Trojaner-Board - Windows 7 (64bit) - hyperaktive timeserver.exe - Malwarebytes kann Befall nicht dauerhaft entfernen

Hallo Werte Damen und Herren,

Dass ich hier vorbei schaun muss ist mir etwas peinlich, fast schon peinlichst, da ich seit vielen, vielen Jahren keinen Virenbefall mehr hatte. Tja, da habe ich mich wohl getäuscht. Meine Sucht für Civilization V und mein nicht aufgeben wollen eines Spielstandes haben mich zu einem sog. "Trainer" geführt. Da selbst die (im Nachhinein) sauberen Trainer von meinem McAffee-Zugriffsscanner sogleich vernichtet wurden, habe ich ihn wider besseren Wissens abgeschaltet und die vermeintliche trainer.exe angeclickt...Nur leider war es wirklich Schadsoftware. Nun steinigt mich. :twak:

Aufgefallen ist das Problem durch die hyperaktive TimeServer.exe, die auf ein mal enorm viel Speicherplatz verbraucht. Mit Malwarebytes habe ich daher einen Komplettscan durchgeführt und die Bedrohung entfernt, so dachte ich. Das hält bis zum nächsten reboot und dann ist es wieder der selbe Salat, die TimeServer.exe wieder im taskmanager mit verbrauchtem 40-42mb Zwischenspeicher.

Hier nun erst mal die Logfiles meiner ursprünglichen Bekämpfung des Problems:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.05.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

mkwzbg :: MKWZBG-PC [Administrator]
 

05.08.2013 15:30:25

mbam-log-2013-08-05 (15-30-25).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 260673

Laufzeit: 4 Minute(n), 2 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=DC6F00040ECDB007&affID=123976&tt=040813_10&tsp=4965) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
 

Infizierte Verzeichnisse: 1

C:\Users\mkwzbg\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
 

Infizierte Dateien: 11

C:\Users\mkwzbg\AppData\Local\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\ccp.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\MyDeltaTB.exe (PUP.Delta.A) -> Keine Aktion durchgeführt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\Setup.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt.

C:\Users\mkwzbg\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

C:\Users\mkwzbg\Desktop\civilization5DX11_17trainer_custom.zip (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\LyricsPal_1060-8101_v122.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\pricepeep_130001_0101.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\$Recycle.Bin\S-1-5-21-905224183-1817278694-1461159428-1000\$R4A8VXE.zip (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\$Recycle.Bin\S-1-5-21-905224183-1817278694-1461159428-1000\$RCWKEKF.zip (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.05.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

mkwzbg :: MKWZBG-PC [Administrator]
 

05.08.2013 15:50:29

mbam-log-2013-08-05 (15-50-29).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 259938

Laufzeit: 3 Minute(n), 20 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=DC6F00040ECDB007&affID=123976&tt=040813_10&tsp=4965) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 1

C:\Users\mkwzbg\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 5

C:\Users\mkwzbg\AppData\Local\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\ccp.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\MyDeltaTB.exe (PUP.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.05.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

mkwzbg :: MKWZBG-PC [Administrator]
 

10.08.2013 00:09:29

mbam-log-2013-08-10 (00-09-29).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 492796

Laufzeit: 1 Stunde(n), 16 Minute(n), 32 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Temporary\ieutil.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE3IY85V\pack[1].7z (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8d689b190207dc8cc11c65a624c9879\CheatEngine62.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Anmerkung: Kein Neustart daher wohl kein Wiederkehren des Befalls beim nächsten Scan:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.05.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

mkwzbg :: MKWZBG-PC [Administrator]
 

10.08.2013 01:41:41

mbam-log-2013-08-10 (01-41-41).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 492840

Laufzeit: 1 Stunde(n), 8 Minute(n), 
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.14.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

mkwzbg :: MKWZBG-PC [Administrator]
 

14.08.2013 15:53:55

mbam-log-2013-08-14 (15-53-55).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 494189

Laufzeit: 1 Stunde(n), 21 Minute(n), 17 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\80CB50D9-BAB0-7891-A46C-E5BA8F276E43\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\mkwzbg\AppData\Local\Temp\poclbm120222.cl (Trojan.BitcoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Nun zu eurer Anleitung:

FRST:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01

Ran by mkwzbg (administrator) on 15-08-2013 03:39:38

Running from C:\Users\mkwzbg\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft) C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe

() C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Opera Software) C:\Program Files (x86)\Opera\opera.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

() C:\Users\mkwzbg\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DC6F00040ECDB007&affID=123976&tt=040813_10&tsp=4965

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={026C9A61-7CEB-4686-A0F8-2F3C1529C901}&mid=5b92e099f47b4cb793dd6b59a17ab577-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=dw011&pr=sa&d=2012-07-05 21:42:30&v=11.1.0.12&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111231154048.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111231154048.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default

FF user.js: detected! => C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\user.js

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\searchplugins\babylon.xml
 

==================== Services (Whitelisted) =================
 

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-07-24] (BioWare)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2011-12-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2011-12-31] (McAfee, Inc.)

