| DarkorbitSup | 21.02.2015 12:36 |
Soooooo , hier is das ganze Zeug xD Code:
# AdwCleaner v4.111 - Bericht erstellt 21/02/2015 um 12:29:40
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 7 Home Premium (x86)
# Benutzername : Marcel - MARCEL-PC
# Gestarted von : C:\Users\Marcel\Desktop\Neuer Ordner\AdwCleaner_4.111.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\Program Files\Assets Manager
Ordner Gefunden : C:\Program Files\SoftwareUpdater
Ordner Gefunden : C:\ProgramData\1760fcfc00000cec
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local
Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKCU\Software\dll-files.com
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\dll-files.com
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v40.0.2214.115
[C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1424368686&from=cvs4&uid=SamsungXSSDX840XSeries_S14CNEAD140361J&q={searchTerms}
[C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1424368686&from=cvs4&uid=SamsungXSSDX840XSeries_S14CNEAD140361J&q={searchTerms}
*************************
AdwCleaner[R0].txt - [1718 Bytes] - [21/02/2015 12:29:40]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1777 Bytes] ##########
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by Marcel (administrator) on MARCEL-PC on 21-02-2015 12:33:41
Running from C:\Users\Marcel\Desktop
Loaded Profiles: Marcel (Available profiles: Marcel)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ClanServers Hosting LLC) C:\Program Files\GameTracker\GSInGameService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [aBCaPKuJHhV] => C:\Users\Marcel\AppData\Local\temp\aMHtK42dJoc.exe [318464 2015-02-12] (aDYBzHr1u0EZ) <===== ATTENTION
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2853233061-4257070424-1586124854-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2853233061-4257070424-1586124854-1000\...\Run: [uTorrent] => C:\Users\Marcel\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-15] (BitTorrent Inc.)
HKU\S-1-5-21-2853233061-4257070424-1586124854-1000\...\Run: [SkypeVoiceChanger] => C:\Program Files\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe [939520 2015-02-03] ()
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2613248 2009-07-14] (Microsoft Corporation) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2853233061-4257070424-1586124854-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2853233061-4257070424-1586124854-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2853233061-4257070424-1586124854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\AthTek\Voice Changer for Skype\accsky.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D08D3964-1227-43F3-8B81-5CD4DD31845B}: [NameServer] 208.67.222.222
FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\7x72t349.default
FF NewTab: hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: MEGA - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\7x72t349.default\Extensions\firefox@mega.co.nz.xpi [2015-02-07]
FF Extension: Greasemonkey - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\7x72t349.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-20]
Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1424368686&from=cvs4&uid=SamsungXSSDX840XSeries_S14CNEAD140361J
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1424368686&from=cvs4&uid=SamsungXSSDX840XSeries_S14CNEAD140361J"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15]
CHR Extension: (Google Drive) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15]
CHR Extension: (YouTube) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15]
CHR Extension: (Google Search) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15]
CHR Extension: (Google Wallet) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-15]
CHR Extension: (Gmail) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [2158960 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [211216 2009-09-21] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2015-02-07] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [44544 2015-01-16] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20736 2015-01-16] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [101504 2015-01-16] (G Data Software AG)
S3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [56832 2015-01-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2015-01-16] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2015-02-01] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [50176 2015-01-16] (G Data Software AG)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2012-07-31] (Screaming Bee LLC)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27888 2014-01-24] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1766784 2011-01-13] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2015-02-07] (Duplex Secure Ltd.)
R3 tenCapture; C:\Windows\System32\DRIVERS\tenCapture.sys [20664 2012-07-20] (Hajo Krabbenhöft)
U3 a6g6f4hj; C:\Windows\system32\Drivers\a6g6f4hj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Marcel\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 12:33 - 2015-02-21 12:33 - 00011162 _____ () C:\Users\Marcel\Desktop\FRST.txt
2015-02-21 12:29 - 2015-02-21 12:33 - 00000000 ____D () C:\AdwCleaner
2015-02-21 12:29 - 2015-02-21 12:29 - 01126400 _____ (Farbar) C:\Users\Marcel\Desktop\FRST.exe
2015-02-21 12:22 - 2015-02-21 12:22 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\35028135
2015-02-21 12:11 - 2015-02-21 12:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 12:11 - 2015-02-21 12:11 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-21 12:11 - 2015-02-21 12:11 - 00000000 ____D () C:\Users\Marcel\Desktop\Neuer Ordner
2015-02-21 12:11 - 2015-02-21 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 12:11 - 2015-02-21 12:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 12:11 - 2015-02-21 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-21 12:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 12:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 12:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 12:09 - 2015-02-21 12:09 - 00003304 ____N () C:\bootsqm.dat
2015-02-20 20:53 - 2015-02-20 20:53 - 00004208 _____ () C:\Windows\windefendam.log
2015-02-20 20:53 - 2015-02-20 20:53 - 00000020 _____ () C:\Windows\capsys184523.log
2015-02-20 20:53 - 2015-02-20 20:53 - 00000000 ____D () C:\Users\Marcel\Documents\Action!
