|
Plagegeister aller Art und deren Bekämpfung: Lästiges Rootkit SirefefWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.09.2013, 09:52 | #1 |
| Lästiges Rootkit Sirefef Schönen guten Tag. Ich habe wie oben beschrieben mir das lästige Rootkit Sirefef eingefangen. Habe schon einiges über dieses Rootkit (ZeroAcces) in Erfahrung gebracht. Sollte ich mein PC komplett platt machen, oder lohnt es sich den Plagegeist zu entfernen? Habe mir ein kleines Homestudio zu Hause aufgebaut und das wäre eine recht große Mühe, alles neu zu beschaffen. Ich bin AntiVir Nutzer, werde mir danach aber definitiv ein anderes Programm holen, da der Support (auch wenn es Freeware ist, bzw. als FreeWare genutzt werden kann) meiner Meinung nach nicht optimal ist. Sowohl live Support als auch Updates. Bin für jeden Schritt ab ca. 14:00 bereit, da ich grade nicht zu Hause bin. Ich bedanke mich bereits im Vorrauß über eure Hilfe, Grüße, Mike |
11.09.2013, 09:53 | #2 |
/// the machine /// TB-Ausbilder | Lästiges Rootkit Sirefef hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
11.09.2013, 10:07 | #3 |
| Lästiges Rootkit Sirefef Danke für die schnelle Antwort.
__________________Es ist doch richtig, dass es nicht möglich ist, dieses Rootkit vollständig zu entfernen? Was für ein Risiko besteht weiterhin? Neu "Ausbruch"? Grüße, Mike |
11.09.2013, 12:56 | #4 | |
/// the machine /// TB-Ausbilder | Lästiges Rootkit Sirefef Jetzt lass mich doch erstmal in die Logs schauen Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.09.2013, 14:28 | #5 |
| Lästiges Rootkit Sirefef Entschuldige, ich hatte mich vertan. Es handelt sich nicht um Sirefef sondern um den ATRAPS.Gen2 aber die sollen (laut meiner Information her) sehr ähnlich codiert sein. Das Log kann ich dir in kürze posten, da ich einen 2ten Computer brauche. Das Rootkit ist nämlich so fies und löscht alle Downloads nach beendigung über meine Browser Edit: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 Ran by Mike at 2013-09-11 15:52:26 Running from C:\Users\Mike\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (Version: 3.2.1.28086) Adobe Flash Player 11 ActiveX (Version: 11.8.800.168) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader XI - Deutsch (Version: 11.0.00) Aeria Ignite (Version: 1.10.1721) Akamai NetSession Interface Alliance of Valiant Arms AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2203) AmpliTube 3 version 3.9.0 (Version: 3.9.0) Audacity 2.0.3 (Version: 2.0.3) AVG Security Toolbar (Version: 15.5.0.2) Avira Free Antivirus (Version: 13.0.0.4052) Battlefield 3™ (Version: 1.4.0.0) Battlelog Web Plugins (Version: 2.1.7) BlueStacks App Player (Version: 0.7.16.910) BlueStacks Notification Center (Version: 0.7.16.910) Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (Version: 2013.0328.2218.38225) CCC Help Chinese Standard (Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (Version: 2013.0328.2217.38225) CCC Help Czech (Version: 2013.0328.2217.38225) CCC Help Danish (Version: 2013.0328.2217.38225) CCC Help Dutch (Version: 2013.0328.2217.38225) CCC Help English (Version: 2013.0328.2217.38225) CCC Help Finnish (Version: 2013.0328.2217.38225) CCC Help French (Version: 2013.0328.2217.38225) CCC Help German (Version: 2013.0328.2217.38225) CCC Help Greek (Version: 2013.0328.2217.38225) CCC Help Hungarian (Version: 2013.0328.2217.38225) CCC Help Italian (Version: 2013.0328.2217.38225) CCC Help Japanese (Version: 2013.0328.2217.38225) CCC Help Korean (Version: 2013.0328.2217.38225) CCC Help Norwegian (Version: 2013.0328.2217.38225) CCC Help Polish (Version: 2013.0328.2217.38225) CCC Help Portuguese (Version: 2013.0328.2217.38225) CCC Help Russian (Version: 2013.0328.2217.38225) CCC Help Spanish (Version: 2013.0328.2217.38225) CCC Help Swedish (Version: 2013.0328.2217.38225) CCC Help Thai (Version: 2013.0328.2217.38225) CCC Help Turkish (Version: 2013.0328.2217.38225) ccc-utility (Version: 2013.0328.2218.38225) Counter-Strike Counter-Strike: Global Offensive Creative Audio-Systemsteuerung (Version: 3.00) Curse Client (HKCU Version: 5.1.1.792) D3DX10 (Version: 15.4.2368.0902) Diablo III (Version: 1.0.8.16603) Dropbox (HKCU Version: 2.0.26) E3MC - Windows Shutdown Timer v5.7 Full (Version: 5.7.0.0) ESN Sonar (Version: 0.70.4) Etron USB3.0 Host Controller (Version: 0.115) EZdrummer (Version: 1.0) FIFA 13 (Version: 1.1.0.0) FL Studio 10 Fotogalerie (Version: 16.4.3505.0912) Free YouTube Download version 3.2.0.128 (Version: 3.2.0.128) Free YouTube to MP3 Converter version 3.11.33.1005 (Version: 3.11.33.1005) Guitar Pro 5.0 IK Multimedia Authorization Manager version 1.0.8 (Version: 1.0.8) Intel(R) Management Engine Components (Version: 7.0.0.1144) Java 7 Update 7 (Version: 7.0.70) Java Auto Updater (Version: 2.1.9.0) League of Legends (Version: 1.3) LG Bluetooth Drivers (Version: 1.1) LG PC Suite IV (Version: 4.3.46.20111117) LG United Mobile Drivers (Version: 3.6.0.0) Line 6 Uninstaller (Version: ) MAGIX Speed burnR (MSI) (Version: 7.0.1.27) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.672.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Movie Maker (Version: 16.4.3505.0912) Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) NVIDIA 3D Vision Controller Driver 320.49 (Version: 320.49) NVIDIA 3D Vision Driver 320.49 (Version: 320.49) NVIDIA Control Panel 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.5 (Version: 1.5) NVIDIA Graphics Driver 320.49 (Version: 320.49) NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.124.810) NVIDIA PhysX (Version: 9.13.0604) NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2049) NVIDIA Update 4.11.9 (Version: 4.11.9) NVIDIA Update Components (Version: 4.11.9) Origin (Version: 9.0.13.2142) Pando Media Booster (Version: 2.6.0.9) Photo Gallery (Version: 16.4.3505.0912) PowerISO (Version: 5.4) PunkBuster Services (Version: 0.991) Realtek Ethernet Controller Driver (Version: 7.49.927.2011) Realtek High Definition Audio Driver (Version: 6.0.1.6662) REAPER Rockstar Games Social Club (Version: 1.00.0000) Saints Row 2 v3.5.372.6 / RePack by irvins Saints Row IV (Version: 1) Samplitude Music Studio 2013 (Version: 19.0.0.15) simplitec simplicheck (Version: 1.2.6.0) SiSoftware Sandra Lite 2013.SP4 (Version: 19.50.2013.7) Steam (Version: 1.0.0.0) Steinberg Cubase 5 (Version: 5.1.0) Steinberg Drum Loop Expansion 01 (Version: 1.0.0.1) Steinberg Groove Agent ONE Content (Version: 1.0.0.003) Steinberg HALionOne (Version: 1.1.0.457) Steinberg HALionOne Additional Content Set 01 (Version: 1.0.0.001) Steinberg HALionOne Expression Set (Version: 1.0.1.0) Steinberg HALionOne GM Drum Set (Version: 1.0.1.457) Steinberg HALionOne GM Set (Version: 1.0.1.457) Steinberg HALionOne Pro Set (Version: 1.0.1.457) Steinberg HALionOne Studio Drum Set (Version: 1.0.1.457) Steinberg HALionOne Studio Set (Version: 1.0.1.457) Steinberg LoopMash Content (Version: 1.0.0.005) Steinberg REVerence Content 01 (Version: 1.0.0.006) Superior Drummer Installer (Version: 2.2.3) TeamSpeak 3 Client (Version: 3.0.10) Toontrack solo (Version: 1.1.1) TuxGuitar (Version: 1.2) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) VLC media player 2.0.7 (Version: 2.0.7) Windows Live Communications Platform (Version: 16.4.3505.0912) Windows Live Essentials (Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3505.0912) Windows Live Photo Common (Version: 16.4.3505.0912) Windows Live PIMT Platform (Version: 16.4.3505.0912) Windows Live SOXE (Version: 16.4.3505.0912) Windows Live SOXE Definitions (Version: 16.4.3505.0912) Windows Live UX Platform (Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (Version: 16.4.3505.0912) WinRAR 4.20 (32-Bit) (Version: 4.20.0) World of Warcraft (Version: 5.4.0.17359) Xion v1.0 (build 125) (Version: 1.0 (build 125)) Zattoo4 4.0.5 (Version: 4.0.5) ==================== Restore Points ========================= 08-09-2013 01:20:53 Scheduled Checkpoint 10-09-2013 14:55:58 Installed Toontrack solo. 10-09-2013 14:57:58 Installed Superior Drummer Installer. ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {6A574EF3-4546-4123-A526-A16270BDCBD2} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A4A1AAA0-EDED-4774-9B7A-551C92AA80F1}.exe Task: {7ECDF329-E6B9-4027-980A-0F997E622926} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated) Task: {8193126A-FA38-4845-AF49-288E5994E182} - System32\Tasks\RunAsStdUser Task => C:\Program Files\r2 Studios\Xion\Xion.exe [2009-11-19] (r2 Studios) Task: {ED93F5F7-FEA3-4275-8F4F-75C06C3A8FCB} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A4A1AAA0-EDED-4774-9B7A-551C92AA80F1}.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-20 23:29 - 2010-11-20 23:29 - 00232448 _____ (Microsoft Corporation) \\.\globalroot\systemroot\system32\mswsock.dll 2013-05-24 16:18 - 2013-06-21 14:02 - 13411896 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll 2013-06-05 19:17 - 2013-06-05 19:17 - 00130736 _____ (Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll 2010-11-20 23:29 - 2010-11-20 23:29 - 00232448 _____ () C:\Windows\system32\MSWSOCK.dll 2010-11-20 23:29 - 2010-11-20 23:29 - 00232448 _____ (Microsoft Corporation) \\?\globalroot\systemroot\system32\mswsock.DLL 2011-11-17 00:18 - 2011-11-17 00:18 - 00036208 _____ (LG Electronics) C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll 2012-11-05 20:49 - 2012-06-09 20:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll 2010-11-20 23:29 - 2010-11-20 23:29 - 00232448 _____ () C:\Windows\system32\mswsock.dll 2013-08-14 16:54 - 2013-08-14 16:54 - 00521904 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll 2013-08-14 16:54 - 2013-08-14 16:54 - 00144560 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll 2012-09-10 20:08 - 2012-09-10 20:08 - 00626328 _____ (Robert Simpson, et al.) C:\Program Files\Aeria Games\Ignite\SQLite.Interop.DLL 2013-05-24 16:18 - 2013-06-21 14:02 - 12427240 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll 2010-07-29 20:35 - 2010-07-29 20:35 - 00103936 _____ (Creative Technology Ltd.) C:\Windows\System32\sbavmon.dll 2012-11-16 19:12 - 2009-12-29 17:50 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL 2012-11-16 19:12 - 2010-07-22 17:45 - 00181760 _____ () C:\Windows\SYSTEM32\APOMngr.DLL 2010-07-29 20:44 - 2010-07-29 20:44 - 00195584 _____ (Creative Technology Ltd.) C:\Windows\system32\KSVSPI32.dll 2010-07-29 19:26 - 2010-07-29 19:26 - 00728576 _____ (Creative Technology Ltd.) C:\Windows\system32\KSAPO32.dll 2013-05-24 16:18 - 2013-06-21 14:02 - 02597856 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll 2013-08-15 03:27 - 2013-08-15 03:27 - 00653824 _____ (BlueStack Systems, Inc.) C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\9a9d56a370cdb8aa59781e4dad7550fe\HD-Agent.ni.exe 2013-08-15 03:27 - 2013-08-15 03:27 - 00155136 _____ (CodeTitans) C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\a6c775cfd4a94d83faea7d6872ee6995\JSON.ni.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 38859616 _____ (Electronic Arts) C:\Program Files\Origin\OriginClient.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00412160 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\QtXml4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 02966528 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\QtCore4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 09679872 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\QtGui4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 01232896 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\QtNetwork4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 18662400 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\QtWebKit4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 03514368 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\QtXmlPatterns4.dll 2012-12-02 12:30 - 2013-08-28 15:27 - 00062976 _____ () C:\Program Files\Origin\tufao.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00028672 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\imageformats\qgif4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00032256 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\imageformats\qico4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00211968 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\imageformats\qjpeg4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00264192 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\imageformats\qmng4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00022528 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\imageformats\qtga4.dll 2012-10-06 12:07 - 2013-08-28 15:27 - 00312320 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Program Files\Origin\imageformats\qtiff4.dll 2013-03-25 14:23 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files\Steam\SDL2.dll 2013-02-02 15:47 - 2013-09-06 22:55 - 01120680 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2013-02-02 15:47 - 2013-08-07 21:31 - 20625832 _____ () C:\Program Files\Steam\bin\libcef.dll 2013-02-02 15:47 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll 2013-02-02 15:47 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll 2013-02-02 15:47 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll 2013-04-30 13:54 - 2013-04-30 13:54 - 00228984 _____ (BugSplat, LLC) C:\Program Files\Pando Networks\Media Booster\BugSplat.dll 2013-05-24 16:18 - 2013-06-21 14:02 - 06324360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Mike\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\libcef.