| |
| |||||||
Log-Analyse und Auswertung: bitte hilfe bluescrenn und gvo6 und mehr !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.10.2013, 17:06
| #16 |
 |  bitte hilfe bluescrenn und gvo6 und mehr ! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 06-10-2013 18:05:00
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
========================== Services (Whitelisted) =================
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:49 - 2013-10-06 17:48 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:17 - 2013-10-06 17:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:01 - 2013-10-05 21:48 - 00000000 ____D C:\Qoobox
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 12:39 - 2013-10-05 21:30 - 00000000 ____D C:\Windows\erdnt
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-06 17:52 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-05 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:36 - 2013-10-05 21:07 - 00000000 ____D C:\Windows\Minidump
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
==================== One Month Modified Files and Folders =======
2013-10-06 18:04 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:58 - 2008-01-21 03:35 - 01868289 _____ C:\Windows\WindowsUpdate.log
2013-10-06 17:56 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-06 17:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-06 17:54 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 17:54 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-06 17:54 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 17:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 17:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 17:53 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 17:52 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:52 - 2013-07-07 21:55 - 00001039 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 17:52 - 2010-11-01 17:17 - 00000937 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:48 - 2013-10-06 17:49 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:42 - 2013-07-03 21:34 - 00649840 _____ C:\Windows\PFRO.log
2013-10-06 17:39 - 2011-12-10 11:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:18 - 2013-10-06 17:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-06 16:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:48 - 2013-10-05 21:01 - 00000000 ____D C:\Qoobox
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-05 21:30 - 2013-10-05 12:39 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:22 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:21 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~3.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 30146560 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:07 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-05 21:07 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-04.dmp
2013-10-05 21:05 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-05 21:03 - 2010-11-01 17:17 - 00001356 _____ C:\Users\ejub\AppData\Local\d3d9caps.dat
2013-10-05 20:59 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-03.dmp
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 14:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-02.dmp
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 14:46 - 2013-07-12 01:21 - 00000000 ____D C:\Users\ejub\.gimp-2.8
2013-10-05 14:42 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 12:41 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100513-01.dmp
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:22 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\DUMP4ca8.tmp
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-29 22:30 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe
Some content of TEMP:
====================
C:\Users\ejub\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-06 18:00
==================== End Of Log ============================
|
|
06.10.2013, 17:07
| #17 |
| /// the machine /// TB-Ausbilder    | bitte hilfe bluescrenn und gvo6 und mehr ! hab schon neues gepostet
__________________
__________________ |
|
06.10.2013, 20:55
| #18 | |
| | bitte hilfe bluescrenn und gvo6 und mehr !Zitat:
 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8951bca3d3c785469f5004746e08e0a6
# engine=15377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 07:44:09
# local_time=2013-10-06 09:44:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 209148 218621377 0 0
# scanned=408747
# found=9
# cleaned=0
# scan_time=12717
sh=F180DEFA96A16DA39C7989A35BF5631B59C3DBBB ft=1 fh=bf6c06fa3ebb6603 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo Layers Runtime\YontooIEClient.dll.vir"
sh=8CE70DB13017AC7112DA5DD0A4B853D9C617358B ft=1 fh=b6e6b3580a4ee9d9 vn="a variant of MSIL/Spy.Agent.JG trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\832f5e4c.exe.vir"
sh=95DD45C0966FA25A8A75E2F390AEE3B10A19CF1E ft=1 fh=ce3815a1d01ac32a vn="a variant of MSIL/Injector.BVP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\bs_stealth.exe.vir"
sh=8CE70DB13017AC7112DA5DD0A4B853D9C617358B ft=1 fh=b6e6b3580a4ee9d9 vn="a variant of MSIL/Spy.Agent.JG trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\832f5e4c\832f5e4c.exe.vir"
sh=5E48D5242891A2D5F7239E0DB68030965979D48F ft=1 fh=133bc6aa5161ec53 vn="a variant of MSIL/Kryptik.NU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\Microsoft\taskmsg.exe.vir"
sh=22F2232BAD12325DE295BC0D973B45316CD2C784 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\ejub\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\34e9bf95-5f02af15"
sh=E326A7A2700069105AC6653865FD4A1C0F1FB705 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Obfus.A trojan" ac=I fn="C:\Users\ejub\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\666743f8-24a429ed"
sh=6A4F558B7157DE07CAC08311D842C26754AC38BD ft=1 fh=639c288a0bd481d5 vn="multiple threats" ac=I fn="C:\Users\ejub\Downloads\PageRage-SilentInstaller.exe"
sh=8F9C4F28547D973B381456E23A3C5684809EEBF8 ft=0 fh=0000000000000000 vn="Win32/Adware.OneStep.CF application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3EOE3I1\upgrade[1].cab"
was heißt das? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 06-10-2013 21:54:12
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
========================== Services (Whitelisted) =================
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:49 - 2013-10-06 17:48 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:17 - 2013-10-06 17:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:01 - 2013-10-05 21:48 - 00000000 ____D C:\Qoobox
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 12:39 - 2013-10-05 21:30 - 00000000 ____D C:\Windows\erdnt
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-06 17:52 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-05 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:36 - 2013-10-05 21:07 - 00000000 ____D C:\Windows\Minidump
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
==================== One Month Modified Files and Folders =======
2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 20:55 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-10-06 19:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 19:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 18:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:04 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:58 - 2008-01-21 03:35 - 01868385 _____ C:\Windows\WindowsUpdate.log
2013-10-06 17:56 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-06 17:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-06 17:54 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 17:54 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-06 17:54 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 17:53 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 17:52 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:52 - 2013-07-07 21:55 - 00001039 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 17:52 - 2010-11-01 17:17 - 00000937 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:48 - 2013-10-06 17:49 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:42 - 2013-07-03 21:34 - 00649840 _____ C:\Windows\PFRO.log
