 07:25:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (08/30/2013 07:25:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (08/30/2013 07:25:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error: (08/30/2013 07:22:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (08/30/2013 07:22:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (08/30/2013 07:22:46 PM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (08/30/2013 07:22:46 PM) (Source: DCOM) (User: ) Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E} Error: (08/30/2013 07:22:45 PM) (Source: DCOM) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/30/2013 07:22:40 PM) (Source: DCOM) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 25% Total physical RAM: 16273.83 MB Available physical RAM: 12172.5 MB Total Pagefile: 32545.84 MB Available Pagefile: 27208.99 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.47 GB) (Free:24.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Mirror) (Fixed) (Total:976.56 GB) (Free:415.02 GB) NTFS Drive f: (Share) (Fixed) (Total:886.37 GB) (Free:32.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: F126D05F) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3F39EACD) Partition 1: (Not Active) - (Size=977 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=886 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-08-30 19:47:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX4 rev.1.5 238,47GB Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\1\pwpdaaog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Subsonic\subsonic-service.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Subsonic\subsonic-service.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Subsonic\subsonic-agent.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Subsonic\subsonic-agent.exe[5700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe[6012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\user32.dll!GetCursorPos 0000000077031218 5 bytes JMP 000000010042000a .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW 000000007704ce54 5 bytes JMP 000000010043000a .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\ole32.DLL!CoCreateInstance 0000000076a09d0b 5 bytes JMP 000000010039000a .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 0000000074a7451e 5 bytes JMP 000000010037000a .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 0000000074a9535f 5 bytes JMP 000000010038000a .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000069ee11a8 2 bytes [EE, 69] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000069ee13a8 2 bytes [EE, 69] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000069ee1422 2 bytes [EE, 69] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000069ee1498 2 bytes [EE, 69] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772d1465 2 bytes [2D, 77] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772d14bb 2 bytes [2D, 77] .text ... * 2 .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000070dc1b41 2 bytes [DC, 70] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000070dc1be8 2 bytes [DC, 70] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000070dc1c20 2 bytes [DC, 70] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000070dc1cd2 2 bytes [DC, 70] .text C:\Windows\SysWOW64\svchost.exe[4512] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000070dc1cf2 2 bytes [DC, 70] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Explorer.EXE [4624:5912] 00000000020c1de4 Thread C:\Windows\Explorer.EXE [4624:2928] 00000000027a1808 Thread C:\Windows\Explorer.EXE [4624:5764] 00000000027b49b0 Thread C:\Windows\Explorer.EXE [4624:5888] 00000000027b4410 Thread C:\Windows\Explorer.EXE [4624:1844] 00000000027b8bb0 Thread C:\Windows\SysWOW64\svchost.exe [4512:6548] 0000000072508900 Thread C:\Windows\SysWOW64\svchost.exe [4512:6552] 0000000072508260 Thread C:\Windows\SysWOW64\svchost.exe [4512:1076] 0000000072508220 ---- Processes - GMER 2.1 ---- Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [1968] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-12-18 11:07:14) 0000000075160000 Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Users\Administrator\Desktop\FRST64.exe [6568] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-12-18 11:07:17) 000007fefcda0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\services\ (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\@Parameters\0\x202e\x2764 348 Reg HKLM\SYSTEM\CurrentControlSet\services\ Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 348 Reg HKLM\SYSTEM\ControlSet003\services\ (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\@Parameters\0\x202e\x2764 348 ---- EOF - GMER 2.1 ---- |
![]() | #2 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Windows Server 2008 R2: ZeroAccess Rootkit? hi,
__________________die Frage nach dem ZeroAccess kann ich mit Ja beantworten, aber: Server? FirmenRechner? Wenn ja eigene IT Abteilung? Besondere Regeln zu FirmenRechnern gelesen?
__________________ |
![]() | #3 |
| ![]() Windows Server 2008 R2: ZeroAccess Rootkit? Das ist mein Privatrechner. Ich bin Student und entwickle auf ihm, keine kommerzielle Nutzung.
__________________Geändert von HanGmanXXL (30.08.2013 um 19:57 Uhr) |
![]() | #4 |
/// the machine /// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Windows Server 2008 R2: ZeroAccess Rootkit? Ok, dann wirds jetzt witzig. Ma sehen was auf Server rennt ![]() Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) ProxyServer: localhost:8080 Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found () Winsock: Catalog9-x64 02 mswsock.dll File Not found () Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a0579574-a93c-081b-547b-6155db964047}\ \...\???\{a0579574-a93c-081b-547b-6155db964047}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) U3 pwpdaaog; \??\C:\Users\ADMINI~1\AppData\Local\Temp\1\pwpdaaog.sys [x] ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install\{a0579574-a93c-081b-547b-6155db964047} C:\Users\ADMINI~1\AppData\Local\Temp\1\e4jBC8A.tmp_dir1377883539\i4jdel.exe DeleteJunctionsIndirectory: C:\Program Files\Windows Defender Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
![]() |
Themen zu Windows Server 2008 R2: ZeroAccess Rootkit? |
4d36e972-e325-11ce-bfc1-08002be10318, bonjour, browser, cpu, defender, excel, explorer, failed, farbar, farbar recovery scan tool, firefox, firefox 23.0.1, flash player, google, monitor, mozilla, mp3, plug-in, realtek, registry, rootkit, scan, server, services.exe, sicherheit, software, system, temp, unlock, usb, windows, windows-firewall |