2015-02-20 20:51 - 2015-02-20 20:51 - 00000000 _____ () C:\Users\Marcel\Desktop\Neues Textdokument (2).txt
2015-02-20 20:49 - 2015-02-20 20:49 - 00021838 _____ () C:\Users\Marcel\Desktop\dd.txt
2015-02-20 20:48 - 2015-02-21 12:21 - 00000000 ____D () C:\directory
2015-02-20 20:44 - 2015-02-20 20:44 - 00000014 _____ () C:\Users\Marcel\AppData\Roaming\checkV8
2015-02-20 20:29 - 2015-02-20 20:29 - 00097792 _____ () C:\Users\Marcel\Desktop\Minecraft 1.7.x ForceOP.exe
2015-02-20 20:27 - 2015-02-20 20:21 - 00082432 ____H () C:\Users\Marcel\AppData\Roaming\26.exe
2015-02-20 20:23 - 2015-02-20 20:50 - 00000000 ____D () C:\Users\Marcel\Desktop\hack
2015-02-20 20:08 - 2015-02-20 20:13 - 136610466 _____ () C:\Users\Marcel\Desktop\Crypters.rar
2015-02-20 19:56 - 2015-02-20 19:56 - 00000183 _____ () C:\Users\Marcel\AppData\Roaming\MARCEL-PC - 764.txt
2015-02-20 19:46 - 2015-02-20 19:46 - 00000000 ____D () C:\Users\Marcel\Desktop\iStealer_6.3_Legends
2015-02-20 19:19 - 2015-02-20 19:19 - 00038400 _____ () C:\Users\Marcel\Downloads\Happy Bot.exe
2015-02-20 19:06 - 2015-02-20 19:06 - 00000000 ____D () C:\Users\Marcel\Downloads\Silent doc
2015-02-20 19:05 - 2015-02-20 19:06 - 04036590 _____ () C:\Users\Marcel\Downloads\Silent doc.zip
2015-02-20 19:01 - 2015-02-20 19:01 - 01135024 _____ () C:\Users\Marcel\Downloads\Rage Booter source.rar
2015-02-20 18:59 - 2015-02-20 18:59 - 04040814 _____ () C:\Users\Marcel\Downloads\pb.rar
2015-02-20 18:59 - 2015-02-20 18:59 - 00019396 _____ () C:\Users\Marcel\Downloads\arme.c
2015-02-20 17:42 - 2015-02-20 20:05 - 00000000 ____D () C:\Users\Marcel\Desktop\Crime24-Stealer
2015-02-20 17:19 - 2015-02-20 17:19 - 00038400 _____ () C:\Users\Marcel\Downloads\ew.exe
2015-02-20 17:18 - 2015-02-20 17:18 - 00038400 _____ () C:\Users\Marcel\Desktop\ew.exe
2015-02-20 17:18 - 2015-02-20 17:18 - 00000108 _____ () C:\Users\Marcel\Desktop\msgbox.vbs
2015-02-20 17:17 - 2015-02-20 17:17 - 00001117 _____ () C:\Users\Public\Desktop\Bat To Exe Converter.lnk
2015-02-20 17:17 - 2015-02-20 17:17 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Bat To Exe Converter
2015-02-20 17:17 - 2015-02-20 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter
2015-02-20 17:17 - 2015-02-20 17:17 - 00000000 ____D () C:\Program Files\Bat To Exe Converter
2015-02-20 17:14 - 2015-02-20 17:15 - 01025469 _____ () C:\Users\Marcel\Desktop\razorVirus Builder.exe
2015-02-20 17:14 - 2015-02-20 17:14 - 03821683 _____ () C:\Users\Marcel\Desktop\BatToExeConverter_2.1.3.zip
2015-02-20 17:13 - 2015-02-20 17:13 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-20 17:13 - 2015-02-20 17:13 - 00000000 __RSH () C:\IO.SYS
2015-02-20 17:12 - 2015-02-12 16:57 - 00318464 _____ (aDYBzHr1u0EZ) C:\Users\Marcel\Desktop\Clicker_original.exe
2015-02-20 16:24 - 2015-02-20 16:25 - 00000000 ____D () C:\Users\Marcel\Downloads\NodusLauncher
2015-02-20 16:24 - 2015-02-20 16:24 - 02997389 _____ () C:\Users\Marcel\Downloads\NodusLauncher.zip
2015-02-20 14:49 - 2015-02-20 14:49 - 00020262 _____ () C:\ComboFix.txt
2015-02-20 14:44 - 2015-02-20 14:44 - 00000029 _____ () C:\Users\Marcel\Desktop\Neues Textdokument.txt
2015-02-20 14:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-20 14:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-20 14:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-20 14:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-20 14:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-20 14:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-20 14:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-20 14:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-20 14:43 - 2015-02-20 14:49 - 00000000 ____D () C:\Windows\erdnt
2015-02-20 14:43 - 2015-02-20 14:49 - 00000000 ____D () C:\Qoobox
2015-02-20 14:43 - 2015-02-20 14:43 - 05611903 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2015-02-20 14:36 - 2015-02-20 14:36 - 00001230 _____ () C:\Users\Marcel\Desktop\Revo Uninstaller.lnk
2015-02-20 14:36 - 2015-02-20 14:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-19 19:49 - 2015-02-19 19:49 - 00000000 ____D () C:\Users\Marcel\Documents\svceffects
2015-02-19 19:14 - 2015-02-19 19:14 - 00057560 _____ () C:\Users\Marcel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-19 18:59 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\M91Yd6y
2015-02-19 18:59 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\CDDA2i0
2015-02-19 18:59 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\4kH5fw4
2015-02-19 18:59 - 2015-02-19 18:59 - 00000080 _____ () C:\Users\Marcel\AppData\Local\recently-fix.db
2015-02-19 18:59 - 2015-02-19 18:59 - 00000000 ____D () C:\ProgramData\atjs
2015-02-19 18:57 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Opera
2015-02-19 18:57 - 2015-02-19 19:05 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Opera Software
2015-02-19 18:57 - 2015-02-19 19:05 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Opera Software
2015-02-18 15:26 - 2015-02-21 12:33 - 00000000 ____D () C:\FRST