R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-08-05] (Microsoft)
 

==================== Drivers (Whitelisted) ====================
 

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2011-12-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2011-12-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2011-12-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2011-12-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2011-12-31] (McAfee, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

U3 mfeavfk01; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-15 03:38 - 2013-08-15 03:38 - 01575570 _____ (Farbar) C:\Users\mkwzbg\Desktop\FRST64.exe

2013-08-15 03:34 - 2013-08-15 03:34 - 00000000 _____ C:\Users\mkwzbg\defogger_reenable

2013-08-15 03:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 03:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 03:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 03:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 03:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 03:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 03:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 03:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 03:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 03:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 03:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 03:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 21:06 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 21:06 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 21:06 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 21:06 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 21:06 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 21:06 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 21:06 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 21:06 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 21:06 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 21:06 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 21:06 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 21:06 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 21:06 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 21:06 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 21:06 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 21:06 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 21:06 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 21:06 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-14 19:16 - 2013-08-14 19:16 - 00015858 _____ C:\ComboFix.txt

2013-08-14 19:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-14 19:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-14 19:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-14 19:06 - 2013-08-14 19:16 - 00000000 ____D C:\Qoobox

2013-08-14 19:06 - 2013-08-14 19:15 - 00000000 ____D C:\Windows\erdnt

2013-08-09 00:58 - 2013-08-09 00:58 - 00000000 ____D C:\ProgramData\Stardock

2013-08-05 15:29 - 2013-08-05 15:42 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\tor

2013-08-05 15:29 - 2013-08-05 15:30 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 14:21 - 2013-08-05 14:36 - 00000047 _____ C:\Users\mkwzbg\Documents\mt-x_hook.txt

2013-08-05 14:21 - 2013-08-05 14:36 - 00000007 _____ C:\Users\mkwzbg\Documents\mt-e_hook.txt

2013-08-05 12:27 - 2013-08-15 03:22 - 00009732 _____ C:\Windows\PFRO.log

2013-08-05 02:18 - 2013-08-05 02:18 - 00000000 ____D C:\ProgramData\Babylon

2013-08-04 18:49 - 2013-08-04 18:49 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-04 18:49 - 2013-08-04 18:49 - 00000000 ____D C:\Users\Gast\AppData\Roaming\NVIDIA

2013-08-03 14:35 - 2013-08-03 14:35 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\My Games

2013-08-03 14:10 - 2013-08-05 17:13 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2013-07-29 12:24 - 2013-08-15 03:25 - 00003022 _____ C:\Windows\System32\Tasks\EVGAPrecision

2013-07-25 17:50 - 2013-07-25 17:50 - 00000205 _____ C:\Users\mkwzbg\Desktop\Batman Arkham City GOTY.url

2013-07-25 16:47 - 2013-07-25 16:47 - 00000222 _____ C:\Users\mkwzbg\Desktop\Alan Wake.url

2013-07-25 15:48 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT

2013-07-22 13:29 - 2013-07-22 13:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\201280

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\Documents\WB Games

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\Downloaded Installations

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Program Files (x86)\AMD

2013-07-22 01:07 - 2013-08-09 00:57 - 00055533 _____ C:\Windows\DirectX.log
 

==================== One Month Modified Files and Folders =======
 

2013-08-15 03:38 - 2013-08-15 03:38 - 01575570 _____ (Farbar) C:\Users\mkwzbg\Desktop\FRST64.exe

2013-08-15 03:34 - 2013-08-15 03:34 - 00000000 _____ C:\Users\mkwzbg\defogger_reenable

2013-08-15 03:34 - 2011-12-31 17:28 - 00000000 ____D C:\Program Files (x86)\Opera

2013-08-15 03:34 - 2011-12-31 10:36 - 00000000 ____D C:\Users\mkwzbg

2013-08-15 03:31 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-15 03:31 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-15 03:25 - 2013-07-29 12:24 - 00003022 _____ C:\Windows\System32\Tasks\EVGAPrecision

2013-08-15 03:25 - 2012-07-20 16:59 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-15 03:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-15 03:22 - 2013-08-05 12:27 - 00009732 _____ C:\Windows\PFRO.log

2013-08-15 03:22 - 2013-06-08 11:19 - 00008680 _____ C:\Windows\setupact.log

2013-08-15 03:22 - 2011-12-31 16:18 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-15 03:21 - 2011-12-31 10:29 - 01196488 _____ C:\Windows\WindowsUpdate.log

2013-08-15 03:03 - 2011-04-12 09:43 - 00696848 _____ C:\Windows\system32\perfh007.dat

2013-08-15 03:03 - 2011-04-12 09:43 - 00148144 _____ C:\Windows\system32\perfc007.dat

2013-08-15 03:03 - 2009-07-14 07:13 - 01634468 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-15 03:02 - 2013-07-25 15:48 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 03:00 - 2011-12-31 18:47 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-14 19:16 - 2013-08-14 19:16 - 00015858 _____ C:\ComboFix.txt

2013-08-14 19:16 - 2013-08-14 19:06 - 00000000 ____D C:\Qoobox

2013-08-14 19:16 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2013-08-14 19:15 - 2013-08-14 19:06 - 00000000 ____D C:\Windows\erdnt

2013-08-14 19:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-11 04:05 - 2011-12-31 17:30 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\vlc

2013-08-11 03:24 - 2012-01-30 01:40 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\QuickPar

2013-08-11 02:55 - 2012-03-27 19:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\GrabIt

2013-08-10 00:55 - 2013-03-06 21:28 - 00000000 ____D C:\Temporary

2013-08-10 00:55 - 2012-06-05 14:57 - 00000000 ____D C:\QUARANTINE

2013-08-09 02:51 - 2012-02-18 01:38 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Media Player Classic

2013-08-09 00:58 - 2013-08-09 00:58 - 00000000 ____D C:\ProgramData\Stardock

2013-08-09 00:58 - 2012-02-01 10:50 - 00000000 ____D C:\Users\mkwzbg\Documents\My Games

2013-08-09 00:57 - 2013-07-22 01:07 - 00055533 _____ C:\Windows\DirectX.log

2013-08-05 17:13 - 2013-08-03 14:10 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2013-08-05 15:42 - 2013-08-05 15:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\tor

2013-08-05 15:30 - 2013-08-05 15:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 14:36 - 2013-08-05 14:21 - 00000047 _____ C:\Users\mkwzbg\Documents\mt-x_hook.txt

2013-08-05 14:36 - 2013-08-05 14:21 - 00000007 _____ C:\Users\mkwzbg\Documents\mt-e_hook.txt

