Trojaner-Board - System der automatischen Informationskontrolle

Hey Marius!

Danke für deine Antwort - trotz Wochenende ;)...

Hier die Logdatei:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 (ATTENTION: FRST version is 6 days old)

Ran by SYSTEM at 13-10-2012 15:52:11

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-12 03:05 - 2012-10-12 03:06 - 00000000 ___SD C:\ComboFix

2012-10-12 02:52 - 2012-10-12 02:52 - 00000000 ____D C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Program Files\7-Zip

2012-10-11 23:19 - 2012-10-11 23:29 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 23:18 - 2012-10-11 23:18 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-11 06:35 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-11 06:33 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}

2012-09-14 11:24 - 2012-09-14 11:24 - 00000000 ____D C:\Users\media\AppData\Local\{AAF0BA22-404F-403C-9E7E-9D75F843B25B}

2012-09-13 10:21 - 2012-09-13 10:22 - 00000000 ____D C:\Users\media\AppData\Local\{0CADDEF1-A5B0-41E2-842D-72B1F236F0A3}
 
 

==================== 3 Months Modified Files ==================
 

2012-10-13 05:50 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-13 05:50 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-13 05:48 - 2008-01-20 18:47 - 08202420 ____A C:\Windows\PFRO.log

2012-10-13 05:48 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-13 05:48 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-13 05:47 - 2008-09-03 06:04 - 01269411 ____A C:\Windows\WindowsUpdate.log

2012-10-13 05:01 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-13 04:57 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-13 04:52 - 2009-03-15 09:32 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-10-12 11:28 - 2012-07-29 00:47 - 00085504 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:29 - 2012-10-11 23:19 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 06:35 - 2012-10-10 00:18 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-11 06:33 - 2012-10-10 00:15 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-08-31 08:51:25

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17

Restore point made on: 2012-10-11 07:03:59

Restore point made on: 2012-10-12 08:31:00

Restore point made on: 2012-10-13 00:52:01
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3698.67 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3782.11 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.33 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:174.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 7     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 4     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-13 04:58
 

==================== End Of Log ============================