2015-02-18 14:38 - 2015-02-18 14:39 - 01421735 _____ () C:\Users\Marcel\Desktop\DeadCow Miner Free Edition.zip
2015-02-18 14:11 - 2015-02-18 14:11 - 00000000 ____D () C:\Users\Marcel\Downloads\runtime
2015-02-18 14:10 - 2015-02-18 14:11 - 00000000 ____D () C:\Users\Marcel\Downloads\game
2015-02-18 14:02 - 2015-02-18 14:02 - 00000020 _____ () C:\Users\Marcel\AppData\Roaming\appdataFr3.bin
2015-02-17 17:09 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-17 17:08 - 2015-02-17 17:08 - 00120569 _____ () C:\Users\Marcel\Downloads\nircmd.zip
2015-02-17 16:41 - 2015-02-17 16:41 - 60157386 _____ () C:\Users\Marcel\Desktop\All-In-One Ultra Hacker 156 In 1.rar
2015-02-16 18:53 - 2015-02-16 18:53 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-15 18:19 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Apple Computer
2015-02-15 18:19 - 2015-02-15 18:19 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Apple Computer
2015-02-15 18:18 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-15 18:18 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Apple
2015-02-15 18:18 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\iTunes
2015-02-15 18:18 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\iPod
2015-02-15 18:18 - 2015-02-19 19:08 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-15 18:18 - 2015-02-15 18:18 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-02-15 18:18 - 2015-02-15 18:18 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Apple
2015-02-15 18:18 - 2015-02-15 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-15 18:18 - 2015-02-15 18:18 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-15 18:18 - 2015-02-15 18:18 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-02-15 18:16 - 2015-02-15 18:17 - 108785968 _____ (Apple Inc.) C:\Users\Marcel\Downloads\itunessetup.exe
2015-02-15 14:08 - 2015-02-15 15:16 - 956378701 _____ () C:\Users\Marcel\Downloads\DayZ Standalone.zip
2015-02-15 13:16 - 2015-02-15 13:17 - 13987015 _____ () C:\Users\Marcel\Downloads\DayZ SA Multiplayer Crack.zip
2015-02-15 09:34 - 2015-02-20 14:48 - 00000000 __SHD () C:\Users\Marcel\Documents\MSDCSC
2015-02-14 22:17 - 2015-02-14 22:17 - 00000067 _____ () C:\Windows\system32\msgbx.vbs
2015-02-14 22:17 - 2015-02-14 22:17 - 00000000 _____ () C:\Windows\system32\sendkey.vbs
2015-02-14 21:39 - 2015-02-14 21:52 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Quickscope_Simulator
2015-02-14 21:34 - 2015-02-14 21:34 - 00000316 _____ () C:\Users\Marcel\Documents\g.bat
2015-02-14 21:34 - 2015-02-14 21:34 - 00000150 _____ () C:\Users\Marcel\Documents\opendisk.vbs
2015-02-14 20:35 - 2015-02-21 12:21 - 00014808 _____ () C:\Windows\PFRO.log
2015-02-13 21:00 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2015-02-13 21:00 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Dotjosh Studios
2015-02-13 21:00 - 2015-02-13 21:00 - 00001298 _____ () C:\Users\Public\Desktop\DayZ Commander.lnk
2015-02-13 21:00 - 2015-02-13 21:00 - 00000000 ____D () C:\Users\Marcel\AppData\Local\DayZCommander
2015-02-13 16:22 - 2015-02-13 20:41 - 00000361 _____ () C:\Windows\system32\LumaEmu.ini
2015-02-13 16:22 - 2015-02-13 16:22 - 00000000 ___SH () C:\Users\Marcel\AppData\Local\LumaEmu
2015-02-13 15:19 - 2015-02-13 15:19 - 00000000 ____D () C:\ProgramData\Steam
2015-02-13 15:18 - 2015-02-13 15:18 - 00001472 _____ () C:\Users\Marcel\Desktop\DayZ Standalone ALPHA.lnk
2015-02-13 15:16 - 2015-02-13 15:16 - 00000000 ____D () C:\Program Files\Bohemia Interactive
2015-02-13 14:20 - 2015-02-15 09:34 - 00000000 ____D () C:\Users\Marcel\Documents\BIS Core Engine
2015-02-12 16:54 - 2015-02-12 16:54 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Яαпİά
2015-02-12 16:53 - 2015-02-12 16:53 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2015-02-12 16:53 - 2015-02-12 16:53 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2015-02-12 16:53 - 2015-02-12 16:53 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2015-02-12 16:52 - 2015-02-12 16:52 - 00000000 ____D () C:\ProgramData\Nimoru
2015-02-12 16:37 - 2015-02-12 16:37 - 00000000 ____D () C:\Windows\system32\AMD64
2015-02-12 16:34 - 2015-02-12 16:34 - 00000000 ____D () C:\ProgramData\{db94b505-336f-6e8a-db94-4b505336d414}
2015-02-11 18:06 - 2015-02-11 18:06 - 00002808 _____ () C:\Users\Marcel\Documents\hhh.bat
2015-02-11 18:04 - 2015-02-11 18:04 - 00000658 _____ () C:\Users\Marcel\Documents\htdgj.bat
2015-02-11 18:01 - 2015-02-11 18:01 - 00014889 _____ () C:\Users\Marcel\Documents\PenisVirus.bat
2015-02-11 17:06 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2015-02-11 17:06 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Screaming Bee
2015-02-11 17:06 - 2015-02-19 19:04 - 00000000 ____D () C:\ProgramData\Screaming Bee
2015-02-11 17:06 - 2015-02-11 17:23 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Screaming Bee
2015-02-11 17:03 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fake Webcam 7.4