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Mike\AppData\Roaming\Dropbox\bin\icudt.dll 2013-08-17 07:44 - 2013-08-17 07:44 - 03551640 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2011-05-17 01:15 - 2011-05-17 01:15 - 02524672 _____ (Line 6) C:\ProgramData\Line 6\L6TWXY\L6TWXY.dll 2013-06-26 14:38 - 2013-06-26 14:38 - 00180224 _____ (Line 6) C:\Windows\system32\l6ux1.dll 2008-07-24 11:07 - 2008-07-24 11:07 - 00143360 _____ (Steinberg Media Technologies) c:\program files\steinberg\asio\asioglld.dll 2013-08-21 04:32 - 2013-08-21 04:32 - 16166280 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Video Controller Description: Video Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/11/2013 03:52:25 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1784 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:51:24 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x13a4 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:50:24 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xe10 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:49:24 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1634 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:48:24 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1340 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:47:24 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1198 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:46:23 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1398 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:45:23 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1524 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:44:23 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xeec Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/11/2013 03:43:23 PM) (Source: Application Error) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x16ac Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 System errors: ============= Error: (09/11/2013 03:50:44 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (09/11/2013 03:50:43 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (09/11/2013 03:50:42 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (09/11/2013 03:50:42 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (09/11/2013 03:12:25 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/11/2013 03:12:14 PM) (Source: Service Control Manager) (User: ) Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (09/10/2013 05:56:54 PM) (Source: WMPNetworkSvc) (User: ) Description: WMPNetworkSvc0x80004005 Error: (09/10/2013 05:54:16 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/10/2013 05:54:04 PM) (Source: Service Control Manager) (User: ) Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (09/10/2013 05:53:59 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 17:52:09 on 10.09.2013 was unexpected. Microsoft Office Sessions: ========================= Error: (09/11/2013 03:52:25 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000178401ceaef6252416bfC:\Windows\System32\svchost.exeunknown62e6838a-1ae9-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:51:24 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000013a401ceaef6012bf37aC:\Windows\System32\svchost.exeunknown3efda2bf-1ae9-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:50:24 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000e1001ceaef5dd56e91aC:\Windows\System32\svchost.exeunknown1b072d31-1ae9-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:49:24 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000163401ceaef5b98009f2C:\Windows\System32\svchost.exeunknownf73270f1-1ae8-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:48:24 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000134001ceaef595aa3c3fC:\Windows\System32\svchost.exeunknownd35aa766-1ae8-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:47:24 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000119801ceaef571cb1f98C:\Windows\System32\svchost.exeunknownaf7bd8e1-1ae8-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:46:23 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000139801ceaef54dfa33f7C:\Windows\System32\svchost.exeunknown8bab3b61-1ae8-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:45:23 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000152401ceaef52a274c7fC:\Windows\System32\svchost.exeunknown67d805c7-1ae8-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:44:23 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000eec01ceaef5064f82f4C:\Windows\System32\svchost.exeunknown44056c70-1ae8-11e3-b1fe-902b3431cbd7 Error: (09/11/2013 03:43:23 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000016ac01ceaef4e26ac0e8C:\Windows\System32\svchost.exeunknown202bce1e-1ae8-11e3-b1fe-902b3431cbd7 ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3247.12 MB Available physical RAM: 1594.26 MB Total Pagefile: 6492.52 MB Available Pagefile: 4313.11 MB Total Virtual: 2047.88 MB Available Virtual: 1900.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:563.16 GB) NTFS Drive e: () (Removable) (Total:3.8 GB) (Free:1.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CB0A0FFC) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 Ran by Mike (administrator) on MIKE-PC on 11-09-2013 15:51:39 Running from C:\Users\Mike\Desktop Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\system32\PnkBstrA.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files\AVG Secure Search\vprot.exe (Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (Electronic Arts) C:\Program Files\Origin\Origin.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe () C:\Program Files\Pando Networks\Media Booster\PMB.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Line 6, Inc.) C:\Program Files\Line6\POD Farm 2\POD Farm 2.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2314416 2013-08-14] () HKLM\...\Run: [Aeria Ignite] - C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1411224 2012-09-10] (Aeria Games & Entertainment) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-17] (BlueStack Systems, Inc.) HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3549528 2013-08-28] (Electronic Arts) HKCU\...\Run: [LG LinkAir] - [x] HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [RGSC] - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation) HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] () HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) MountPoints2: E - E:\Autorun.exe MountPoints2: {dad0aeb3-d8df-11e2-85bf-902b3431cbd7} - E:\HTC_Sync_Manager_PC.exe Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (simplitec) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C5C9354CEDBCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={4BBF8E28-15CE-4C3D-8068-32D635304D92}&mid=ce47a9f913d847d0baa1416272d52224-81a95cec1ad5ed2b8f6c6f69b0f22d241cde86cf&lang=en&ds=st011&pr=sa&d=2012-10-24 12:57:48&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 mswsock.dll File Not found () Winsock: Catalog9 14 mswsock.dll File Not found () Winsock: Catalog9 15 mswsock.dll File Not found () Winsock: Catalog9 16 mswsock.dll File Not found () Winsock: Catalog9 17 mswsock.dll File Not found () Winsock: Catalog9 18 mswsock.dll File Not found () Winsock: Catalog9 19 mswsock.dll File Not found () Winsock: Catalog9 20 mswsock.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default FF Homepage: hxxp://www.youtube.com/?hl=de&gl=DE FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll (AVG Technologies) FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File FF Plugin: @esn/esnlaunch,version=2.1.7 - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\ich@maltegoetz.de FF Extension: Yahoo! Toolbar - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF HKLM\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG) S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.) S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-10-07] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware) R2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search) S3 xsherlock; C:\Windows\system32\xsherlock.xem [666720 2012-11-09] (Wellbia.com Co., Ltd.) U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\ \...\???\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-23] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-23] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-23] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-23] (LG Electronics Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-14] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-31] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-17] (BlueStack Systems) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1255296 2011-09-13] (Creative Technology Ltd.) R3 L6UX1; C:\Windows\System32\Drivers\L6UX1.sys [583808 2013-06-26] (Line 6) R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 vtany; \??\C:\Windows\vtany.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-11 15:50 - 2013-09-11 15:49 - 01082455 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe 2013-09-11 15:13 - 2013-09-11 15:13 - 97124766 _____ C:\Windows\system32\៖茂 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 17:02 - 2012-11-16 00:03 - 00000069 _____ C:\Users\Mike\Desktop\FILE_ID.DIZ 2013-09-10 17:02 - 2012-11-14 19:50 - 00004263 _____ C:\Users\Mike\Desktop\aaocg.nfo 2013-09-10 17:01 - 2013-09-10 17:01 - 00123343 _____ C:\Users\Mike\Desktop\Toontrack.Superior.Drummer.Vst..zip 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:56 - 2013-09-10 16:56 - 00002187 _____ C:\Users\Mike\Desktop\Toontrack solo.lnk 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:30 - 2013-09-10 14:33 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:24 - 2013-09-10 16:57 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-08 12:22 - 2013-09-10 06:23 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 16:30 - 2013-09-06 16:32 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-05 18:22 - 2013-09-07 12:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-08-27 19:22 - 2013-08-27 19:23 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-25 19:23 - 2013-08-25 20:47 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2_ 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:33 - 2013-08-24 23:43 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 15:56 - 2013-08-24 23:07 - 4144721920 _____ C:\Users\Mike\Downloads\saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 11:16 - 2013-08-24 11:18 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 10:16 - 2013-08-24 11:18 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-23 23:29 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-24 10:14 - 2013-08-23 23:29 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-24 10:07 - 2013-08-24 10:14 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-23 00:29 - 2013-08-22 15:16 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-19 22:08 - 2013-09-06 16:27 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-17 07:44 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-16 14:26 - 2013-08-16 14:26 - 00005846 _____ C:\Users\Mike\Downloads\august burns red.l6t 2013-08-16 14:26 - 2013-08-16 14:26 - 00002792 _____ C:\Users\Mike\Downloads\Djent.l6t 2013-08-16 14:24 - 2013-08-16 14:24 - 00003022 _____ C:\Users\Mike\Downloads\Big Bottom Scoop.l6t 2013-08-15 22:30 - 2013-08-15 22:30 - 00037034 _____ C:\Users\Mike\Downloads\Suffoca(1).gp5 2013-08-15 19:17 - 2013-08-15 19:18 - 00683434 _____ C:\Users\Mike\Downloads\technical difficulties.mp3.reapeaks 2013-08-15 19:06 - 2013-08-15 19:06 - 00002814 _____ C:\Users\Mike\Downloads\Personnal Tone.l6t 2013-08-15 03:01 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 03:01 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 03:01 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 03:01 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 03:01 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 03:01 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 03:01 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 03:01 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 03:01 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 18:19 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 18:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 18:19 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-14 18:19 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 18:19 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 18:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 18:19 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 18:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 18:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 18:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 18:19 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 18:19 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-08-14 18:19 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-14 17:00 - 2013-08-14 17:00 - 00103803 _____ C:\Users\Mike\Downloads\texas_in_july_without_a_head.gp5 2013-08-13 15:57 - 2013-08-13 15:57 - 00052508 _____ C:\Users\Mike\Downloads\racer_x_technical_difficulties.gp3 2013-08-12 20:17 - 2013-08-12 20:18 - 00039305 _____ C:\Users\Mike\Downloads\Der der wie 2nd Sucks ist.gp5 ==================== One Month Modified Files and Folders ======= 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-11 15:49 - 2013-09-11 15:50 - 01082455 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe 2013-09-11 15:32 - 2012-10-07 12:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-11 15:29 - 2012-10-05 17:16 - 00000000 ____D C:\Program Files\World of Warcraft 2013-09-11 15:14 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-09-11 15:14 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment 2013-09-11 15:13 - 2013-09-11 15:13 - 97124766 _____ C:\Windows\system32\៖茂 2013-09-11 15:13 - 2013-07-29 18:42 - 00000000 ___RD C:\Users\Mike\Dropbox 2013-09-11 15:13 - 2013-07-29 18:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox 2013-09-11 15:13 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Steam 2013-09-11 15:12 - 2013-05-31 21:43 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-09-11 15:12 - 2013-05-24 16:19 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-11 15:12 - 2012-10-06 12:02 - 00000000 ____D C:\Program Files\Origin 2013-09-11 15:12 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-11 15:12 - 2009-07-14 06:39 - 00065701 _____ C:\Windows\setupact.log 2013-09-11 08:33 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-11 08:33 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-10 19:40 - 2012-10-06 16:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\TS3Client 2013-09-10 19:25 - 2013-04-30 13:54 - 00000000 ____D C:\ProgramData\PMB Files 2013-09-10 17:52 - 2012-10-23 15:14 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent 2013-09-10 17:10 - 2013-06-01 00:29 - 00000000 ____D C:\Users\Mike\Desktop\Cubase Projekte 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 17:02 - 2012-10-05 15:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-10 17:02 - 2012-10-05 15:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-10 17:01 - 2013-09-10 17:01 - 00123343 _____ C:\Users\Mike\Desktop\Toontrack.Superior.Drummer.Vst.zip 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:58 - 2013-07-21 20:02 - 00000000 ____D C:\Program Files\Toontrack 2013-09-10 16:58 - 2013-04-15 10:43 - 00000000 ____D C:\Program Files\VstPlugIns 2013-09-10 16:57 - 2013-09-10 14:24 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi 2013-09-10 16:56 - 2013-09-10 16:56 - 00002187 _____ C:\Users\Mike\Desktop\Toontrack solo.lnk 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:33 - 2013-09-10 14:30 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:17 - 2012-10-05 00:06 - 01205615 _____ C:\Windows\WindowsUpdate.log 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-10 06:23 - 2013-09-08 12:22 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-07 12:22 - 2013-09-05 18:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 17:10 - 2012-10-04 18:26 - 00000000 ____D C:\Users\Mike 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 16:30 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-06 16:27 - 2013-08-19 22:08 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-09-05 12:22 - 2013-05-07 15:38 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-09-05 12:22 - 2012-10-14 19:34 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-05 12:22 - 2012-10-14 19:34 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-08-29 19:10 - 2013-06-20 23:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2013-08-27 19:23 - 2013-08-27 19:22 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 21:32 - 2012-10-08 21:32 - 00017408 _____ C:\Users\Mike\AppData\Local\WebpageIcons.db 2013-08-26 20:10 - 2013-08-05 17:09 - 00060598 _____ C:\Users\Mike\Downloads\Icarus(4).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-26 17:35 - 2012-10-13 16:17 - 00000000 ____D C:\Users\Mike\AppData\Local\Windows Live 2013-08-25 20:47 - 2013-08-25 19:23 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2_[R.G.Games] 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:43 - 2013-08-24 23:33 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 23:07 - 2013-08-24 15:56 - 4144721920 _____ C:\Users\Mike\Downloads\saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 15:36 - 2013-07-30 19:27 - 00000000 ____D C:\Users\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011) 2013-08-24 11:18 - 2013-08-24 11:16 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 11:18 - 2013-08-24 10:16 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:16 - 2013-04-15 10:47 - 00000016 _____ C:\Users\Mike\AppData\Roaming\msregsvv.dll 2013-08-24 10:16 - 2013-04-15 10:47 - 00000016 _____ C:\ProgramData\autobk.inc 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-24 10:07 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 23:29 - 2013-08-24 10:14 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-23 23:29 - 2013-08-24 10:14 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 19:12 - 2013-02-27 21:07 - 291651801 _____ C:\Windows\MEMORY.DMP 2013-08-23 19:12 - 2013-02-27 21:07 - 00000000 ____D C:\Windows\Minidump 2013-08-23 16:40 - 2012-10-06 11:11 - 00000000 ____D C:\Users\Mike\Documents\REAPER Media 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-22 15:16 - 2013-08-23 00:29 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 18:36 - 2013-02-02 16:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-17 15:27 - 2012-10-07 10:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-17 07:44 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-16 14:26 - 2013-08-16 14:26 - 00005846 _____ C:\Users\Mike\Downloads\august burns red.l6t 2013-08-16 14:26 - 2013-08-16 14:26 - 00002792 _____ C:\Users\Mike\Downloads\Djent.l6t 2013-08-16 14:24 - 2013-08-16 14:24 - 00003022 _____ C:\Users\Mike\Downloads\Big Bottom Scoop.l6t 2013-08-15 22:30 - 2013-08-15 22:30 - 00037034 _____ C:\Users\Mike\Downloads\Suffoca(1).gp5 2013-08-15 19:18 - 2013-08-15 19:17 - 00683434 _____ C:\Users\Mike\Downloads\technical difficulties.mp3.reapeaks 2013-08-15 19:06 - 2013-08-15 19:06 - 00002814 _____ C:\Users\Mike\Downloads\Personnal Tone.l6t 2013-08-15 03:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-08-15 03:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-15 03:02 - 2010-11-20 23:01 - 00784456 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-14 17:00 - 2013-08-14 17:00 - 00103803 _____ C:\Users\Mike\Downloads\texas_in_july_without_a_head.gp5 2013-08-14 16:54 - 2013-06-27 01:23 - 00003717 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2013-08-14 16:54 - 2012-10-24 12:57 - 00037664 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys 2013-08-14 16:54 - 2012-10-24 12:57 - 00000000 ____D C:\Program Files\AVG Secure Search 2013-08-13 15:57 - 2013-08-13 15:57 - 00052508 _____ C:\Users\Mike\Downloads\racer_x_technical_difficulties.gp3 2013-08-12 20:18 - 2013-08-12 20:17 - 00039305 _____ C:\Users\Mike\Downloads\Der der wie 2nd Sucks ist.gp5 ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini Files to move or delete: ==================== ZeroAccess: C:\Users\Mike\AppData\Local\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4} ZeroAccess: C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4} C:\Users\Mike\AppData\Local\Temp\12-8_vista_win7_win8_32_dd_ccc.exe C:\Users\Mike\AppData\Local\Temp\13-4_vista_win7_win8_32_dd_ccc_whql.exe C:\Users\Mike\AppData\Local\Temp\AskSLib.dll C:\Users\Mike\AppData\Local\Temp\aspnetstate.exe C:\Users\Mike\AppData\Local\Temp\AutoRun.exe C:\Users\Mike\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Mike\AppData\Local\Temp\AVG.exe C:\Users\Mike\AppData\Local\Temp\avguidx.dll C:\Users\Mike\AppData\Local\Temp\eauninstall.exe C:\Users\Mike\AppData\Local\Temp\iimapi.exe C:\Users\Mike\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Mike\AppData\Local\Temp\L6GPInst.dll C:\Users\Mike\AppData\Local\Temp\lowproc.exe C:\Users\Mike\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Mike\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Mike\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Mike\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Mike\AppData\Local\Temp\nvStInst.exe C:\Users\Mike\AppData\Local\Temp\nvstlink.exe C:\Users\Mike\AppData\Local\Temp\nvstview.exe C:\Users\Mike\AppData\Local\Temp\oi_{6DEA44BD-03F3-479A-9F64-322BAD7D5B62}.exe C:\Users\Mike\AppData\Local\Temp\sonarinst.exe C:\Users\Mike\AppData\Local\Temp\stubhelper.dll C:\Users\Mike\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Mike\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe C:\Users\Mike\AppData\Local\Temp\upss.exe C:\Users\Mike\AppData\Local\Temp\vcredist_x86.exe C:\Users\Mike\AppData\Local\Temp\vssrvc.exe C:\Users\Mike\AppData\Local\Temp\wmfdist.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-09-11 01:45 ==================== End Of Log ============================ --- --- --- --- --- --- Geändert von BreakAnimal (11.09.2013 um 15:06 Uhr) |
11.09.2013, 17:19 | #6 | |
/// the machine /// TB-Ausbilder | Lästiges Rootkit SirefefCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Lästiges Rootkit Sirefef |
12.09.2013, 16:42 | #7 |
| Lästiges Rootkit Sirefef Hi, hier das ComboFix log! Code:
ATTFilter ComboFix 13-09-10.03 - Mike 12/09/2013 17:24:31.1.4 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1033.18.3247.1881 [GMT 2:00] ausgeführt von:: C:\Users\Mike\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\data C:\data\patch01_01.fs C:\Program Files\Google\Desktop\Install C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\@ C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\GoogleUpdate.exe C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\L\00000004.@ C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\L\6715e287 C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\L\76603ac3 C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\00000004.@ C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\00000008.@ C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\000000cb.@ C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\80000000.@ C:\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\80000032.@ C:\readme.txt C:\Users\Mike\AppData\Local\Google\Desktop\Install C:\Users\Mike\AppData\Local\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\2E2F~1\28F0~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\@ C:\Users\Mike\AppData\Local\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\2E2F~1\28F0~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\GoogleUpdate.exe C:\Users\Mike\AppData\Roaming\msregsvv.dll C:\Windows\assembly\GAC\Desktop.ini C:\Windows\msvcr71.dll C:\Windows\system32\roboot.exe ((((((((((((((((((((((( Dateien erstellt von 2013-08-12 bis 2013-09-12 )))))))))))))))))))))))))))))) 2013-09-11 15:23:56 . 2013-09-11 15:23:56 -------- d-----w- C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 13:51:21 . 2013-09-11 13:51:21 -------- d-----w- C:\FRST 2013-09-10 15:02:30 . 2013-09-10 15:02:30 -------- d-----w- C:\Program Files\Google 2013-09-10 15:02:25 . 2013-09-10 15:02:25 -------- d-----w- C:\Users\Mike\AppData\Local\Google 2013-09-10 14:59:42 . 2013-09-10 14:59:42 -------- d-----w- C:\ProgramData\Toontrack 2013-09-06 14:32:25 . 2013-09-06 15:10:26 -------- d-----w- C:\Users\Mike\Images 2013-09-06 14:32:09 . 2013-09-06 15:10:26 -------- d-----w- C:\Users\Mike\Audio 2013-08-26 17:34:21 . 2013-08-26 17:34:21 -------- d-----w- C:\Users\Mike\AppData\Local\THQ 2013-08-26 17:24:56 . 2013-08-26 17:24:56 -------- d-----w- C:\Program Files\R.G.Games 2013-08-24 21:43:31 . 2013-08-24 21:43:31 -------- d-----w- C:\ProgramData\Steam 2013-08-24 21:33:56 . 2013-08-24 21:43:28 -------- d-----w- C:\Program Files\Saints Row IV 2013-08-24 08:16:48 . 2013-08-24 09:18:06 -------- d-----w- C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 08:16:35 . 2013-08-24 08:16:39 -------- d-----w- C:\Program Files\Audacity 2013-08-14 16:19:25 . 2013-07-09 04:50:42 652800 ----a-w- C:\Windows\system32\rpcrt4.dll 2013-08-14 16:19:24 . 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\system32\wintrust.dll 2013-08-14 16:19:24 . 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\system32\cryptsvc.dll 2013-08-14 16:19:24 . 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\system32\crypt32.dll 2013-08-14 16:19:24 . 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\system32\cryptnet.dll 2013-08-14 16:19:20 . 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2013-08-14 16:19:20 . 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\system32\ntoskrnl.exe 2013-08-14 16:19:20 . 2013-07-09 04:53:46 1289096 ----a-w- C:\Windows\system32\ntdll.dll 2013-08-14 16:19:17 . 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\system32\WMVDECOD.DLL 2013-08-14 16:19:17 . 2013-07-06 05:05:35 1293760 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-08-14 16:19:10 . 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\system32\tzres.dll 2013-08-14 16:19:06 . 2013-06-15 03:40:42 918528 ----a-w- C:\Windows\system32\rdpcorets.dll 2013-08-14 16:19:06 . 2013-06-15 03:38:43 31232 ----a-w- C:\Windows\system32\drivers\tssecsrv.sys . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-09-11 15:32:14 . 2012-10-05 13:02:46 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-11 15:32:14 . 2012-10-05 13:02:46 692616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe 2013-07-28 11:42:59 . 2012-10-07 08:14:16 280904 ----a-w- C:\Windows\system32\PnkBstrB.xtr 2013-07-28 11:42:59 . 2012-10-07 01:14:18 280904 ----a-w- C:\Windows\system32\PnkBstrB.exe 2013-07-27 11:07:39 . 2012-10-07 01:14:45 139032 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys 2013-07-27 11:07:30 . 2012-10-07 01:14:18 290184 ----a-w- C:\Windows\system32\PnkBstrB.ex0 2013-06-26 12:38:30 . 2013-06-26 12:38:30 1098752 ----a-w- C:\Windows\system32\L6DriverControlPanel.cpl 2013-06-26 12:38:28 . 2013-06-26 12:38:28 583808 ----a-w- C:\Windows\system32\drivers\L6UX1.sys 2013-06-26 12:38:28 . 2013-06-26 12:38:28 180224 ----a-w- C:\Windows\system32\l6ux1.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 9069344 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys 2013-06-21 12:02:43 . 2013-07-14 17:44:49 893728 ----a-w- C:\Windows\system32\nvdispgenco3232049.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 7687592 ----a-w- C:\Windows\system32\nvcuda.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 467232 ----a-w- C:\Windows\system32\NvIFR.