2013-08-05 02:18 - 2013-08-05 02:18 - 00000000 ____D C:\ProgramData\Babylon

2013-08-04 18:49 - 2013-08-04 18:49 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-04 18:49 - 2013-08-04 18:49 - 00000000 ____D C:\Users\Gast\AppData\Roaming\NVIDIA

2013-08-03 14:35 - 2013-08-03 14:35 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\My Games

2013-08-03 03:25 - 2012-07-05 21:50 - 00000000 ____D C:\Users\mkwzbg\.FBReader

2013-07-26 07:13 - 2013-08-15 03:05 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-15 03:05 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-15 03:05 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-15 03:05 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-15 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-15 03:05 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-15 03:05 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-15 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-15 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-15 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-15 03:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-15 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 17:50 - 2013-07-25 17:50 - 00000205 _____ C:\Users\mkwzbg\Desktop\Batman Arkham City GOTY.url

2013-07-25 16:47 - 2013-07-25 16:47 - 00000222 _____ C:\Users\mkwzbg\Desktop\Alan Wake.url

2013-07-25 11:25 - 2013-08-14 21:06 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-14 21:06 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-24 16:35 - 2012-05-21 22:04 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\dvdcss

2013-07-24 15:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-07-22 13:29 - 2013-07-22 13:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\201280

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\Documents\WB Games

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\Downloaded Installations

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Program Files (x86)\AMD

2013-07-22 01:05 - 2012-11-08 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2013-07-22 01:05 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-19 03:58 - 2013-08-14 21:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-07-19 03:41 - 2013-08-14 21:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-07-18 12:39 - 2013-07-12 12:39 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-07-18 12:39 - 2013-07-12 12:39 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
 

Files to move or delete:

====================

C:\Users\Gast\install_reader10_de_chra_aih.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-12 19:37
 

==================== End Of Log ============================

Additions:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01

Ran by mkwzbg (administrator) on 15-08-2013 03:39:38

Running from C:\Users\mkwzbg\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft) C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe

() C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Opera Software) C:\Program Files (x86)\Opera\opera.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

() C:\Users\mkwzbg\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DC6F00040ECDB007&affID=123976&tt=040813_10&tsp=4965

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={026C9A61-7CEB-4686-A0F8-2F3C1529C901}&mid=5b92e099f47b4cb793dd6b59a17ab577-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=dw011&pr=sa&d=2012-07-05 21:42:30&v=11.1.0.12&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111231154048.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111231154048.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default

FF user.js: detected! => C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\user.js

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF SearchPlugin: C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\searchplugins\babylon.xml
 

==================== Services (Whitelisted) =================
 

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-07-24] (BioWare)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2011-12-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2011-12-31] (McAfee, Inc.)

R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-08-05] (Microsoft)
 

==================== Drivers (Whitelisted) ====================
 

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2011-12-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2011-12-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2011-12-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2011-12-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2011-12-31] (McAfee, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

U3 mfeavfk01; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-15 03:38 - 2013-08-15 03:38 - 01575570 _____ (Farbar) C:\Users\mkwzbg\Desktop\FRST64.exe

2013-08-15 03:34 - 2013-08-15 03:34 - 00000000 _____ C:\Users\mkwzbg\defogger_reenable

2013-08-15 03:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 03:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 03:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 03:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 03:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 03:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 03:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 03:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 03:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 03:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 03:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 03:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 21:06 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 21:06 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 21:06 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 21:06 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 21:06 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 21:06 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 21:06 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 21:06 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 21:06 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 21:06 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 21:06 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 21:06 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 21:06 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 21:06 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 21:06 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 21:06 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 21:06 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 21:06 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-14 19:16 - 2013-08-14 19:16 - 00015858 _____ C:\ComboFix.txt

2013-08-14 19:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-14 19:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-14 19:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-14 19:06 - 2013-08-14 19:16 - 00000000 ____D C:\Qoobox

2013-08-14 19:06 - 2013-08-14 19:15 - 00000000 ____D C:\Windows\erdnt

2013-08-09 00:58 - 2013-08-09 00:58 - 00000000 ____D C:\ProgramData\Stardock

2013-08-05 15:29 - 2013-08-05 15:42 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\tor

2013-08-05 15:29 - 2013-08-05 15:30 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 14:21 - 2013-08-05 14:36 - 00000047 _____ C:\Users\mkwzbg\Documents\mt-x_hook.txt

2013-08-05 14:21 - 2013-08-05 14:36 - 00000007 _____ C:\Users\mkwzbg\Documents\mt-e_hook.txt

2013-08-05 12:27 - 2013-08-15 03:22 - 00009732 _____ C:\Windows\PFRO.log

2013-08-05 02:18 - 2013-08-05 02:18 - 00000000 ____D C:\ProgramData\Babylon

2013-08-04 18:49 - 2013-08-04 18:49 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-04 18:49 - 2013-08-04 18:49 - 00000000 ____D C:\Users\Gast\AppData\Roaming\NVIDIA

2013-08-03 14:35 - 2013-08-03 14:35 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\My Games

2013-08-03 14:10 - 2013-08-05 17:13 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2013-07-29 12:24 - 2013-08-15 03:25 - 00003022 _____ C:\Windows\System32\Tasks\EVGAPrecision

2013-07-25 17:50 - 2013-07-25 17:50 - 00000205 _____ C:\Users\mkwzbg\Desktop\Batman Arkham City GOTY.url

2013-07-25 16:47 - 2013-07-25 16:47 - 00000222 _____ C:\Users\mkwzbg\Desktop\Alan Wake.url

2013-07-25 15:48 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT

2013-07-22 13:29 - 2013-07-22 13:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\201280

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\Documents\WB Games

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\Downloaded Installations

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Program Files (x86)\AMD

2013-07-22 01:07 - 2013-08-09 00:57 - 00055533 _____ C:\Windows\DirectX.log
 

==================== One Month Modified Files and Folders =======
 

2013-08-15 03:38 - 2013-08-15 03:38 - 01575570 _____ (Farbar) C:\Users\mkwzbg\Desktop\FRST64.exe