2015-02-11 17:03 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fake Voice 7.0
2015-02-11 17:03 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Web Solution Mart
2015-02-11 17:03 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Common Files\Web Solution Mart
2015-02-11 17:03 - 2015-02-11 17:03 - 00000000 ____D () C:\Program Files\Fake Webcam 7.4
2015-02-11 17:03 - 2012-05-18 09:53 - 00645632 _____ () C:\Windows\system32\xvidcore.dll
2015-02-11 17:03 - 2012-05-18 09:53 - 00216064 _____ ( ) C:\Windows\system32\LAGARITH.DLL
2015-02-11 17:03 - 2004-03-09 01:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2015-02-11 17:03 - 2004-03-09 01:00 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2015-02-11 17:03 - 2004-03-09 00:00 - 01081616 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCTL.OCX
2015-02-11 17:03 - 2004-03-09 00:00 - 00132880 _____ (Microsoft Corporation) C:\Windows\system32\MSINET.OCX
2015-02-11 17:02 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Fake Voice 7.0
2015-02-11 17:02 - 2012-07-20 13:43 - 00020664 _____ (Hajo Krabbenhöft) C:\Windows\system32\Drivers\tenCapture.sys
2015-02-11 16:58 - 2015-02-21 12:21 - 00000000 ____D () C:\Users\Marcel\Documents\svctest
2015-02-11 16:58 - 2015-02-21 12:21 - 00000000 ____D () C:\Users\Marcel\Documents\svcrecord
2015-02-11 16:58 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voice Changer for Skype
2015-02-11 16:58 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\AthTek
2015-02-11 16:58 - 2015-02-11 16:58 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Voice Changer for Skype.lnk
2015-02-11 16:58 - 2015-02-11 16:58 - 00001164 _____ () C:\Users\Public\Desktop\ Voice Changer for Skype.lnk
2015-02-11 16:40 - 2015-02-11 16:40 - 00007277 _____ () C:\Users\Marcel\Documents\MinecraftHackallVers.1.kronos.bat
2015-02-11 16:34 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mark Heath
2015-02-11 16:12 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite
2015-02-11 16:12 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\GameTracker
2015-02-11 16:12 - 2015-02-11 16:12 - 00000982 _____ () C:\Users\Marcel\Desktop\GameTracker Lite.lnk
2015-02-11 16:11 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\GameTracker
2015-02-11 15:52 - 2015-02-17 17:40 - 00000000 ____D () C:\Windows\system32\directx
2015-02-11 15:30 - 2015-02-15 09:34 - 00000000 ____D () C:\Users\Marcel\AppData\Local\DayZ
2015-02-11 15:30 - 2015-02-13 15:19 - 00000000 ____D () C:\Users\Marcel\Documents\DayZ
2015-02-10 18:19 - 2015-02-10 18:19 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-10 14:29 - 2015-02-21 12:21 - 00002047 _____ () C:\Windows\setupact.log
2015-02-10 14:29 - 2015-02-10 14:29 - 00265640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 14:29 - 2015-02-10 14:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-09 17:54 - 2015-02-09 17:54 - 00000000 ____D () C:\Users\Marcel\AppData\Local\iWesoft
2015-02-09 17:48 - 2015-02-09 17:48 - 00000000 ____D () C:\Users\Marcel\Documents\Skype Voice Records
2015-02-09 17:48 - 2015-02-09 17:48 - 00000000 ____D () C:\Users\Marcel\Documents\Clownfish Avatars
2015-02-09 17:45 - 2015-02-09 17:45 - 00000000 ____D () C:\Program Files\Clownfish
2015-02-09 17:34 - 2015-02-09 17:34 - 00013349 _____ () C:\Users\Marcel\Documents\mc.hackI revo 1..7.2.bat
2015-02-09 16:41 - 2015-02-09 16:41 - 00000000 ____D () C:\Users\Marcel\AppData\Local\My Games
2015-02-09 14:20 - 2015-02-09 14:20 - 00001278 _____ () C:\Users\Marcel\Desktop\payday online (test).lnk
2015-02-09 14:13 - 2015-02-09 18:19 - 00000000 ____D () C:\Program Files\Common Files\Steam
2015-02-09 14:13 - 2015-02-09 14:13 - 00000814 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-09 14:13 - 2015-02-09 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-07 20:05 - 2015-02-07 20:05 - 00331136 _____ (Mirko Böer) C:\Windows\MTrUn.EXE
2015-02-07 20:05 - 2015-02-07 20:05 - 00001356 ____R () C:\Windows\MeineTraffic_Uninstall.in
2015-02-07 20:05 - 2015-02-07 20:05 - 00000879 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meine Traffic.lnk
2015-02-07 20:05 - 2015-02-07 20:05 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meine Traffic
2015-02-07 20:05 - 2015-02-07 20:05 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Meine Traffic
2015-02-07 20:05 - 2015-02-07 20:05 - 00000000 ____D () C:\Program Files\MT
2015-02-07 19:43 - 2015-02-09 15:15 - 00000000 ____D () C:\Users\Marcel\AppData\Local\PAYDAY 2
2015-02-07 19:43 - 2015-02-07 19:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-07 19:43 - 2015-02-07 19:43 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2015-02-07 19:43 - 2013-08-13 18:03 - 00000088 _____ () C:\Users\Marcel\update-payday2.bat
2015-02-07 19:43 - 2012-06-15 18:24 - 00003153 _____ () C:\Users\Marcel\visit-www.nosteam.ro.html
2015-02-07 19:31 - 2015-02-15 09:59 - 00000000 ____D () C:\Users\Marcel\PAYDAY 2
2015-02-07 19:29 - 2015-02-07 19:29 - 00000000 ____D () C:\Program Files\PayDay2