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 465184 ----a-w- C:\Windows\system32\NvFBC.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 2777888 ----a-w- C:\Windows\system32\nvcuvid.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 214448 ----a-w- C:\Windows\system32\nvinit.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 21102368 ----a-w- C:\Windows\system32\nvoglv32.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 2002720 ----a-w- C:\Windows\system32\nvcuvenc.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 181488 ----a-w- C:\Windows\system32\nvoglshim32.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 17560352 ----a-w- C:\Windows\system32\nvcompiler.dll 2013-06-21 12:02:43 . 2013-07-14 17:44:49 1024288 ----a-w- C:\Windows\system32\nvdispco3232049.dll 2013-06-21 12:02:43 . 2013-05-24 14:18:15 925648 ----a-w- C:\Windows\system32\nvumdshim.dll 2013-06-21 12:02:43 . 2013-05-24 14:18:15 6324360 ----a-w- C:\Windows\system32\nvopencl.dll 2013-06-21 12:02:43 . 2013-05-24 14:18:15 13411896 ----a-w- C:\Windows\system32\nvwgf2um.dll 2013-06-21 12:02:43 . 2013-05-24 14:18:14 12427240 ----a-w- C:\Windows\system32\nvd3dum.dll 2013-06-21 12:02:43 . 2013-05-24 14:18:13 2597856 ----a-w- C:\Windows\system32\nvapi.dll 2013-06-21 09:52:51 . 2013-05-24 14:19:06 4192544 ----a-w- C:\Windows\system32\nvcpl.dll 2013-06-21 09:52:51 . 2013-05-24 14:19:06 3045664 ----a-w- C:\Windows\system32\nvsvc.dll 2013-06-21 09:52:48 . 2013-05-24 14:19:06 640288 ----a-w- C:\Windows\system32\nvvsvc.exe 2013-06-21 09:52:48 . 2013-05-24 14:19:06 62752 ----a-w- C:\Windows\system32\nvshext.dll 2013-06-21 09:52:48 . 2013-05-24 14:19:06 2555168 ----a-w- C:\Windows\system32\nvsvcr.dll 2013-06-21 09:52:47 . 2013-05-24 14:19:06 223008 ----a-w- C:\Windows\system32\nvmctray.dll 2013-06-21 03:16:02 . 2013-06-21 03:16:02 566048 ----a-w- C:\Windows\system32\nvStreaming.exe ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. [-] 2012-10-04 16:25:24 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\user32.dll [7] 2010-11-20 21:29:20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2013-01-28 14:48:38 281760 ----a-w- C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17:30 130736 ----a-w- C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17:30 130736 ----a-w- C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17:30 130736 ----a-w- C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Program Files\Origin\Origin.exe" [2013-08-28 13:27:46 3549528] "Akamai NetSession Interface"="C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 23:01:52 4489472] "RGSC"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 13:35:36 305064] "Steam"="C:\Program Files\Steam\Steam.exe" [2013-09-06 20:55:38 1811368] "Pando Media Booster"="C:\Program Files\Pando Networks\Media Booster\PMB.exe" [2013-04-30 11:54:28 4284976] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 21:29:41 1174016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848] "Aeria Ignite"="C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" [2012-09-10 18:08:48 1411224] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 19:43:34 926896] "Creative SB Monitoring Utility"="sbavmon.dll" [2010-07-29 18:35:30 103936] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 20:35:44 642656] "Nvtmru"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 14:44:05 1012000] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2012-08-24 07:57:08 336992] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 03:28:02 10996368] "BlueStacks Agent"="C:\Program Files\BlueStacks\HD-Agent.exe" [2013-07-17 14:03:32 601928] C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-10-6 0] Dropbox.lnk - C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808] simplicheck.lnk - C:\Program Files\simplitec\simplicheck\simplicheck.exe -timer [2012-4-19 2891072] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] R3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus.sys [2010-12-23 15:35:00 14336] R3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag.sys [2010-12-23 15:35:00 20736] R3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps.sys [2010-12-23 15:35:00 20096] R3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem.sys [2010-12-23 15:35:02 25088] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW73.sys [2013-02-14 11:41:04 79872] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-16 17:11:48 79360] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 21:29:03 62464] R3 ksaud;Creative USB Audio Driver;C:\Windows\system32\drivers\ksaud.sys [2011-09-13 13:43:16 1255296] R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [2012-03-05 12:19:00 3953632] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 21:29:34 15872] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [2009-06-14 23:05:00 71832] R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [2010-11-20 21:29:03 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [2010-11-20 21:29:03 25600] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 21:29:24 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 21:29:03 27264] R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 21:29:03 112640] R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x] R3 vtany;vtany;C:\Windows\vtany.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-04 16:25:11 1343400] R3 xhunter1;xhunter1;C:\Windows\xhunter1.sys [x] R3 xsherlock;xsherlock;C:\Windows\system32\xsherlock.xem [2012-11-09 13:52:32 666720] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2013-03-29 01:34:06 219136] S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [2013-07-17 14:02:36 63816] S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files\BlueStacks\HD-LogRotatorService.exe [2013-07-17 14:02:48 384840] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-06-21 03:15:56 413472] S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-08 15:39:32 2656536] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys [2012-08-07 07:09:00 51328] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys [2012-08-07 07:09:00 71552] S3 L6UX1;Service - Line 6 UX1;C:\Windows\system32\Drivers\L6UX1.sys [2013-06-26 12:38:28 583808] S3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\system32\DRIVERS\lgbtport.sys [2009-09-29 06:11:22 12160] S3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 06:11:20 10496] S3 LGVMODEM;LGE Virtual Modem;C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 06:11:20 12928] S3 MEI;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECI.sys [2010-10-19 14:33:40 41088] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 09:30:32 490088] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - WS2IFSL Inhalt des "geplante Tasks" Ordners 2013-09-12 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 13:02:46 . 2013-09-11 15:32:14] ------- Zusätzlicher Suchlauf ------- uInternet Settings,ProxyOverride = <local> IE: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll Trusted Zone: line6.net TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/?hl=de&gl=DE FF - ExtSQL: !HIDDEN! 2013-03-08 16:23; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Program Files\Common Files\DVDVideoSoft\plugins\ff - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-LG LinkAir - (no file) AddRemove-Battlelog Web Plugins - C:\Program Files\Battlelog Web Plugins\uninstall.exe AddRemove-Free YouTube to MP3 Converter_is1 - C:\Program Files\Common Files\DVDVideoSoft\Uninstall.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="C:\Windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock] "ImagePath"="C:\Windows\system32\xsherlock.xem" --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-465016176-240401697-1504253361-1000\Software\SecuROM\License information*] "datasecu"=hex:ca,5b,a7,a9,e8,51,ab,89,4e,ce,23,1a,d6,5b,65,6c,70,e0,07,a6,66, 12,55,cd,a8,64,9e,7b,28,aa,b0,d3,55,e6,c4,67,97,41,04,dd,0e,bc,e8,bd,cd,b0,\ "rkeysecu"=hex:20,1d,27,7d,d0,c4,4d,f8,d6,8a,b3,da,2d,d0,48,2c [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(5476) C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll C:\Windows\System32\SyncCenter.dll C:\Windows\system32\FXSRESM.DLL ------------------------ Weitere laufende Prozesse ------------------------ C:\Windows\system32\nvvsvc.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\conhost.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe ************************************************************************** Zeit der Fertigstellung: 2013-09-12 17:38:36 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-09-12 15:38:35 Vor Suchlauf: 647.408.197.632 bytes free Nach Suchlauf: 649.669.988.352 bytes free - - End Of File - - 914A243DB46CF72FB4A6745CAAE0A3AA A36C5E4F47E84449FF07ED3517B43A31 |
13.09.2013, 07:51 | #8 |
/// the machine /// TB-Ausbilder | Lästiges Rootkit Sirefef Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.09.2013, 17:49 | #9 |
| Lästiges Rootkit Sirefef Hi, hier sind alle Log's, die du wolltest. Falls was fehlt, sag Bescheid! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 Ran by Mike (administrator) on MIKE-PC on 14-09-2013 18:44:41 Running from C:\Users\Mike\Desktop Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\system32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (Electronic Arts) C:\Program Files\Origin\Origin.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe () C:\Program Files\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Aeria Ignite] - C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1411224 2012-09-10] (Aeria Games & Entertainment) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-17] (BlueStack Systems, Inc.) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3549528 2013-08-28] (Electronic Arts) HKCU\...\Run: [LG LinkAir] - [x] HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [RGSC] - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation) HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] () HKCU\...\Policies\Explorer: [NoDrives] 0 Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C5C9354CEDBCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default FF Homepage: hxxp://www.youtube.com/?hl=de&gl=DE FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File FF Plugin: @esn/esnlaunch,version=2.1.7 - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\ich@maltegoetz.de FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi ========================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.) S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-10-07] () S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] () S3 xsherlock; C:\Windows\system32\xsherlock.xem [666720 2012-11-09] (Wellbia.com Co., Ltd.) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-23] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-23] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-23] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-23] (LG Electronics Inc.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-17] (BlueStack Systems) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1255296 2011-09-13] (Creative Technology Ltd.) R3 L6UX1; C:\Windows\System32\Drivers\L6UX1.sys [583808 2013-06-26] (Line 6) R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd) S3 catchme; \??\C:\Users\Mike\AppData\Local\Temp\catchme.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 vtany; \??\C:\Windows\vtany.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-14 18:40 - 2013-09-14 18:40 - 00003202 _____ C:\Users\Mike\Desktop\AdwCleaner[S0].txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 18:37 - 2013-09-14 18:38 - 00000000 ____D C:\AdwCleaner 2013-09-14 18:37 - 2013-09-14 18:22 - 01037278 _____ C:\Users\Mike\Desktop\adwcleaner.exe 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 18:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-14 18:25 - 2013-09-14 18:23 - 01029509 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2013-09-14 18:25 - 2013-09-14 18:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-14 18:25 - 2013-09-10 21:39 - 00111880 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\setup.exe 2013-09-13 18:39 - 2013-09-13 18:39 - 07645119 _____ C:\Users\Mike\Desktop\Idols and Anchors, mixed&mastered.rar 2013-09-13 03:01 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 03:01 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 03:01 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-13 03:01 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-13 03:01 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 03:01 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 22:41 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 22:41 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 22:41 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 22:41 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 22:41 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 22:41 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 22:41 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 22:41 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 17:38 - 2013-09-12 17:38 - 00020149 _____ C:\ComboFix.txt 2013-09-12 17:21 - 2013-09-12 17:38 - 00000000 ____D C:\ComboFix 2013-09-12 17:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-12 17:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-12 17:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-12 17:18 - 2013-09-12 17:38 - 00000000 ____D C:\Windows\erdnt 2013-09-12 17:18 - 2013-09-12 17:38 - 00000000 ____D C:\Qoobox 2013-09-12 17:18 - 2013-09-12 17:17 - 05124599 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe 2013-09-11 17:23 - 2013-09-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-11 