2013-08-15 03:34 - 2013-08-15 03:34 - 00000000 _____ C:\Users\mkwzbg\defogger_reenable

2013-08-15 03:34 - 2011-12-31 17:28 - 00000000 ____D C:\Program Files (x86)\Opera

2013-08-15 03:34 - 2011-12-31 10:36 - 00000000 ____D C:\Users\mkwzbg

2013-08-15 03:31 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-15 03:31 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-15 03:25 - 2013-07-29 12:24 - 00003022 _____ C:\Windows\System32\Tasks\EVGAPrecision

2013-08-15 03:25 - 2012-07-20 16:59 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-15 03:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-15 03:22 - 2013-08-05 12:27 - 00009732 _____ C:\Windows\PFRO.log

2013-08-15 03:22 - 2013-06-08 11:19 - 00008680 _____ C:\Windows\setupact.log

2013-08-15 03:22 - 2011-12-31 16:18 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-15 03:21 - 2011-12-31 10:29 - 01196488 _____ C:\Windows\WindowsUpdate.log

2013-08-15 03:03 - 2011-04-12 09:43 - 00696848 _____ C:\Windows\system32\perfh007.dat

2013-08-15 03:03 - 2011-04-12 09:43 - 00148144 _____ C:\Windows\system32\perfc007.dat

2013-08-15 03:03 - 2009-07-14 07:13 - 01634468 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-15 03:02 - 2013-07-25 15:48 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 03:00 - 2011-12-31 18:47 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-14 19:16 - 2013-08-14 19:16 - 00015858 _____ C:\ComboFix.txt

2013-08-14 19:16 - 2013-08-14 19:06 - 00000000 ____D C:\Qoobox

2013-08-14 19:16 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2013-08-14 19:15 - 2013-08-14 19:06 - 00000000 ____D C:\Windows\erdnt

2013-08-14 19:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-11 04:05 - 2011-12-31 17:30 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\vlc

2013-08-11 03:24 - 2012-01-30 01:40 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\QuickPar

2013-08-11 02:55 - 2012-03-27 19:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\GrabIt

2013-08-10 00:55 - 2013-03-06 21:28 - 00000000 ____D C:\Temporary

2013-08-10 00:55 - 2012-06-05 14:57 - 00000000 ____D C:\QUARANTINE

2013-08-09 02:51 - 2012-02-18 01:38 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Media Player Classic

2013-08-09 00:58 - 2013-08-09 00:58 - 00000000 ____D C:\ProgramData\Stardock

2013-08-09 00:58 - 2012-02-01 10:50 - 00000000 ____D C:\Users\mkwzbg\Documents\My Games

2013-08-09 00:57 - 2013-07-22 01:07 - 00055533 _____ C:\Windows\DirectX.log

2013-08-05 17:13 - 2013-08-03 14:10 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2013-08-05 15:42 - 2013-08-05 15:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\tor

2013-08-05 15:30 - 2013-08-05 15:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 14:36 - 2013-08-05 14:21 - 00000047 _____ C:\Users\mkwzbg\Documents\mt-x_hook.txt

2013-08-05 14:36 - 2013-08-05 14:21 - 00000007 _____ C:\Users\mkwzbg\Documents\mt-e_hook.txt

2013-08-05 02:18 - 2013-08-05 02:18 - 00000000 ____D C:\ProgramData\Babylon

2013-08-04 18:49 - 2013-08-04 18:49 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-04 18:49 - 2013-08-04 18:49 - 00000000 ____D C:\Users\Gast\AppData\Roaming\NVIDIA

2013-08-03 14:35 - 2013-08-03 14:35 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\My Games

2013-08-03 03:25 - 2012-07-05 21:50 - 00000000 ____D C:\Users\mkwzbg\.FBReader

2013-07-26 07:13 - 2013-08-15 03:05 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-15 03:05 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-15 03:05 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-15 03:05 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-15 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-15 03:05 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-15 03:05 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-15 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-15 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-15 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-15 03:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-15 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 17:50 - 2013-07-25 17:50 - 00000205 _____ C:\Users\mkwzbg\Desktop\Batman Arkham City GOTY.url

2013-07-25 16:47 - 2013-07-25 16:47 - 00000222 _____ C:\Users\mkwzbg\Desktop\Alan Wake.url

2013-07-25 11:25 - 2013-08-14 21:06 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-14 21:06 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-24 16:35 - 2012-05-21 22:04 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\dvdcss

2013-07-24 15:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-07-22 13:29 - 2013-07-22 13:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\201280

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\Documents\WB Games

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\Downloaded Installations

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Program Files (x86)\AMD

2013-07-22 01:05 - 2012-11-08 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2013-07-22 01:05 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-19 03:58 - 2013-08-14 21:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-07-19 03:41 - 2013-08-14 21:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-07-18 12:39 - 2013-07-12 12:39 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-07-18 12:39 - 2013-07-12 12:39 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
 

Files to move or delete:

====================

C:\Users\Gast\install_reader10_de_chra_aih.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-12 19:37
 

==================== End Of Log ============================

GMER.txt

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-08-15 03:46:48

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\mkwzbg\AppData\Local\Temp\kwdiypow.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text   C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1572] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                            0000000076721465 2 bytes [72, 76]

.text   C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe[1572] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                           00000000767214bb 2 bytes [72, 76]

.text   ...                                                                                                                                                                                          * 2

.text   C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                             0000000076721465 2 bytes [72, 76]

.text   C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe[1752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                            00000000767214bb 2 bytes [72, 76]

.text   ...                                                                                                                                                                                          * 2

.text   C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000076721465 2 bytes [72, 76]

.text   C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000767214bb 2 bytes [72, 76]

.text   ...                                                                                                                                                                                          * 2

.text   C:\Program Files (x86)\Steam\Steam.exe[3804] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                                   000000007542549c 5 bytes JMP 00000001000f0800