2015-02-07 19:17 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
2015-02-07 19:17 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\Astroburn Lite
2015-02-07 19:17 - 2015-02-07 19:17 - 00000000 ____D () C:\ProgramData\Astroburn Lite
2015-02-07 16:29 - 2015-02-19 19:48 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Notepad++
2015-02-07 16:29 - 2015-02-07 16:29 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-07 16:29 - 2015-02-07 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-07 16:29 - 2015-02-07 16:29 - 00000000 ____D () C:\Program Files\Notepad++
2015-02-07 15:21 - 2015-02-09 16:28 - 00281688 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-02-07 15:21 - 2015-02-09 16:28 - 00138032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-02-07 15:21 - 2015-02-07 15:21 - 00000000 ____D () C:\Users\Marcel\AppData\Local\PunkBuster
2015-02-07 15:20 - 2015-02-07 15:20 - 00001609 _____ () C:\Users\Marcel\Desktop\Farcry3.lnk
2015-02-07 15:19 - 2015-02-07 15:19 - 00000000 ____D () C:\ProgramData\Orbit
2015-02-07 15:15 - 2015-02-09 16:28 - 00281688 _____ () C:\Windows\system32\PnkBstrB.exe
2015-02-07 15:15 - 2015-02-09 14:49 - 00281688 _____ () C:\Windows\system32\PnkBstrB.ex0
2015-02-07 15:15 - 2015-02-07 15:15 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2015-02-07 15:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-07 15:14 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-07 15:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-07 15:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-07 15:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-02-07 15:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-07 15:14 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-07 15:14 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-07 15:14 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-07 15:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-02-07 15:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-02-07 15:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-02-07 15:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-02-07 15:14 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-02-07 15:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-02-07 15:14 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-02-07 15:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-07 15:14 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-02-07 15:14 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-02-07 15:14 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-02-07 15:14 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-02-07 15:14 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-02-07 15:14 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-02-07 15:14 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-02-07 15:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-02-07 15:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-02-07 15:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-02-07 15:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-02-07 15:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-02-07 15:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-02-07 15:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-02-07 15:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-02-07 15:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-02-07 15:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-02-07 15:14 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-02-07 15:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-02-07 15:14 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-02-07 15:14 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-02-07 15:14 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-02-07 15:14 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-02-07 15:14 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-02-07 15:14 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-02-07 15:14 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-02-07 15:14 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-02-07 15:14 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-02-07 15:14 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-02-07 15:14 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-02-07 15:14 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-02-07 15:14 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-02-07 15:14 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-02-07 15:14 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-02-07 15:14 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-02-07 15:14 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-02-07 15:14 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-02-07 15:14 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-02-07 15:14 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-02-07 15:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-02-07 15:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-02-07 15:14 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-02-07 15:14 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-02-07 15:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-02-07 15:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-02-07 15:14 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-02-07 15:14 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-02-07 15:14 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-02-07 15:14 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-02-07 15:14 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-02-07 15:14 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-02-07 15:14 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-02-07 15:14 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-02-07 15:14 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-07 15:14 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-02-07 15:14 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-02-07 15:14 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-02-07 15:14 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-02-07 15:14 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-02-07 15:14 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-02-07 15:14 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-02-07 15:14 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-02-07 15:14 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-02-07 15:14 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-02-07 15:14 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-02-07 15:14 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-02-07 15:14 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-02-07 15:14 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-02-07 15:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-02-07 15:14 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-02-07 15:14 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-02-07 15:07 - 2015-02-09 18:23 - 00000000 ____D () C:\Program Files\Ubisoft
2015-02-07 15:04 - 2015-02-20 14:49 - 00000000 ___RD () C:\Users\Public
2015-02-07 15:04 - 2015-02-07 15:04 - 00320120 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-02-07 15:04 - 2015-02-07 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-07 15:03 - 2015-02-09 18:31 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\DAEMON Tools Lite
2015-02-07 15:03 - 2015-02-07 15:06 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-07 15:03 - 2015-02-07 15:03 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-02-07 13:47 - 2015-02-07 19:57 - 00000000 ____D () C:\Program Files\Unlocker
2015-02-07 13:47 - 2015-02-07 13:47 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-02-07 13:24 - 2015-02-13 22:17 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-07 13:24 - 2015-02-07 13:24 - 00001897 _____ () C:\Users\Marcel\Desktop\PeerBlock.lnk
2015-02-07 13:24 - 2015-02-07 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2015-02-07 12:42 - 2015-02-07 15:05 - 00000000 ____D () C:\ProgramData\{093fca7e-c88d-bcc4-093f-fca7ec8829fb}
2015-02-07 10:15 - 2015-02-07 10:16 - 00000000 ____D () C:\Program Files\DesktopMaker
2015-02-07 10:15 - 2015-02-07 10:15 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Copy Handler
2015-02-07 10:15 - 2015-02-07 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.ini Maker 2.4.1
2015-02-07 10:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-07 10:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-02-06 19:09 - 2015-02-06 19:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.StarMade
2015-02-03 19:00 - 2015-02-09 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coin Miner
2015-02-03 19:00 - 2015-02-03 20:23 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\CoinMiner
2015-02-03 16:33 - 2015-02-09 18:31 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\FileZilla
2015-02-03 15:18 - 2015-02-03 15:18 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-03 15:18 - 2014-06-16 07:01 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-02-03 15:18 - 2014-06-16 07:01 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-02-03 15:17 - 2015-02-03 15:17 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-02 18:14 - 2015-02-02 18:14 - 00015192 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-02-02 18:01 - 2015-02-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-02-02 18:01 - 2015-02-02 18:01 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-02-02 17:41 - 2015-02-20 17:43 - 00000000 ____D () C:\Program Files\Resource Hacker
2015-02-02 17:41 - 2015-02-02 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2015-02-01 21:09 - 2015-02-01 21:09 - 00029528 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-01-30 20:12 - 2015-02-09 18:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 18:06 - 2015-01-26 18:06 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Ufasoft