15:50 - 2013-09-11 15:49 - 01082455 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 17:02 - 2012-11-14 19:50 - 00004263 _____ C:\Users\Mike\Desktop\aaocg.nfo 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:30 - 2013-09-10 14:33 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:24 - 2013-09-10 16:57 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi RTAS AU HYBRID DISC1 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-08 12:22 - 2013-09-10 06:23 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 16:30 - 2013-09-06 16:32 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-05 18:22 - 2013-09-07 12:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-08-27 19:22 - 2013-08-27 19:23 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-25 19:23 - 2013-08-25 20:47 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2_[R.G.Games] 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:33 - 2013-08-24 23:43 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 15:56 - 2013-08-24 23:07 - 4144721920 _____ C:\Users\Mike\Downloads\rld-saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 11:16 - 2013-08-24 11:18 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 10:16 - 2013-08-24 11:18 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-23 23:29 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-24 10:14 - 2013-08-23 23:29 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-24 10:07 - 2013-08-24 10:14 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-23 00:29 - 2013-08-22 15:16 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-19 22:08 - 2013-09-06 16:27 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-17 07:44 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-16 14:26 - 2013-08-16 14:26 - 00005846 _____ C:\Users\Mike\Downloads\august burns red.l6t 2013-08-16 14:26 - 2013-08-16 14:26 - 00002792 _____ C:\Users\Mike\Downloads\Djent.l6t 2013-08-16 14:24 - 2013-08-16 14:24 - 00003022 _____ C:\Users\Mike\Downloads\Big Bottom Scoop.l6t 2013-08-15 22:30 - 2013-08-15 22:30 - 00037034 _____ C:\Users\Mike\Downloads\Suffoca(1).gp5 2013-08-15 19:17 - 2013-08-15 19:18 - 00683434 _____ C:\Users\Mike\Downloads\technical difficulties.mp3.reapeaks 2013-08-15 19:06 - 2013-08-15 19:06 - 00002814 _____ C:\Users\Mike\Downloads\Personnal Tone.l6t ==================== One Month Modified Files and Folders ======= 2013-09-14 18:43 - 2013-09-14 18:43 - 00000954 _____ C:\Users\Mike\Desktop\JRT.txt 2013-09-14 18:42 - 2013-07-29 18:42 - 00000000 ___RD C:\Users\Mike\Dropbox 2013-09-14 18:42 - 2013-07-29 18:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox 2013-09-14 18:42 - 2013-05-24 16:19 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-14 18:42 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Steam 2013-09-14 18:42 - 2012-10-06 12:02 - 00000000 ____D C:\Program Files\Origin 2013-09-14 18:42 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment 2013-09-14 18:42 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-14 18:42 - 2009-07-14 06:39 - 00066093 _____ C:\Windows\setupact.log 2013-09-14 18:41 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-14 18:41 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-14 18:40 - 2013-09-14 18:40 - 00003202 _____ C:\Users\Mike\Desktop\AdwCleaner[S0].txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 18:38 - 2013-09-14 18:37 - 00000000 ____D C:\AdwCleaner 2013-09-14 18:38 - 2012-10-05 00:06 - 01392826 _____ C:\Windows\WindowsUpdate.log 2013-09-14 18:34 - 2010-11-20 23:48 - 00124876 _____ C:\Windows\PFRO.log 2013-09-14 18:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Cursors 2013-09-14 18:32 - 2012-10-07 12:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 18:25 - 2013-04-30 13:54 - 00000000 ____D C:\ProgramData\PMB Files 2013-09-14 18:23 - 2013-09-14 18:25 - 01029509 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2013-09-14 18:22 - 2013-09-14 18:37 - 01037278 _____ C:\Users\Mike\Desktop\adwcleaner.exe 2013-09-14 18:21 - 2013-09-14 18:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-14 11:51 - 2013-06-01 00:29 - 00000000 ____D C:\Users\Mike\Desktop\Cubase Projekte 2013-09-13 18:39 - 2013-09-13 18:39 - 07645119 _____ C:\Users\Mike\Desktop\Idols and Anchors, mixed&mastered.rar 2013-09-13 03:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 03:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-13 03:19 - 2009-07-14 06:33 - 00269712 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 17:38 - 2013-09-12 17:38 - 00020149 _____ C:\ComboFix.txt 2013-09-12 17:38 - 2013-09-12 17:21 - 00000000 ____D C:\ComboFix 2013-09-12 17:38 - 2013-09-12 17:18 - 00000000 ____D C:\Windows\erdnt 2013-09-12 17:38 - 2013-09-12 17:18 - 00000000 ____D C:\Qoobox 2013-09-12 17:34 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0 2013-09-12 17:34 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2013-09-12 17:20 - 2009-07-14 06:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-12 17:17 - 2013-09-12 17:18 - 05124599 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe 2013-09-11 20:05 - 2012-10-06 16:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\TS3Client 2013-09-11 17:32 - 2012-10-05 15:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-11 17:32 - 2012-10-05 15:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-11 17:23 - 2013-09-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-11 15:49 - 2013-09-11 15:50 - 01082455 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe 2013-09-11 15:29 - 2012-10-05 17:16 - 00000000 ____D C:\Program Files\World of Warcraft 2013-09-11 15:14 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-09-10 21:39 - 2013-09-14 18:25 - 00111880 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\setup.exe 2013-09-10 17:52 - 2012-10-23 15:14 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:58 - 2013-07-21 20:02 - 00000000 ____D C:\Program Files\Toontrack 2013-09-10 16:58 - 2013-04-15 10:43 - 00000000 ____D C:\Program Files\VstPlugIns 2013-09-10 16:57 - 2013-09-10 14:24 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:33 - 2013-09-10 14:30 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-10 06:23 - 2013-09-08 12:22 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-07 12:22 - 2013-09-05 18:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 17:10 - 2012-10-04 18:26 - 00000000 ____D C:\Users\Mike 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 16:30 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-06 16:27 - 2013-08-19 22:08 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-29 19:10 - 2013-06-20 23:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2013-08-27 19:23 - 2013-08-27 19:22 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 21:32 - 2012-10-08 21:32 - 00017408 _____ C:\Users\Mike\AppData\Local\WebpageIcons.db 2013-08-26 20:10 - 2013-08-05 17:09 - 00060598 _____ C:\Users\Mike\Downloads\Icarus(4).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-26 17:35 - 2012-10-13 16:17 - 00000000 ____D C:\Users\Mike\AppData\Local\Windows Live 2013-08-25 20:47 - 2013-08-25 19:23 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_ 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:43 - 2013-08-24 23:33 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 23:07 - 2013-08-24 15:56 - 4144721920 _____ C:\Users\Mike\Downloads\saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 15:36 - 2013-07-30 19:27 - 00000000 ____D C:\Users\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST 2013-08-24 11:18 - 2013-08-24 11:16 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 11:18 - 2013-08-24 10:16 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:16 - 2013-04-15 10:47 - 00000016 _____ C:\ProgramData\autobk.inc 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-24 10:07 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 23:29 - 2013-08-24 10:14 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-23 23:29 - 2013-08-24 10:14 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 19:12 - 2013-02-27 21:07 - 291651801 _____ C:\Windows\MEMORY.DMP 2013-08-23 19:12 - 2013-02-27 21:07 - 00000000 ____D C:\Windows\Minidump 2013-08-23 16:40 - 2012-10-06 11:11 - 00000000 ____D C:\Users\Mike\Documents\REAPER Media 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-22 15:16 - 2013-08-23 00:29 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 18:36 - 2013-02-02 16:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-17 15:27 - 2012-10-07 10:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-17 07:44 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-16 14:26 - 2013-08-16 14:26 - 00005846 _____ C:\Users\Mike\Downloads\august burns red.l6t 2013-08-16 14:26 - 2013-08-16 14:26 - 00002792 _____ C:\Users\Mike\Downloads\Djent.l6t 2013-08-16 14:24 - 2013-08-16 14:24 - 00003022 _____ C:\Users\Mike\Downloads\Big Bottom Scoop.l6t 2013-08-15 22:30 - 2013-08-15 22:30 - 00037034 _____ C:\Users\Mike\Downloads\Suffoca(1).gp5 2013-08-15 19:18 - 2013-08-15 19:17 - 00683434 _____ C:\Users\Mike\Downloads\technical difficulties.mp3.reapeaks 2013-08-15 19:06 - 2013-08-15 19:06 - 00002814 _____ C:\Users\Mike\Downloads\Personnal Tone.l6t 2013-08-15 03:02 - 2010-11-20 23:01 - 00784456 _____ C:\Windows\system32\PerfStringBackup.INI Files to move or delete: ==================== C:\Users\Mike\AppData\Local\Temp\catchme.dll C:\Users\Mike\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-09-11 01:45 ==================== End Of Log ============================ MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.14.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 Mike :: MIKE-PC [Administrator] 14/09/2013 18:28:02 MBAM-log-2013-09-14 (18-33-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235904 Laufzeit: 4 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Mike\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Mike\AppData\Roaming\OpenCandy\A9FE5B4AC64D48A4ACBBCE5CA452AB92 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Mike\AppData\Roaming\OpenCandy\DFD82D1AB727408C9A56228105D62E1A (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. Infizierte Dateien: 2 C:\Users\Mike\AppData\Roaming\OpenCandy\A9FE5B4AC64D48A4ACBBCE5CA452AB92\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Mike\AppData\Roaming\OpenCandy\DFD82D1AB727408C9A56228105D62E1A\RealPlayerR71POC6_p2v1.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.0 (09.12.2013:1) OS: Windows 7 Enterprise x86 Ran by Mike on 14/09/2013 at 18:42:25,37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\gznpuinw.default\minidumps [301 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14/09/2013 at 18:43:41,00 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v3.003 - Report created 14/09/2013 at 18:38:28 # Updated 07/09/2013 by Xplode # Operating System : Windows 7 Enterprise Service Pack 1 (32 bits) # Username : Mike - MIKE-PC # Running from : C:\Users\Mike\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ParetoLogic Folder Deleted : C:\ProgramData\simplitec Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec Folder Deleted : C:\Program Files\simplitec Folder Deleted : C:\Users\Mike\AppData\Roaming\DriverCure Folder Deleted : C:\Users\Mike\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\Mike\AppData\Roaming\ParetoLogic Folder Deleted : C:\Users\Mike\AppData\Roaming\simplitec Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\foxydeal.sqlite File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v23.0.1 (de) [ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3146 octets] - [14/09/2013 18:37:30] AdwCleaner[S0].txt - [3062 octets] - [14/09/2013 18:38:28] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3122 octets] ########## |
15.09.2013, 09:59 | #10 |
/// the machine /// TB-Ausbilder | Lästiges Rootkit SirefefESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.09.2013, 19:41 | #11 |