.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                               000000007542549c 5 bytes JMP 0000000100090800

.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000076721465 2 bytes [72, 76]

.text   C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000767214bb 2 bytes [72, 76]

.text   ...                                                                                                                                                                                          * 2

.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000076721465 2 bytes [72, 76]

.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000767214bb 2 bytes [72, 76]

.text   ...                                                                                                                                                                                          * 2

.text   C:\Users\mkwzbg\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000076721465 2 bytes [72, 76]

.text   C:\Users\mkwzbg\AppData\Local\Opera\Opera\temporary_downloads\Defogger.exe[2568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    00000000767214bb 2 bytes [72, 76]

.text   ...                                                                                                                                                                                          * 2
 

---- User IAT/EAT - GMER 2.1 ----
 

IAT     C:\Windows\system32\mfevtps.exe[1668] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA]                                                                                           [13f12c980] C:\Windows\system32\mfevtps.exe

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef90b741c] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef90b5f10] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef90b5674] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef90b5e2c] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef90b7f48] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef90b6a38] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef90b6ee8] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef90b7b58] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef90b7ea0] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef90b78b0] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef90b4fb4] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef90b5d38] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

IAT     c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1116] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef90b7584] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2532:1240]                                                                                                                       0000000076707587

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2532:2948]                                                                                                                       00000000721e0cb3

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2532:556]                                                                                                                        00000000779b2e65

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2532:3180]                                                                                                                       00000000779b3e85

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2532:4804]                                                                                                                       00000000779b3e85

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2532:3772]                                                                                                                       00000000779b3e85
 

---- EOF - GMER 2.1 ----

Vielen Dank für eure Bemühungen und einen frohen Feiertag an diejenigen in den katholischen Gebieten Deutschlands. :daumenhoc

lg

Matthias

Also Schritt für Schritt

Combofix2

Code:

ComboFix 13-08-14.02 - mkwzbg 14.08.2013  19:10:02.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8175.6699 [GMT 2:00]

ausgeführt von:: c:\users\mkwzbg\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\mkwzbg\AppData\Roaming\Tagudu

c:\users\mkwzbg\AppData\Roaming\Tagudu\boyk.tmp

c:\windows\SysWow64\frapsvid.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-07-14 bis 2013-08-14  ))))))))))))))))))))))))))))))

.

.

2013-08-14 17:15 . 2013-08-14 17:15        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-08-14 17:15 . 2013-08-14 17:15        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2013-08-14 17:15 . 2013-08-14 17:15        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-08-08 22:58 . 2013-08-08 22:58        --------        d-----w-        c:\programdata\Stardock

2013-08-05 13:29 . 2013-08-05 13:42        --------        d-----w-        c:\users\mkwzbg\AppData\Roaming\tor

2013-08-05 13:29 . 2013-08-05 13:30        --------        d-----w-        c:\users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 00:20 . 2013-08-05 00:20        --------        d-----w-        c:\program files (x86)\Cheat Engine 6.1

2013-08-05 00:18 . 2013-08-05 00:18        --------        d-----w-        c:\programdata\Babylon

2013-08-04 16:49 . 2013-08-04 16:49        --------        d-----w-        c:\users\Gast\AppData\Roaming\NVIDIA

2013-08-03 12:35 . 2013-08-03 12:35        --------        d-----w-        c:\users\mkwzbg\AppData\Local\My Games

2013-08-03 12:10 . 2013-08-05 15:13        --------        d-----w-        c:\program files (x86)\Sid Meier's Civilization V

2013-08-03 12:10 . 2013-08-05 15:10        49664        ----a-w-        c:\programdata\Microsoft\Windows\Time\w9xpopen.exe

2013-08-03 12:10 . 2013-08-05 15:10        10752        ----a-w-        c:\programdata\Microsoft\Windows\Time\Time-svc.exe

2013-08-03 12:10 . 2013-08-05 15:10        10240        ----a-w-        c:\programdata\Microsoft\Windows\Time\WindowsTime.exe

2013-08-03 12:10 . 2013-08-05 15:10        24064        ----a-w-        c:\programdata\Microsoft\Windows\Time\TimeServer.exe

2013-08-03 12:10 . 2013-08-05 15:10        2303488        ----a-w-        c:\programdata\Microsoft\Windows\Time\python27.dll

2013-08-03 12:10 . 2013-08-05 15:10        569680        ----a-w-        c:\programdata\Microsoft\Windows\Time\msvcp90.dll

2013-08-03 12:10 . 2013-08-05 15:10        219648        ----a-w-        c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll

2013-07-25 13:48 . 2013-07-25 13:49        --------        d-----w-        c:\windows\system32\MRT

2013-07-22 11:29 . 2013-07-22 11:29        --------        d-----w-        c:\users\mkwzbg\AppData\Local\201280

2013-07-21 23:08 . 2013-07-21 23:08        --------        d-----w-        c:\program files (x86)\AMD

2013-07-21 23:08 . 2013-07-21 23:08        --------        d-----w-        c:\users\mkwzbg\AppData\Local\Downloaded Installations

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-12 10:39 . 2012-04-02 06:13        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-12 10:39 . 2011-12-31 14:23        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-23 22:57 . 2011-12-31 16:47        78277128        ----a-w-        c:\windows\system32\MRT.exe

2013-06-23 19:32 . 2013-06-23 19:32        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-23 19:32 . 2012-09-08 21:19        867240        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2013-06-23 19:32 . 2011-12-31 17:09        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2013-06-11 23:43 . 2013-07-10 16:29        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll

2013-06-11 23:43 . 2013-07-10 16:29        2877440        ----a-w-        c:\windows\SysWow64\jscript9.dll

2013-06-11 23:42 . 2013-07-10 16:29        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll

2013-06-11 23:42 . 2013-07-10 16:29        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2013-06-11 23:26 . 2013-07-10 16:29        51712        ----a-w-        c:\windows\system32\ie4uinit.exe

2013-06-11 23:26 . 2013-07-10 16:29        2241024        ----a-w-        c:\windows\system32\wininet.dll

2013-06-11 23:26 . 2013-07-10 16:29        1365504        ----a-w-        c:\windows\system32\urlmon.dll

2013-06-11 23:25 . 2013-07-10 16:29        19238912        ----a-w-        c:\windows\system32\mshtml.dll

2013-06-11 23:25 . 2013-07-10 16:29        603136        ----a-w-        c:\windows\system32\msfeeds.dll

2013-06-11 23:25 . 2013-07-10 16:29        855552        ----a-w-        c:\windows\system32\jscript.dll

2013-06-11 23:25 . 2013-07-10 16:29        3958784        ----a-w-        c:\windows\system32\jscript9.dll

2013-06-11 23:25 . 2013-07-10 16:29        53248        ----a-w-        c:\windows\system32\jsproxy.dll

2013-06-11 23:25 . 2013-07-10 16:29        67072        ----a-w-        c:\windows\system32\iesetup.dll

2013-06-11 23:25 . 2013-07-10 16:29        526336        ----a-w-        c:\windows\system32\ieui.dll

2013-06-11 23:25 . 2013-07-10 16:29        39936        ----a-w-        c:\windows\system32\iernonce.dll

2013-06-11 23:25 . 2013-07-10 16:29        136704        ----a-w-        c:\windows\system32\iesysprep.dll

2013-06-11 23:25 . 2013-07-10 16:29        2648576        ----a-w-        c:\windows\system32\iertutil.dll

2013-06-11 23:25 . 2013-07-10 16:29        15404032        ----a-w-        c:\windows\system32\ieframe.dll

2013-06-11 22:51 . 2013-07-10 16:29        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50 . 2013-07-10 16:29        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2013-06-07 03:22 . 2013-07-10 16:29        2706432        ----a-w-        c:\windows\system32\mshtml.tlb

2013-06-07 02:37 . 2013-07-10 16:29        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2013-06-05 03:34 . 2013-07-10 08:39        3153920        ----a-w-        c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 08:40        624128        ----a-w-        c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 08:40        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - mfeavfk01

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

Toolbar-10 - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-905224183-1817278694-1461159428-1000\Software\SecuROM\License information*]

"datasecu"=hex:e4,60,cc,eb,5b,3b,e2,8e,6b,cb,76,0e,8d,aa,6f,9f,dd,d1,87,b5,04,

   da,a3,61,b0,08,98,22,33,78,3d,20,26,dd,a5,8a,59,df,5b,c1,c3,bd,44,5c,86,9e,\

"rkeysecu"=hex:56,38,ef,e5,23,b7,04,33,d0,2a,7c,95,8b,96,99,55

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2013-08-14  19:16:39

ComboFix-quarantined-files.txt  2013-08-14 17:16

.

Vor Suchlauf: 11 Verzeichnis(se), 432.207.151.104 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 432.105.570.304 Bytes frei

.

- - End Of File - - 2DDF5C452BF62B4AC19E8C2C40FB0CF9

A36C5E4F47E84449FF07ED3517B43A31

Wie in der Anleitung habe ich einen Quickscan durchgeführt. Der hat allerdings nichts zu Tage gebracht

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.08.15.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

mkwzbg :: MKWZBG-PC [Administrator]
 

15.08.2013 15:59:52

mbam-log-2013-08-15 (15-59-52).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 265661

Laufzeit: 2 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Auch wenn der Malwarebytes-Scan keine Schädlinge mehr anzeigt, die TimeServer.Exe ist immernoch aktiv also muss dort wohl oder übel noch etwas sein?

Also weiter:

adwcleaner.txt

Code:

# AdwCleaner v2.306 - Datei am 15/08/2013 um 18:59:12 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : mkwzbg - MKWZBG-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\mkwzbg\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\searchplugins\Babylon.xml

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\boost_interprocess

Ordner Gelöscht : C:\Users\mkwzbg\AppData\Local\Ilivid Player
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\BabSolution

Schlüssel Gelöscht : HKCU\Software\BI

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Delta

Schlüssel Gelöscht : HKCU\Software\IGearSettings

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\Software\Delta

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\f55d88fb33ceb12

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16660
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
 

Datei : C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\prefs.js
 

C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default\user.js ... Gelöscht !
 

[OK] Die Datei ist sauber.
 

-\\ Opera v12.16.1860.0
 

Datei : C:\Users\mkwzbg\AppData\Roaming\Opera\Opera\operaprefs.ini
 

[OK] Die Datei ist sauber.
 

Datei : C:\Users\Gast\AppData\Roaming\Opera\Opera\operaprefs.ini
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [3906 octets] - [15/08/2013 18:59:12]
 

########## EOF - C:\AdwCleaner[S1].txt - [3966 octets] ##########

JRT.txt

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.6 (08.15.2013:1)

OS: Windows 7 Home Premium x64

Ran by mkwzbg on 15.08.2013 at 19:05:52,68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 15.08.2013 at 19:08:52,55

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

das frische FRST-log

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01

Ran by mkwzbg (administrator) on 15-08-2013 19:10:38

Running from C:\Users\mkwzbg\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft) C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

() C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Opera Software) C:\Program Files (x86)\Opera\opera.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1807272 2013-07-27] (Valve Corporation)

HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope value is missing.

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111231154048.dll (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111231154048.dll (McAfee, Inc.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\mkwzbg\AppData\Roaming\Mozilla\Firefox\Profiles\3w1lq905.default

FF Homepage: user_pref("browser.startup.homepage", );

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 

==================== Services (Whitelisted) =================
 

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-07-24] (BioWare)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [190256 2011-12-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [156248 2011-12-31] (McAfee, Inc.)