2015-01-26 17:32 - 2015-01-26 17:32 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Ufasoft
2015-01-26 17:30 - 2015-02-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-26 17:30 - 2015-02-19 19:48 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-26 14:21 - 2015-02-21 12:32 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\uTorrent
2015-01-26 14:21 - 2015-02-15 12:46 - 00000857 _____ () C:\Users\Marcel\Desktop\µTorrent.lnk
2015-01-26 14:21 - 2015-02-15 12:46 - 00000837 _____ () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-26 14:11 - 2015-02-09 18:31 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-26 14:11 - 2015-02-09 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-01-26 14:06 - 2015-02-07 15:19 - 00000000 ____D () C:\Users\Marcel\Documents\My Games
2015-01-26 14:06 - 2015-01-26 14:06 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Skyrim
2015-01-26 14:00 - 2015-01-26 14:00 - 00000000 ____D () C:\Program Files\Common Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 12:28 - 2015-01-15 20:18 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 12:24 - 2015-01-15 20:15 - 00378244 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 12:21 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 12:21 - 2009-07-14 05:34 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 12:21 - 2009-07-14 05:34 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 20:48 - 2005-04-08 03:16 - 00000000 ___HD () C:\Users\Marcel\AppData\Roaming\FDE98359
2015-02-20 17:24 - 2015-01-15 21:26 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Skype
2015-02-20 16:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-20 16:26 - 2015-01-15 21:28 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\.minecraft
2015-02-20 14:52 - 2015-01-15 20:50 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Apps\2.0
2015-02-20 14:49 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-20 14:49 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-19 19:55 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-19 19:49 - 2015-01-15 20:14 - 00000000 ____D () C:\Users\Marcel
2015-02-19 19:48 - 2015-01-16 14:29 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Mozilla
2015-02-19 19:48 - 2015-01-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 19:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-19 19:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-19 19:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-19 19:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-19 19:06 - 2015-01-15 20:50 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Deployment
2015-02-12 17:23 - 2015-01-15 20:14 - 00000000 ____D () C:\Users\Marcel\AppData\Local\VirtualStore
2015-02-09 18:31 - 2015-01-15 21:26 - 00000000 ____D () C:\ProgramData\Skype
2015-02-09 18:31 - 2015-01-15 20:53 - 00000000 ____D () C:\Program Files\Intel
2015-02-09 18:31 - 2015-01-15 20:07 - 00000000 ____D () C:\Windows\Panther
2015-02-09 18:25 - 2015-01-15 21:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-07 19:58 - 2009-07-14 04:20 - 00000000 ___RD () C:\Program Files (x86)
2015-02-07 15:15 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-07 15:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-07 15:07 - 2015-01-15 20:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-07 10:00 - 2015-01-16 15:03 - 00000174 _____ () C:\Users\Marcel\Desktop\Prison Spamms.txt
2015-02-04 23:40 - 2015-01-16 15:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 23:40 - 2015-01-16 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 20:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-01 12:40 - 2015-01-17 23:35 - 00000000 ____D () C:\Users\Marcel\Desktop\Rainer
2015-01-31 12:54 - 2015-01-16 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 14:01 - 2015-01-15 21:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 14:01 - 2015-01-15 21:24 - 00000000 ____D () C:\Program Files\Java
2015-01-26 14:00 - 2015-01-15 21:24 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
==================== Files in the root of some directories =======
2015-02-20 20:27 - 2015-02-20 20:21 - 0082432 ____H () C:\Users\Marcel\AppData\Roaming\26.exe
2015-02-18 14:02 - 2015-02-18 14:02 - 0000020 _____ () C:\Users\Marcel\AppData\Roaming\appdataFr3.bin
2015-02-20 20:44 - 2015-02-20 20:44 - 0000014 _____ () C:\Users\Marcel\AppData\Roaming\checkV8
2015-01-16 14:39 - 2015-01-16 14:39 - 0000779 _____ () C:\Users\Marcel\AppData\Roaming\gdscan.log
2015-02-20 19:56 - 2015-02-20 19:56 - 0000183 _____ () C:\Users\Marcel\AppData\Roaming\MARCEL-PC - 764.txt
2015-02-20 20:45 - 2015-02-20 20:45 - 0001078 _____ () C:\Users\Marcel\AppData\Roaming\Std.ico
2015-02-13 16:22 - 2015-02-13 16:22 - 0000000 ___SH () C:\Users\Marcel\AppData\Local\LumaEmu
2015-02-19 18:59 - 2015-02-19 18:59 - 0000080 _____ () C:\Users\Marcel\AppData\Local\recently-fix.db