| Lästiges Rootkit Sirefef Hallo! Ja, ich kann immernoch nicht's über meinen Browser (Firefox) downloaden..... Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=08953cd1b9d1b443bc10090806cbb59f # engine=15138 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-15 05:40:31 # local_time=2013-09-15 07:40:31 (+0100, W. Europe Daylight Time) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 29 4926023 31257657 0 0 # scanned=369989 # found=20 # cleaned=0 # scan_time=10840 sh=150DE69CA3AA381CDADC5E78D3C248C0E0F08E04 ft=1 fh=99115033efbfa0ee vn="a variant of Win32/Adware.Ezula.AI application" ac=I fn="C:\Documents and Settings\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011)\PODFarmv2.50Installer.exe" sh=20C397C54A588E256B28F958BB3DF3B227E55291 ft=1 fh=c2ddf7de26f1a46e vn="a variant of Win32/Adware.Ezula.AI application" ac=I fn="C:\Documents and Settings\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011)\PODFarmv2.50Updater.exe" sh=C6C55D3F42B88473D31748592CA1464D4B2F1A02 ft=1 fh=623c14054434a8fc vn="a variant of Win32/Kryptik.BKEX trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\GoogleUpdate.exe.vir" sh=A3AA67884223F3E8F8C52AFDBC779DCB19FF00E6 ft=1 fh=046b86e38f417135 vn="Win32/Conedex.D trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\00000004.@.vir" sh=2587B2A16644839CBF08F2943FA21CC0C8DD6E5D ft=1 fh=1aeb32f3d5992c2a vn="Win32/Conedex.T trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\00000008.@.vir" sh=97D178F9F9541E90C2A527C3FF97A43A1B69CB25 ft=1 fh=658c8a56b6c5d815 vn="Win32/Conedex.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\000000cb.@.vir" sh=21BE1DC293CD58E99FE1732089EE57552B18FD70 ft=1 fh=6b66844b007ee452 vn="probably a variant of Win32/Sirefef.FA trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\80000000.@.vir" sh=9213188F45F2849F423DC95FDABF1C22154F0EA3 ft=1 fh=b7dc201118461418 vn="probably a variant of Win32/Sirefef.FV trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\9519~1\A535~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\U\80000032.@.vir" sh=C6C55D3F42B88473D31748592CA1464D4B2F1A02 ft=1 fh=623c14054434a8fc vn="a variant of Win32/Kryptik.BKEX trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Desktop\Install\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\2E2F~1\28F0~1\E628~1\{8b6a71be-886a-bf4b-413a-ac200fb12fc4}\GoogleUpdate.exe.vir" sh=90F3D6FF1C80B66B4722EFC332CD70342DFE5C80 ft=1 fh=64df79db96d02fef vn="Win32/Sirefef.EZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\assembly\GAC\Desktop.ini.vir" sh=150DE69CA3AA381CDADC5E78D3C248C0E0F08E04 ft=1 fh=99115033efbfa0ee vn="a variant of Win32/Adware.Ezula.AI application" ac=I fn="C:\Users\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011)\PODFarmv2.50Installer.exe" sh=20C397C54A588E256B28F958BB3DF3B227E55291 ft=1 fh=c2ddf7de26f1a46e vn="a variant of Win32/Adware.Ezula.AI application" ac=I fn="C:\Users\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011)\PODFarmv2.50Updater.exe" sh=556C92142904B2F47CF486CBF1F6AFA09A59C57B ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-4681.AS trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\Local\Temp\jar_cache5347760046674068001.tmp" sh=4D6FB7101E5AE1FA728730BBB0BDE273390FBBC7 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.AG trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7ed98096-67a04f08" sh=6821BB8EB688848C9553AE8776EDF7B39B4B6375 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.AL trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2231171c-44f603a8" sh=0D1F905C0D4BA3A2558FF58287F234F274A05093 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.BH trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6e0fc52f-2ca4d390" sh=D5812C2146377B2E855705AAD395A64219931221 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.AI trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\331fb74-52f2e942" sh=070427FD8B79BD7681F7EBAB20AE441C5A7D119F ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.AT trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\7e0277f6-267217db" sh=BEFB244F14AFE861F92936202AD8DDB1B12A260D ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.DR trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\309d1b3f-35e1f23c" sh=C7AFBFA46A5A96B078F546E9F89AE1822409ECF8 ft=1 fh=998bf59b33ea6b33 vn="a variant of Win32/Kryptik.ALEN trojan" ac=I fn="C:\Windows.old\Users\Mike\AppData\Roaming\Windows Desktop Search\{FADA0B50-30DE-48A4-BCA6-5A2182F88E22}\Validator.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (23.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 (ATTENTION: ====> FRST version is 6 days old and could be outdated) Ran by Mike (administrator) on MIKE-PC on 15-09-2013 20:38:51 Running from C:\Users\Mike\Desktop Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\system32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Conduit) C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe (Conduit) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (Electronic Arts) C:\Program Files\Origin\Origin.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe () C:\Program Files\Pando Networks\Media Booster\PMB.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.46\deploy\LolClient.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Aeria Ignite] - C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1411224 2012-09-10] (Aeria Games & Entertainment) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-17] (BlueStack Systems, Inc.) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3549528 2013-08-28] (Electronic Arts) HKCU\...\Run: [LG LinkAir] - [x] HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [RGSC] - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation) HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] () HKCU\...\Policies\Explorer: [NoDrives] 0 Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C5C9354CEDBCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2&q={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default FF NewTab: hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=EB_SSPV&Lay=1&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2 FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File FF Plugin: @esn/esnlaunch,version=2.1.7 - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\ich@maltegoetz.de FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi ========================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.) R2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1736024 2013-09-01] (Conduit) S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-10-07] () S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] () S3 xsherlock; C:\Windows\system32\xsherlock.xem [666720 2012-11-09] (Wellbia.com Co., Ltd.) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-23] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-23] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-23] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-23] (LG Electronics Inc.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-17] (BlueStack Systems) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1255296 2011-09-13] (Creative Technology Ltd.) R3 L6UX1; C:\Windows\System32\Drivers\L6UX1.sys [583808 2013-06-26] (Line 6) R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd) S3 catchme; \??\C:\Users\Mike\AppData\Local\Temp\catchme.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 vtany; \??\C:\Windows\vtany.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-15 16:38 - 2013-09-15 16:38 - 00000000 ____D C:\Program Files\ESET 2013-09-15 16:37 - 2013-09-15 16:36 - 02347384 _____ (ESET) C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe 2013-09-15 16:37 - 2013-09-15 16:36 - 00891144 _____ C:\Users\Mike\Desktop\SecurityCheck.exe 2013-09-14 21:10 - 2013-09-15 06:29 - 00000000 ____D C:\Users\Mike\Downloads\Saints.Row.The.Third-SKIDROW 2013-09-14 21:09 - 2013-09-14 21:09 - 00000829 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Users\Mike\AppData\Local\SearchProtect 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Program Files\SearchProtect 2013-09-14 18:43 - 2013-09-14 18:43 - 00000954 _____ C:\Users\Mike\Desktop\JRT.txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00003202 _____ C:\Users\Mike\Desktop\AdwCleaner[S0].txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 18:37 - 2013-09-14 18:38 - 00000000 ____D C:\AdwCleaner 2013-09-14 18:37 - 2013-09-14 18:22 - 01037278 _____ C:\Users\Mike\Desktop\adwcleaner.exe 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 18:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-14 18:25 - 2013-09-14 18:23 - 01029509 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2013-09-14 18:25 - 2013-09-14 18:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-14 18:25 - 2013-09-10 21:39 - 00111880 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\setup.exe 2013-09-13 18:39 - 2013-09-13 18:39 - 07645119 _____ C:\Users\Mike\Desktop\Idols and Anchors, mixed&mastered.rar 2013-09-13 03:01 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 03:01 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 03:01 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-13 03:01 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-13 03:01 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 03:01 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 22:41 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 22:41 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 22:41 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 22:41 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 22:41 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 22:41 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 22:41 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 22:41 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 17:38 - 2013-09-12 17:38 - 00020149 _____ C:\ComboFix.txt 2013-09-12 17:21 - 2013-09-12 17:38 - 00000000 ____D C:\ComboFix 2013-09-12 17:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-12 17:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-12 17:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-12 17:18 - 2013-09-12 17:38 - 00000000 ____D C:\Windows\erdnt 2013-09-12 17:18 - 2013-09-12 17:38 - 00000000 ____D C:\Qoobox 2013-09-12 17:18 - 2013-09-12 17:17 - 05124599 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe 2013-09-11 17:23 - 2013-09-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-11 15:50 - 2013-09-11 15:49 - 01082455 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 17:02 - 2012-11-14 19:50 - 00004263 _____ C:\Users\Mike\Desktop\aaocg.nfo 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:30 - 2013-09-10 14:33 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:24 - 2013-09-10 16:57 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-08 12:22 - 2013-09-10 06:23 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 16:30 - 2013-09-06 16:32 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-05 18:22 - 2013-09-07 12:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-08-27 19:22 - 2013-08-27 19:23 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-25 19:23 - 2013-08-25 20:47 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2_[R.G.Games] 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:33 - 2013-08-24 23:43 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 15:56 - 2013-08-24 23:07 - 4144721920 _____ C:\Users\Mike\Downloads\rld-saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 11:16 - 2013-08-24 11:18 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 10:16 - 2013-08-24 11:18 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-23 23:29 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-24 10:14 - 2013-08-23 23:29 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-24 10:07 - 2013-08-24 10:14 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-23 00:29 - 2013-08-22 15:16 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-19 22:08 - 2013-09-06 16:27 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-17 07:44 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-16 14:26 - 2013-08-16 14:26 - 00005846 _____ C:\Users\Mike\Downloads\august burns red.l6t 2013-08-16 14:26 - 2013-08-16 14:26 - 00002792 _____ C:\Users\Mike\Downloads\Djent.l6t 2013-08-16 14:24 - 2013-08-16 14:24 - 00003022 _____ C:\Users\Mike\Downloads\Big Bottom Scoop.l6t ==================== One Month Modified Files and Folders ======= 2013-09-15 20:37 - 2013-09-15 20:37 - 00000847 _____ C:\Users\Mike\Desktop\checkup.txt 2013-09-15 20:32 - 2012-10-07 12:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-15 20:30 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-15 20:30 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-15 18:55 - 2012-10-05 00:06 - 01267535 _____ C:\Windows\WindowsUpdate.log 2013-09-15 16:38 - 2013-09-15 16:38 - 00000000 ____D C:\Program Files\ESET 2013-09-15 16:36 - 2013-09-15 16:37 - 02347384 _____ (ESET) C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe 2013-09-15 16:36 - 2013-09-15 16:37 - 00891144 _____ C:\Users\Mike\Desktop\SecurityCheck.exe 2013-09-15 12:33 - 2013-07-29 18:42 - 00000000 ___RD C:\Users\Mike\Dropbox 2013-09-15 12:33 - 2013-07-29 18:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox 2013-09-15 12:33 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Steam 2013-09-15 12:33 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment 2013-09-15 12:32 - 2012-10-06 12:02 - 00000000 ____D C:\Program Files\Origin 2013-09-15 12:30 - 2013-05-24 16:19 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-15 12:30 - 2010-11-20 23:48 - 00125236 _____ C:\Windows\PFRO.log 2013-09-15 12:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-15 12:30 - 2009-07-14 06:39 - 00066149 _____ C:\Windows\setupact.log 2013-09-15 08:20 - 2012-10-23 15:14 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent 2013-09-15 06:29 - 2013-09-14 21:10 - 00000000 ____D C:\Users\Mike\Downloads\Saints.Row.The.Third-SKIDROW 2013-09-14 21:09 - 2013-09-14 21:09 - 00000829 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Users\Mike\AppData\Local\SearchProtect 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Program Files\SearchProtect 2013-09-14 21:08 - 2012-10-23 15:15 - 00000000 ____D C:\Program Files\uTorrent 2013-09-14 20:44 - 2013-04-30 13:54 - 00000000 ____D C:\ProgramData\PMB Files 2013-09-14 19:35 - 2012-10-06 16:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\TS3Client 2013-09-14 18:43 - 2013-09-14 18:43 - 00000954 _____ C:\Users\Mike\Desktop\JRT.txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00003202 _____ C:\Users\Mike\Desktop\AdwCleaner[S0].txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 18:38 - 2013-09-14 18:37 - 00000000 ____D C:\AdwCleaner 2013-09-14 18:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Cursors 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 18:23 - 2013-09-14 18:25 - 01029509 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2013-09-14 18:22 - 2013-09-14 18:37 - 01037278 _____ C:\Users\Mike\Desktop\adwcleaner.exe 2013-09-14 18:21 - 2013-09-14 18:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-14 11:51 - 2013-06-01 00:29 - 00000000 ____D C:\Users\Mike\Desktop\Cubase Projekte 2013-09-13 18:39 - 2013-09-13 18:39 - 07645119 _____ C:\Users\Mike\Desktop\Idols and Anchors, mixed&mastered.rar 2013-09-13 03:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 03:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-13 