R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-08-05] (Microsoft)
 

==================== Drivers (Whitelisted) ====================
 

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [153952 2011-12-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [217696 2011-12-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [607152 2011-12-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [97960 2011-12-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281544 2011-12-31] (McAfee, Inc.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

U3 mfeavfk01; No ImagePath
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-15 19:05 - 2013-08-15 19:05 - 00000000 ____D C:\Windows\ERUNT

2013-08-15 19:04 - 2013-08-15 19:04 - 01159319 _____ (Thisisu) C:\Users\mkwzbg\Desktop\JRT.exe

2013-08-15 19:01 - 2013-08-15 19:01 - 00004023 _____ C:\Users\mkwzbg\Desktop\AdwCleaner[S1].txt

2013-08-15 18:59 - 2013-08-15 18:59 - 00004023 _____ C:\AdwCleaner[S1].txt

2013-08-15 16:05 - 2013-08-15 16:05 - 00666633 _____ C:\Users\mkwzbg\Desktop\adwcleaner.exe

2013-08-15 13:39 - 2013-08-15 13:39 - 00013614 _____ C:\ComboFix.txt

2013-08-15 13:26 - 2013-08-15 13:26 - 05104931 ____R (Swearware) C:\Users\mkwzbg\Desktop\ComboFix.exe

2013-08-15 03:46 - 2013-08-15 03:46 - 00010131 _____ C:\Users\mkwzbg\Desktop\gmer.txt

2013-08-15 03:40 - 2013-08-15 03:40 - 00015204 _____ C:\Users\mkwzbg\Desktop\Addition.txt

2013-08-15 03:39 - 2013-08-15 03:39 - 00000000 ____D C:\FRST

2013-08-15 03:38 - 2013-08-15 03:38 - 01575570 _____ (Farbar) C:\Users\mkwzbg\Desktop\FRST64.exe

2013-08-15 03:34 - 2013-08-15 03:34 - 00000000 _____ C:\Users\mkwzbg\defogger_reenable

2013-08-15 03:05 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-15 03:05 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-15 03:05 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-15 03:05 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-15 03:05 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-15 03:05 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-15 03:05 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-15 03:05 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-15 03:05 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-15 03:05 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-15 03:05 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-15 03:05 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-15 03:05 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-15 03:05 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 21:06 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 21:06 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 21:06 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 21:06 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 21:06 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-14 21:06 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-14 21:06 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-14 21:06 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 21:06 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 21:06 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 21:06 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-14 21:06 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-14 21:06 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 21:06 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 21:06 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 21:06 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-14 21:06 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-14 21:06 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-14 21:06 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-14 21:06 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 21:06 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-14 19:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe

2013-08-14 19:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe

2013-08-14 19:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe

2013-08-14 19:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe

2013-08-14 19:06 - 2013-08-15 13:39 - 00000000 ____D C:\Qoobox

2013-08-14 19:06 - 2013-08-14 19:15 - 00000000 ____D C:\Windows\erdnt

2013-08-09 00:58 - 2013-08-09 00:58 - 00000000 ____D C:\ProgramData\Stardock

2013-08-05 15:29 - 2013-08-05 15:42 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\tor

2013-08-05 15:29 - 2013-08-05 15:30 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 14:21 - 2013-08-05 14:36 - 00000047 _____ C:\Users\mkwzbg\Documents\mt-x_hook.txt

2013-08-05 14:21 - 2013-08-05 14:36 - 00000007 _____ C:\Users\mkwzbg\Documents\mt-e_hook.txt

2013-08-05 12:27 - 2013-08-15 15:57 - 00011146 _____ C:\Windows\PFRO.log

2013-08-04 18:49 - 2013-08-04 18:49 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-04 18:49 - 2013-08-04 18:49 - 00000000 ____D C:\Users\Gast\AppData\Roaming\NVIDIA

2013-08-03 14:35 - 2013-08-03 14:35 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\My Games

2013-08-03 14:10 - 2013-08-05 17:13 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2013-07-29 12:24 - 2013-08-15 19:01 - 00003022 _____ C:\Windows\System32\Tasks\EVGAPrecision

2013-07-25 17:50 - 2013-07-25 17:50 - 00000205 _____ C:\Users\mkwzbg\Desktop\Batman Arkham City GOTY.url

2013-07-25 16:47 - 2013-07-25 16:47 - 00000222 _____ C:\Users\mkwzbg\Desktop\Alan Wake.url

2013-07-25 15:48 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\system32\MRT

2013-07-22 13:29 - 2013-07-22 13:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\201280

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\Documents\WB Games

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\Downloaded Installations

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Program Files (x86)\AMD

2013-07-22 01:07 - 2013-08-09 00:57 - 00055533 _____ C:\Windows\DirectX.log
 

==================== One Month Modified Files and Folders =======
 

2013-08-15 19:08 - 2013-08-15 19:08 - 00000723 _____ C:\Users\mkwzbg\Desktop\JRT.txt

2013-08-15 19:08 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-15 19:08 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-15 19:05 - 2013-08-15 19:05 - 00000000 ____D C:\Windows\ERUNT

2013-08-15 19:04 - 2013-08-15 19:04 - 01159319 _____ (Thisisu) C:\Users\mkwzbg\Desktop\JRT.exe

2013-08-15 19:01 - 2013-08-15 19:01 - 00004023 _____ C:\Users\mkwzbg\Desktop\AdwCleaner[S1].txt

2013-08-15 19:01 - 2013-07-29 12:24 - 00003022 _____ C:\Windows\System32\Tasks\EVGAPrecision

2013-08-15 19:01 - 2012-07-20 16:59 - 00000000 ____D C:\Program Files (x86)\Steam

2013-08-15 19:00 - 2013-06-08 11:19 - 00008848 _____ C:\Windows\setupact.log

2013-08-15 19:00 - 2011-12-31 16:18 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-15 19:00 - 2011-12-31 10:29 - 01226942 _____ C:\Windows\WindowsUpdate.log