2013-10-06 17:39 - 2011-12-10 11:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:18 - 2013-10-06 17:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:48 - 2013-10-05 21:01 - 00000000 ____D C:\Qoobox
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-05 21:30 - 2013-10-05 12:39 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:22 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:21 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~3.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 30146560 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:07 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-05 21:07 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-04.dmp
2013-10-05 21:05 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-05 21:03 - 2010-11-01 17:17 - 00001356 _____ C:\Users\ejub\AppData\Local\d3d9caps.dat
2013-10-05 20:59 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-03.dmp
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 14:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-02.dmp
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 14:46 - 2013-07-12 01:21 - 00000000 ____D C:\Users\ejub\.gimp-2.8
2013-10-05 14:42 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 12:41 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100513-01.dmp
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:22 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\DUMP4ca8.tmp
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe
Some content of TEMP:
====================
C:\Users\ejub\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-06 18:00
==================== End Of Log ============================
--- --- --- |
|
07.10.2013, 09:43
| #19 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw
C:\Windows\system32\Windupdt
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2013, 20:30
| #20 |
| | bitte hilfe bluescrenn und gvo6 und mehr !Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by ejub at 2013-10-07 12:54:56 Run:1
Running from C:\Users\ejub\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw
C:\Windows\system32\Windupdt
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
*****************
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Run\\{92DF5512-F4E9-2934-45D4-5057384EB3F5} => Value deleted successfully.
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Run\\winupdater => Value deleted successfully.
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
"C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw" => File/Directory not found.
"C:\Windows\system32\Windupdt" => File/Directory not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
XDva397 => Service deleted successfully.
XDva398 => Service deleted successfully.
XDva399 => Service deleted successfully.
XDva400 => Service deleted successfully.
XDva401 => Service deleted successfully.
XDva403 => Service deleted successfully.
XDva404 => Service deleted successfully.
XDva405 => Service deleted successfully.
xhunter1 => Service deleted successfully.
==== End of Fixlog ====
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 07-10-2013 13:11:19
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx
========================== Services (Whitelisted) =================
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
R3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30816 2008-11-26] (Intel Corporation )
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-07 12:58 - 2013-10-07 12:58 - 00448512 _____ (OldTimer Tools) C:\Users\ejub\Desktop\TFC.exe
2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:49 - 2013-10-06 17:48 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:17 - 2013-10-06 17:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:01 - 2013-10-05 21:48 - 00000000 ____D C:\Qoobox
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 12:39 - 2013-10-05 21:30 - 00000000 ____D C:\Windows\erdnt
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-06 17:52 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-05 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:36 - 2013-10-05 21:07 - 00000000 ____D C:\Windows\Minidump
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
==================== One Month Modified Files and Folders =======
2013-10-07 13:10 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-07 13:09 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-07 13:08 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 13:08 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-07 13:08 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 13:08 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 13:08 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 13:07 - 2008-01-21 03:35 - 01889959 _____ C:\Windows\WindowsUpdate.log
2013-10-07 13:07 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-07 13:06 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 12:58 - 2013-10-07 12:58 - 00448512 _____ (OldTimer Tools) C:\Users\ejub\Desktop\TFC.exe
2013-10-07 12:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 12:28 - 2013-07-03 21:34 - 00650638 _____ C:\Windows\PFRO.log
2013-10-07 00:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 20:55 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:52 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:52 - 2013-07-07 21:55 - 00001039 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 17:52 - 2010-11-01 17:17 - 00000937 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:48 - 2013-10-06 17:49 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:39 - 2011-12-10 11:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:18 - 2013-10-06 17:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:48 - 2013-10-05 21:01 - 00000000 ____D C:\Qoobox
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-05 21:30 - 2013-10-05 12:39 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:22 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:21 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~3.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 30146560 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:07 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-05 21:07 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-04.dmp
2013-10-05 21:05 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-05 21:03 - 2010-11-01 17:17 - 00001356 _____ C:\Users\ejub\AppData\Local\d3d9caps.dat
2013-10-05 20:59 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-03.dmp
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 14:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-02.dmp
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 14:46 - 2013-07-12 01:21 - 00000000 ____D C:\Users\ejub\.gimp-2.8
2013-10-05 14:42 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 12:41 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100513-01.dmp
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-07 12:39
==================== End Of Log ============================
--- --- --- --- --- --- ist jetzt alles wieder sauber ? |
|
08.10.2013, 08:51
| #21 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! Fertig Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> bitte hilfe bluescrenn und gvo6 und mehr ! |
|
08.10.2013, 11:28
| #22 |
| | bitte hilfe bluescrenn und gvo6 und mehr ! vielen dank für die ganze hilfe schrauber sehr geiles forum hier |
|
09.10.2013, 07:44
| #23 |
| /// the machine /// TB-Ausbilder | bitte hilfe bluescrenn und gvo6 und mehr ! Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu bitte hilfe bluescrenn und gvo6 und mehr ! |
| adwcleaner, brauch, geht nicht, herunterfahren, heulen, hilfe, löschen, nicht löschen, toolbars, versuch, versucht |
Linear-Darstellung