03:19 - 2009-07-14 06:33 - 00269712 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 17:38 - 2013-09-12 17:38 - 00020149 _____ C:\ComboFix.txt 2013-09-12 17:38 - 2013-09-12 17:21 - 00000000 ____D C:\ComboFix 2013-09-12 17:38 - 2013-09-12 17:18 - 00000000 ____D C:\Windows\erdnt 2013-09-12 17:38 - 2013-09-12 17:18 - 00000000 ____D C:\Qoobox 2013-09-12 17:34 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0 2013-09-12 17:34 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2013-09-12 17:20 - 2009-07-14 06:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-12 17:17 - 2013-09-12 17:18 - 05124599 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe 2013-09-11 17:32 - 2012-10-05 15:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-11 17:32 - 2012-10-05 15:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-11 17:23 - 2013-09-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-11 15:49 - 2013-09-11 15:50 - 01082455 _____ (Farbar) C:\Users\Mike\Desktop\FRST.exe 2013-09-11 15:29 - 2012-10-05 17:16 - 00000000 ____D C:\Program Files\World of Warcraft 2013-09-11 15:14 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-09-10 21:39 - 2013-09-14 18:25 - 00111880 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\setup.exe 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:58 - 2013-07-21 20:02 - 00000000 ____D C:\Program Files\Toontrack 2013-09-10 16:58 - 2013-04-15 10:43 - 00000000 ____D C:\Program Files\VstPlugIns 2013-09-10 16:57 - 2013-09-10 14:24 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:33 - 2013-09-10 14:30 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-10 06:23 - 2013-09-08 12:22 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-07 12:22 - 2013-09-05 18:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 17:10 - 2012-10-04 18:26 - 00000000 ____D C:\Users\Mike 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 16:30 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-06 16:27 - 2013-08-19 22:08 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-29 19:10 - 2013-06-20 23:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2013-08-27 19:23 - 2013-08-27 19:22 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 21:32 - 2012-10-08 21:32 - 00017408 _____ C:\Users\Mike\AppData\Local\WebpageIcons.db 2013-08-26 20:10 - 2013-08-05 17:09 - 00060598 _____ C:\Users\Mike\Downloads\Icarus(4).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-26 17:35 - 2012-10-13 16:17 - 00000000 ____D C:\Users\Mike\AppData\Local\Windows Live 2013-08-25 20:47 - 2013-08-25 19:23 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:43 - 2013-08-24 23:33 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 23:07 - 2013-08-24 15:56 - 4144721920 _____ C:\Users\Mike\Downloads\rld-saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 15:36 - 2013-07-30 19:27 - 00000000 ____D C:\Users\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011) 2013-08-24 11:18 - 2013-08-24 11:16 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 11:18 - 2013-08-24 10:16 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:16 - 2013-04-15 10:47 - 00000016 _____ C:\ProgramData\autobk.inc 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-24 10:07 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 23:29 - 2013-08-24 10:14 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-23 23:29 - 2013-08-24 10:14 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 19:12 - 2013-02-27 21:07 - 291651801 _____ C:\Windows\MEMORY.DMP 2013-08-23 19:12 - 2013-02-27 21:07 - 00000000 ____D C:\Windows\Minidump 2013-08-23 16:40 - 2012-10-06 11:11 - 00000000 ____D C:\Users\Mike\Documents\REAPER Media 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-22 15:16 - 2013-08-23 00:29 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 18:36 - 2013-02-02 16:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-17 15:27 - 2012-10-07 10:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-17 07:44 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-16 14:26 - 2013-08-16 14:26 - 00005846 _____ C:\Users\Mike\Downloads\august burns red.l6t 2013-08-16 14:26 - 2013-08-16 14:26 - 00002792 _____ C:\Users\Mike\Downloads\Djent.l6t 2013-08-16 14:24 - 2013-08-16 14:24 - 00003022 _____ C:\Users\Mike\Downloads\Big Bottom Scoop.l6t Files to move or delete: ==================== C:\Users\Mike\AppData\Local\Temp\catchme.dll C:\Users\Mike\AppData\Local\Temp\nsfC220.exe C:\Users\Mike\AppData\Local\Temp\nsk78CF.exe C:\Users\Mike\AppData\Local\Temp\nskC378.exe C:\Users\Mike\AppData\Local\Temp\nsu7A46.exe C:\Users\Mike\AppData\Local\Temp\Quarantine.exe C:\Users\Mike\AppData\Local\Temp\utt452E.tmp.exe C:\Users\Mike\AppData\Local\Temp\utt4B46.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-09-11 01:45 ==================== End Of Log ============================ Grüße, Mike |
16.09.2013, 09:49 | #12 |
/// the machine /// TB-Ausbilder | Lästiges Rootkit Sirefef Java updaten. Windows.old Ordner komplett löschen. FRST löschen und neu laden. Firefox deinstallieren, keine daten behalten, neu installieren. Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.09.2013, 14:16 | #13 |
| Lästiges Rootkit Sirefef Hi, Problem noch nicht gelöst, hier das neue FRST Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 Ran by Mike (administrator) on MIKE-PC on 16-09-2013 15:15:06 Running from C:\Users\Mike\Desktop Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\system32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Conduit) C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe (Conduit) C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit) C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (Electronic Arts) C:\Program Files\Origin\Origin.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Line 6, Inc.) C:\Program Files\Line6\POD Farm 2\POD Farm 2.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe (Farbar) C:\Users\Mike\Desktop\FRST(1).exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Aeria Ignite] - C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1411224 2012-09-10] (Aeria Games & Entertainment) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-07-17] (BlueStack Systems, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [EADM] - C:\Program Files\Origin\Origin.exe [3549528 2013-08-28] (Electronic Arts) HKCU\...\Run: [LG LinkAir] - [x] HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Mike\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [RGSC] - C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation) HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-30] () HKCU\...\Policies\Explorer: [NoDrives] 0 Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files\simplitec\simplicheck\simplicheck.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1C5C9354CEDBCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2&q={searchTerms} BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default FF NewTab: hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=EB_SSPV&Lay=1&UM=2&UP=SP8FE24584-225A-424D-8B0D-8B2B1822EFA2 FF DefaultSearchEngine: Conduit Search FF SelectedSearchEngine: Conduit Search FF Homepage: youtube.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin: @esn/esnlaunch,version=2.1.2 - C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll No File FF Plugin: @esn/esnlaunch,version=2.1.7 - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\ich@maltegoetz.de FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\gznpuinw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi ========================== Services (Whitelisted) ================= S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-07-17] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-07-17] (BlueStack Systems, Inc.) R2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [1736024 2013-09-01] (Conduit) S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-10-07] () S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [71832 2009-06-15] (SiSoftware) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] () S3 xsherlock; C:\Windows\system32\xsherlock.xem [666720 2012-11-09] (Wellbia.com Co., Ltd.) ==================== Drivers (Whitelisted) ==================== S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-23] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-23] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-23] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-23] (LG Electronics Inc.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-07-17] (BlueStack Systems) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2012-08-07] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2012-08-07] (Etron Technology Inc) S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1255296 2011-09-13] (Creative Technology Ltd.) R3 L6UX1; C:\Windows\System32\Drivers\L6UX1.sys [583808 2013-06-26] (Line 6) R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.) R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.) R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP4\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113104 2012-08-24] (Power Software Ltd) S3 catchme; \??\C:\Users\Mike\AppData\Local\Temp\catchme.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] S3 vtany; \??\C:\Windows\vtany.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 15:14 - 2013-09-16 15:14 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-09-16 15:14 - 2013-09-16 15:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-09-16 15:14 - 2013-09-16 15:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-09-16 15:14 - 2013-09-16 15:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-09-16 15:14 - 2013-09-16 15:14 - 00000000 ____D C:\ProgramData\Oracle 2013-09-16 15:14 - 2013-09-16 15:14 - 00000000 ____D C:\Program Files\Java 2013-09-16 15:14 - 2013-09-16 15:14 - 00000000 ____D C:\Program Files\Common Files\Java 2013-09-16 15:12 - 2013-09-16 15:12 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-09-16 15:12 - 2013-09-16 15:11 - 01084083 _____ (Farbar) C:\Users\Mike\Desktop\FRST(1).exe 2013-09-16 15:12 - 2013-09-16 15:10 - 00913832 _____ (Oracle Corporation) C:\Users\Mike\Desktop\jxpiinstall(1).exe 2013-09-16 15:12 - 2013-09-16 15:08 - 00282008 _____ (Mozilla) C:\Users\Mike\Desktop\Firefox Setup Stub 23.0.1.exe 2013-09-15 20:44 - 2013-09-15 20:44 - 00000000 ____D C:\Program Files\THQ 2013-09-15 16:38 - 2013-09-15 16:38 - 00000000 ____D C:\Program Files\ESET 2013-09-15 16:37 - 2013-09-15 16:36 - 02347384 _____ (ESET) C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe 2013-09-15 16:37 - 2013-09-15 16:36 - 00891144 _____ C:\Users\Mike\Desktop\SecurityCheck.exe 2013-09-14 21:10 - 2013-09-15 06:29 - 00000000 ____D C:\Users\Mike\Downloads\Saints.Row.The.Third-SKIDROW 2013-09-14 21:09 - 2013-09-14 21:09 - 00000829 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Users\Mike\AppData\Local\SearchProtect 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Program Files\SearchProtect 2013-09-14 18:43 - 2013-09-14 18:43 - 00000954 _____ C:\Users\Mike\Desktop\JRT.txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00003202 _____ C:\Users\Mike\Desktop\AdwCleaner[S0].txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 18:37 - 2013-09-14 18:38 - 00000000 ____D C:\AdwCleaner 2013-09-14 18:37 - 2013-09-14 18:22 - 01037278 _____ C:\Users\Mike\Desktop\adwcleaner.exe 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 18:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-14 18:25 - 2013-09-14 18:23 - 01029509 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2013-09-14 18:25 - 2013-09-14 18:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-14 18:25 - 2013-09-10 21:39 - 00111880 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\setup.exe 2013-09-13 18:39 - 2013-09-13 18:39 - 07645119 _____ C:\Users\Mike\Desktop\Idols and Anchors, mixed&mastered.rar 2013-09-13 03:01 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 03:01 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 03:01 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-13 03:01 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 03:01 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-13 03:01 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 03:01 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 22:41 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 22:41 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 22:41 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 22:41 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 22:41 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 22:41 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 22:41 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 22:41 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 22:41 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 17:38 - 2013-09-12 17:38 - 00020149 _____ C:\ComboFix.txt 2013-09-12 17:21 - 2013-09-12 17:38 - 00000000 ____D C:\ComboFix 2013-09-12 17:21 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-12 17:21 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-12 17:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-12 17:21 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-12 17:18 - 2013-09-12 17:38 - 00000000 ____D C:\Windows\erdnt 2013-09-12 17:18 - 2013-09-12 17:38 - 00000000 ____D C:\Qoobox 2013-09-12 17:18 - 2013-09-12 17:17 - 05124599 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe 2013-09-11 17:23 - 2013-09-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 17:02 - 2012-11-14 19:50 - 00004263 _____ C:\Users\Mike\Desktop\aaocg.nfo 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:30 - 2013-09-10 14:33 