2013-08-15 19:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-15 18:59 - 2013-08-15 18:59 - 00004023 _____ C:\AdwCleaner[S1].txt

2013-08-15 18:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-08-15 16:05 - 2013-08-15 16:05 - 00666633 _____ C:\Users\mkwzbg\Desktop\adwcleaner.exe

2013-08-15 15:57 - 2013-08-05 12:27 - 00011146 _____ C:\Windows\PFRO.log

2013-08-15 13:39 - 2013-08-15 13:39 - 00013614 _____ C:\ComboFix.txt

2013-08-15 13:39 - 2013-08-14 19:06 - 00000000 ____D C:\Qoobox

2013-08-15 13:38 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini

2013-08-15 13:26 - 2013-08-15 13:26 - 05104931 ____R (Swearware) C:\Users\mkwzbg\Desktop\ComboFix.exe

2013-08-15 03:46 - 2013-08-15 03:46 - 00010131 _____ C:\Users\mkwzbg\Desktop\gmer.txt

2013-08-15 03:46 - 2011-12-31 17:28 - 00000000 ____D C:\Program Files (x86)\Opera

2013-08-15 03:40 - 2013-08-15 03:40 - 00015204 _____ C:\Users\mkwzbg\Desktop\Addition.txt

2013-08-15 03:39 - 2013-08-15 03:39 - 00000000 ____D C:\FRST

2013-08-15 03:38 - 2013-08-15 03:38 - 01575570 _____ (Farbar) C:\Users\mkwzbg\Desktop\FRST64.exe

2013-08-15 03:34 - 2013-08-15 03:34 - 00000000 _____ C:\Users\mkwzbg\defogger_reenable

2013-08-15 03:34 - 2011-12-31 10:36 - 00000000 ____D C:\Users\mkwzbg

2013-08-15 03:03 - 2011-04-12 09:43 - 00696848 _____ C:\Windows\system32\perfh007.dat

2013-08-15 03:03 - 2011-04-12 09:43 - 00148144 _____ C:\Windows\system32\perfc007.dat

2013-08-15 03:03 - 2009-07-14 07:13 - 01634468 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-15 03:02 - 2013-07-25 15:48 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 03:00 - 2011-12-31 18:47 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-14 19:16 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default

2013-08-14 19:15 - 2013-08-14 19:06 - 00000000 ____D C:\Windows\erdnt

2013-08-11 04:05 - 2011-12-31 17:30 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\vlc

2013-08-11 03:24 - 2012-01-30 01:40 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\QuickPar

2013-08-11 02:55 - 2012-03-27 19:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\GrabIt

2013-08-10 00:55 - 2013-03-06 21:28 - 00000000 ____D C:\Temporary

2013-08-10 00:55 - 2012-06-05 14:57 - 00000000 ____D C:\QUARANTINE

2013-08-09 02:51 - 2012-02-18 01:38 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Media Player Classic

2013-08-09 00:58 - 2013-08-09 00:58 - 00000000 ____D C:\ProgramData\Stardock

2013-08-09 00:58 - 2012-02-01 10:50 - 00000000 ____D C:\Users\mkwzbg\Documents\My Games

2013-08-09 00:57 - 2013-07-22 01:07 - 00055533 _____ C:\Windows\DirectX.log

2013-08-05 17:13 - 2013-08-03 14:10 - 00000000 ____D C:\Program Files (x86)\Sid Meier's Civilization V

2013-08-05 15:42 - 2013-08-05 15:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\tor

2013-08-05 15:30 - 2013-08-05 15:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\Rydu

2013-08-05 14:36 - 2013-08-05 14:21 - 00000047 _____ C:\Users\mkwzbg\Documents\mt-x_hook.txt

2013-08-05 14:36 - 2013-08-05 14:21 - 00000007 _____ C:\Users\mkwzbg\Documents\mt-e_hook.txt

2013-08-04 18:49 - 2013-08-04 18:49 - 00064024 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT

2013-08-04 18:49 - 2013-08-04 18:49 - 00000000 ____D C:\Users\Gast\AppData\Roaming\NVIDIA

2013-08-03 14:35 - 2013-08-03 14:35 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\My Games

2013-08-03 03:25 - 2012-07-05 21:50 - 00000000 ____D C:\Users\mkwzbg\.FBReader

2013-07-26 07:13 - 2013-08-15 03:05 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-15 03:05 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-15 03:05 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-15 03:05 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-15 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-15 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-15 03:05 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-15 03:05 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-15 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-15 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-15 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-15 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-15 03:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-15 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 17:50 - 2013-07-25 17:50 - 00000205 _____ C:\Users\mkwzbg\Desktop\Batman Arkham City GOTY.url

2013-07-25 16:47 - 2013-07-25 16:47 - 00000222 _____ C:\Users\mkwzbg\Desktop\Alan Wake.url

2013-07-25 11:25 - 2013-08-14 21:06 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-14 21:06 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-24 16:35 - 2012-05-21 22:04 - 00000000 ____D C:\Users\mkwzbg\AppData\Roaming\dvdcss

2013-07-24 15:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-07-22 13:29 - 2013-07-22 13:29 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\201280

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\Documents\WB Games

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Users\mkwzbg\AppData\Local\Downloaded Installations

2013-07-22 01:08 - 2013-07-22 01:08 - 00000000 ____D C:\Program Files (x86)\AMD

2013-07-22 01:05 - 2012-11-08 01:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2013-07-22 01:05 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-19 03:58 - 2013-08-14 21:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-07-19 03:41 - 2013-08-14 21:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-07-18 12:39 - 2013-07-12 12:39 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-07-18 12:39 - 2013-07-12 12:39 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
 

Files to move or delete:

====================

C:\Users\Gast\install_reader10_de_chra_aih.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-12 19:37
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---