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:24 - 2013-09-10 16:57 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi RTAS AU HYBRID DISC1 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-08 12:22 - 2013-09-10 06:23 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 16:32 - 2013-09-06 17:10 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 16:30 - 2013-09-06 16:32 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-05 18:22 - 2013-09-07 12:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-08-27 19:22 - 2013-08-27 19:23 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-25 19:23 - 2013-08-25 20:47 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2_[R.G.Games] 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:33 - 2013-08-24 23:43 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 15:56 - 2013-08-24 23:07 - 4144721920 _____ C:\Users\Mike\Downloads\rld-saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 11:16 - 2013-08-24 11:18 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 10:16 - 2013-08-24 11:18 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-23 23:29 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-24 10:14 - 2013-08-23 23:29 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-24 10:07 - 2013-08-24 10:14 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-23 00:29 - 2013-08-22 15:16 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 2013-08-19 22:08 - 2013-09-06 16:27 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-17 07:44 - 2013-09-16 15:12 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-16 15:14 - 2013-09-16 15:14 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-09-16 15:14 - 2013-09-16 15:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-09-16 15:14 - 2013-09-16 15:14 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-09-16 15:14 - 2013-09-16 15:14 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-09-16 15:14 - 2013-09-16 15:14 - 00000000 ____D C:\ProgramData\Oracle 2013-09-16 15:14 - 2013-09-16 15:14 - 00000000 ____D C:\Program Files\Java 2013-09-16 15:14 - 2013-09-16 15:14 - 00000000 ____D C:\Program Files\Common Files\Java 2013-09-16 15:14 - 2012-10-06 12:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-09-16 15:14 - 2012-10-06 12:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-09-16 15:12 - 2013-09-16 15:12 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-16 15:12 - 2013-09-16 15:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-09-16 15:12 - 2013-08-17 07:44 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-09-16 15:11 - 2013-09-16 15:12 - 01084083 _____ (Farbar) C:\Users\Mike\Desktop\FRST(1).exe 2013-09-16 15:10 - 2013-09-16 15:12 - 00913832 _____ (Oracle Corporation) C:\Users\Mike\Desktop\jxpiinstall(1).exe 2013-09-16 15:08 - 2013-09-16 15:12 - 00282008 _____ (Mozilla) C:\Users\Mike\Desktop\Firefox Setup Stub 23.0.1.exe 2013-09-16 14:50 - 2013-04-30 13:54 - 00000000 ____D C:\Users\Mike\AppData\Local\PMB Files 2013-09-16 14:50 - 2013-04-30 13:54 - 00000000 ____D C:\ProgramData\PMB Files 2013-09-16 14:39 - 2013-07-29 18:42 - 00000000 ___RD C:\Users\Mike\Dropbox 2013-09-16 14:39 - 2013-07-29 18:34 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox 2013-09-16 14:39 - 2013-05-24 16:19 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-16 14:39 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Steam 2013-09-16 14:39 - 2012-10-06 12:02 - 00000000 ____D C:\Program Files\Origin 2013-09-16 14:39 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Deployment 2013-09-16 14:39 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-16 14:39 - 2009-07-14 06:39 - 00066205 _____ C:\Windows\setupact.log 2013-09-16 01:05 - 2012-10-05 00:06 - 01282081 _____ C:\Windows\WindowsUpdate.log 2013-09-16 01:05 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-16 01:05 - 2009-07-14 06:34 - 00017040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-16 00:32 - 2012-10-07 12:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-15 21:02 - 2013-04-23 16:19 - 00000000 ____D C:\Users\Mike\AppData\Local\SKIDROW 2013-09-15 21:00 - 2013-06-01 00:29 - 00000000 ____D C:\Users\Mike\Desktop\Cubase Projekte 2013-09-15 20:44 - 2013-09-15 20:44 - 00000000 ____D C:\Program Files\THQ 2013-09-15 16:38 - 2013-09-15 16:38 - 00000000 ____D C:\Program Files\ESET 2013-09-15 16:36 - 2013-09-15 16:37 - 02347384 _____ (ESET) C:\Users\Mike\Desktop\esetsmartinstaller_enu.exe 2013-09-15 16:36 - 2013-09-15 16:37 - 00891144 _____ C:\Users\Mike\Desktop\SecurityCheck.exe 2013-09-15 12:30 - 2010-11-20 23:48 - 00125236 _____ C:\Windows\PFRO.log 2013-09-15 08:20 - 2012-10-23 15:14 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent 2013-09-15 06:29 - 2013-09-14 21:10 - 00000000 ____D C:\Users\Mike\Downloads\Saints.Row.The.Third-SKIDROW 2013-09-14 21:09 - 2013-09-14 21:09 - 00000829 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Users\Mike\AppData\Local\SearchProtect 2013-09-14 21:09 - 2013-09-14 21:09 - 00000000 ____D C:\Program Files\SearchProtect 2013-09-14 21:08 - 2012-10-23 15:15 - 00000000 ____D C:\Program Files\uTorrent 2013-09-14 19:35 - 2012-10-06 16:22 - 00000000 ____D C:\Users\Mike\AppData\Roaming\TS3Client 2013-09-14 18:43 - 2013-09-14 18:43 - 00000954 _____ C:\Users\Mike\Desktop\JRT.txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00003202 _____ C:\Users\Mike\Desktop\AdwCleaner[S0].txt 2013-09-14 18:40 - 2013-09-14 18:40 - 00000000 ____D C:\Windows\ERUNT 2013-09-14 18:38 - 2013-09-14 18:37 - 00000000 ____D C:\AdwCleaner 2013-09-14 18:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Cursors 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-14 18:26 - 2013-09-14 18:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-14 18:23 - 2013-09-14 18:25 - 01029509 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe 2013-09-14 18:22 - 2013-09-14 18:37 - 01037278 _____ C:\Users\Mike\Desktop\adwcleaner.exe 2013-09-14 18:21 - 2013-09-14 18:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Desktop\mbam-setup-1.75.0.1300.exe 2013-09-13 18:39 - 2013-09-13 18:39 - 07645119 _____ C:\Users\Mike\Desktop\Idols and Anchors, mixed&mastered.rar 2013-09-13 03:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 03:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-09-13 03:19 - 2009-07-14 06:33 - 00269712 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 17:38 - 2013-09-12 17:38 - 00020149 _____ C:\ComboFix.txt 2013-09-12 17:38 - 2013-09-12 17:21 - 00000000 ____D C:\ComboFix 2013-09-12 17:38 - 2013-09-12 17:18 - 00000000 ____D C:\Windows\erdnt 2013-09-12 17:38 - 2013-09-12 17:18 - 00000000 ____D C:\Qoobox 2013-09-12 17:34 - 2012-10-06 10:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Apps\2.0 2013-09-12 17:34 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2013-09-12 17:20 - 2009-07-14 06:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-12 17:17 - 2013-09-12 17:18 - 05124599 ____R (Swearware) C:\Users\Mike\Desktop\ComboFix.exe 2013-09-11 17:32 - 2012-10-05 15:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-09-11 17:32 - 2012-10-05 15:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-11 17:23 - 2013-09-11 17:23 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment 2013-09-11 15:51 - 2013-09-11 15:51 - 00000000 ____D C:\FRST 2013-09-11 15:29 - 2012-10-05 17:16 - 00000000 ____D C:\Program Files\World of Warcraft 2013-09-11 15:14 - 2013-02-02 15:45 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-09-10 21:39 - 2013-09-14 18:25 - 00111880 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\setup.exe 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-09-10 17:02 - 2013-09-10 17:02 - 00000000 ____D C:\Program Files\Google 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\Users\Mike\Documents\Toontrack 2013-09-10 16:59 - 2013-09-10 16:59 - 00000000 ____D C:\ProgramData\Toontrack 2013-09-10 16:58 - 2013-07-21 20:02 - 00000000 ____D C:\Program Files\Toontrack 2013-09-10 16:58 - 2013-04-15 10:43 - 00000000 ____D C:\Program Files\VstPlugIns 2013-09-10 16:57 - 2013-09-10 14:24 - 00000000 ____D C:\Users\Mike\Downloads\ToonTrack Superior Drummer v2.2.3 VSTi RTAS AU HYBRID DISC1 2013-09-10 16:56 - 2013-09-10 16:56 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toontrack 2013-09-10 14:33 - 2013-09-10 14:30 - 38596652 _____ C:\Users\Mike\Desktop\parkway_drive_idols_and_anchors RAW.wav 2013-09-10 14:14 - 2013-09-10 14:14 - 96922344 _____ C:\Windows\system32\�⏋m 2013-09-10 06:23 - 2013-09-08 12:22 - 96866131 _____ C:\Windows\system32\⧐` 2013-09-09 19:23 - 2013-09-09 19:23 - 00082832 _____ C:\Users\Mike\Downloads\parkway_drive_idols_and_anchors.gp5 2013-09-07 14:39 - 2013-09-07 14:39 - 00055657 _____ C:\Users\Mike\Downloads\for_today_foundation.gpx 2013-09-07 12:22 - 2013-09-05 18:22 - 96511910 _____ C:\Windows\system32\�⫷i 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Images 2013-09-06 17:10 - 2013-09-06 16:32 - 00000000 ____D C:\Users\Mike\Audio 2013-09-06 17:10 - 2012-10-04 18:26 - 00000000 ____D C:\Users\Mike 2013-09-06 17:01 - 2013-09-06 17:01 - 00002760 _____ C:\Users\Mike\Downloads\Djetnzzz.l6t 2013-09-06 16:59 - 2013-09-06 16:59 - 00005640 _____ C:\Users\Mike\Downloads\Heavy Guitar Tone.l6t 2013-09-06 16:32 - 2013-09-06 16:30 - 27209772 _____ C:\Users\Mike\Desktop\Neu.wav 2013-09-06 16:27 - 2013-08-19 22:08 - 00042365 _____ C:\Users\Mike\Downloads\Neu.gp5 2013-08-29 19:10 - 2013-06-20 23:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\vlc 2013-08-27 19:23 - 2013-08-27 19:22 - 00076806 _____ C:\Users\Mike\Downloads\Neu(2).gp5 2013-08-26 21:32 - 2012-10-08 21:32 - 00017408 _____ C:\Users\Mike\AppData\Local\WebpageIcons.db 2013-08-26 20:10 - 2013-08-05 17:09 - 00060598 _____ C:\Users\Mike\Downloads\Icarus(4).gp5 2013-08-26 19:34 - 2013-08-26 19:34 - 00001165 _____ C:\Users\Public\Desktop\SR2_Resolution.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00001123 _____ C:\Users\Public\Desktop\Saints Row 2.lnk 2013-08-26 19:34 - 2013-08-26 19:34 - 00000000 ____D C:\Users\Mike\AppData\Local\THQ 2013-08-26 19:24 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files\R.G.Games 2013-08-26 18:16 - 2013-08-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Line 6 2013-08-26 18:02 - 2013-08-26 18:02 - 07663770 _____ C:\Users\Mike\Desktop\All For Reject - Not The Only One Single Preview.mp4 2013-08-26 17:35 - 2012-10-13 16:17 - 00000000 ____D C:\Users\Mike\AppData\Local\Windows Live 2013-08-25 20:47 - 2013-08-25 19:23 - 00000000 ____D C:\Users\Mike\Downloads\Saints_Row_2_[R.G.Games] 2013-08-24 23:43 - 2013-08-24 23:43 - 00000000 ____D C:\ProgramData\Steam 2013-08-24 23:43 - 2013-08-24 23:33 - 00000000 ____D C:\Program Files\Saints Row IV 2013-08-24 23:07 - 2013-08-24 15:56 - 4144721920 _____ C:\Users\Mike\Downloads\rld-saints4.iso 2013-08-24 15:48 - 2013-08-24 15:48 - 00000000 ____D C:\Users\Mike\Downloads\SR4 2013-08-24 15:36 - 2013-07-30 19:27 - 00000000 ____D C:\Users\Mike\Downloads\(demian007) Line 6 Pod Farm Platinum v 2.5 RTAS VST VST64 (2011) 2013-08-24 11:18 - 2013-08-24 11:16 - 07011696 _____ C:\Users\Mike\Desktop\Song preview1.wav 2013-08-24 11:18 - 2013-08-24 10:16 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Audacity 2013-08-24 10:16 - 2013-08-24 10:16 - 00000000 ____D C:\Program Files\Audacity 2013-08-24 10:16 - 2013-04-15 10:47 - 00000016 _____ C:\ProgramData\autobk.inc 2013-08-24 10:15 - 2013-08-24 10:15 - 21281052 _____ (Audacity Team ) C:\Users\Mike\Downloads\audacity-win-2.0.3.exe 2013-08-24 10:14 - 2013-08-24 10:07 - 22693350 _____ C:\Users\Mike\Downloads\Preview.zip 2013-08-24 00:11 - 2013-08-24 00:11 - 00044025 _____ C:\Users\Mike\Downloads\Neu(1).gp5 2013-08-23 23:29 - 2013-08-24 10:14 - 00010761 _____ C:\Users\Mike\Desktop\Song preview.aup 2013-08-23 23:29 - 2013-08-24 10:14 - 00000000 ____D C:\Users\Mike\Desktop\Song preview_data 2013-08-23 19:12 - 2013-08-23 19:12 - 00159832 _____ C:\Windows\Minidump\082313-21309-01.dmp 2013-08-23 19:12 - 2013-02-27 21:07 - 291651801 _____ C:\Windows\MEMORY.DMP 2013-08-23 19:12 - 2013-02-27 21:07 - 00000000 ____D C:\Windows\Minidump 2013-08-23 16:40 - 2012-10-06 11:11 - 00000000 ____D C:\Users\Mike\Documents\REAPER Media 2013-08-23 00:29 - 2013-08-23 00:29 - 05438235 _____ C:\Users\Mike\Downloads\MIKE HELP 1.zip 2013-08-22 15:16 - 2013-08-23 00:29 - 05645956 _____ C:\Users\Mike\Desktop\MIKE HELP 1.wav 2013-08-20 18:36 - 2013-02-02 16:57 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-08-20 15:51 - 2013-08-20 15:51 - 00012401 _____ C:\Users\Mike\Downloads\andy_james-time_and_time_again.gp5 Some content of TEMP: ==================== C:\Users\Mike\AppData\Local\Temp\catchme.dll C:\Users\Mike\AppData\Local\Temp\nsfC220.exe C:\Users\Mike\AppData\Local\Temp\nsk78CF.exe C:\Users\Mike\AppData\Local\Temp\nskC378.exe C:\Users\Mike\AppData\Local\Temp\nsu7A46.exe C:\Users\Mike\AppData\Local\Temp\Quarantine.exe C:\Users\Mike\AppData\Local\Temp\utt452E.tmp.exe C:\Users\Mike\AppData\Local\Temp\utt4B46.tmp.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-09-11 01:45 ==================== End Of Log ============================ |
16.09.2013, 19:35 | #14 |
/// the machine /// TB-Ausbilder | Lästiges Rootkit Sirefef Es wurden keine Daten behalten bei der Deinstallation? Download über IE klappt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.09.2013, 22:01 | #15 |
| Lästiges Rootkit Sirefef Nein. Kein Browser funktioniert. Alle Daten wurden von mir entfernt, sogar über Systemsteuerung. |
Themen zu Lästiges Rootkit Sirefef |
anderes, antivir, bereit, bereits, entferne, entfernen, erfahrung, freeware, große, guten, kleines, komplett, live, lästige, meinung, neu, optimal, plagegeist, platt, programm, recht, rootkit, schritt, schöne, schönen, support |