2015-01-15 20:56 - 2015-01-15 20:56 - 0000000 _____ () C:\Users\Marcel\AppData\Local\{30441EC4-C9E0-4701-BD78-0B1FC2A29AAA}
Files to move or delete:
====================
C:\Users\Marcel\AppData\Local\temp\aMHtK42dJoc.exe
C:\Users\Marcel\update-payday2.bat
Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\temp\aMHtK42dJoc.exe
C:\Users\Marcel\AppData\Local\temp\catchme.dll
C:\Users\Marcel\AppData\Local\temp\res.exe
C:\Users\Marcel\AppData\Local\temp\svchost.exe
C:\Users\Marcel\AppData\Local\temp\ZEUS CRYPTER.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 18:01
==================== End Of Log ============================
--- --- --- Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Marcel on 21.02.2015 at 12:26:12,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicAssistant_v0-1-6_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicAssistant_v0-1-6_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_athtek-skype-voice-changer_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_athtek-skype-voice-changer_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Marcel\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\7x72t349.default\prefs.js
user_pref("browser.search.order.1", "default-search.net");
user_pref("browser.search.selectedEngine", "default-search.net");
user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=15586&tm=620&src=hmp");
user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=15586&tm=620&src=ds&p=");
Emptied folder: C:\Users\Marcel\AppData\Roaming\mozilla\firefox\profiles\7x72t349.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.02.2015 at 12:28:33,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 21.02.2015
Suchlauf-Zeit: 12:15:21
Logdatei: malwarebytes.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.21.03
Rootkit Datenbank: v2015.02.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: Marcel
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 316149
Verstrichene Zeit: 5 Min, 13 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 4
PUP.Optional.AdPeak.A, C:\Program Files\010\duuwysugju32.exe, 420, Löschen bei Neustart, [92850819e3a7cb6b02df43db53b2956b]
Trojan.Agent, C:\Users\Marcel\AppData\Roaming\35028135\svchost.exe, 3740, Löschen bei Neustart, [4bccb26f0387c472e50171891ce732ce]
Trojan.Agent, C:\Users\Marcel\AppData\Roaming\35028135\svchost.exe, 3828, Löschen bei Neustart, [4bccb26f0387c472e50171891ce732ce]
Trojan.Agent, C:\Users\Marcel\AppData\Roaming\35028135\svchost.exe, 4120, Löschen bei Neustart, [4bccb26f0387c472e50171891ce732ce]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 7
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, In Quarantäne, [031460c13f4b6ec88679ed226b98c739],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\Linkey.Linkey, In Quarantäne, [b36480a11476f046ec1bfa1691728b75],
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\duuwysugju32, In Quarantäne, [92850819e3a7cb6b02df43db53b2956b],
PUP.Optional.CouponArific.A, HKLM\SOFTWARE\couponarific, In Quarantäne, [81961b0690faf24432d68521669dc63a],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SmdmF, In Quarantäne, [67b00e138802989edf551b9833d0f20e],
PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE, In Quarantäne, [73a4071a47432e0826a6793fc93ab34d],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2853233061-4257070424-1586124854-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [ef28aa77eb9f60d6052fd1cf8182dc24],
Registrierungswerte: 4
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|x86kernel2, c:\users\marcel\appdata\roaming\35028135\svchost.exe, In Quarantäne, [4bccb26f0387c472e50171891ce732ce]
Trojan.Agent, HKU\S-1-5-21-2853233061-4257070424-1586124854-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|x86kernel2, c:\users\marcel\appdata\roaming\35028135\svchost.exe, In Quarantäne, [4bccb26f0387c472e50171891ce732ce]
PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Marcel\AppData\Roaming\VOPackage\uninstall.exe", In Quarantäne, [73a4071a47432e0826a6793fc93ab34d]
Backdoor.Agent.PGen, HKU\S-1-5-21-2853233061-4257070424-1586124854-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|Policies, c:\directory\CyberGate\install\server.exe, In Quarantäne, [d3445cc51a70b38305c53b7670947f81]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 8
PUP.Optional.AdPeak.A, C:\Program Files\010, Löschen bei Neustart, [92850819e3a7cb6b02df43db53b2956b],
Rogue.Multiple, C:\Users\Marcel\AppData\Roaming\35028135, Löschen bei Neustart, [4bccb46d0f7bcf67cccfc38708fbae52],
Trojan.PWS, C:\directory\CyberGate, In Quarantäne, [7a9dd44d34568aac996bc88cf112fe02],
Trojan.PWS, C:\directory\CyberGate\install, In Quarantäne, [7a9dd44d34568aac996bc88cf112fe02],
PUP.Optional.OpenCandy, C:\Users\Marcel\AppData\Roaming\OpenCandy, In Quarantäne, [41d6f9282c5ed85e83aa4317b64d49b7],
PUP.Optional.OpenCandy, C:\Users\Marcel\AppData\Roaming\OpenCandy\6BBBAC0451F8456E97F29325C20CDF97, In Quarantäne, [41d6f9282c5ed85e83aa4317b64d49b7],
PUP.Optional.VOPackage.A, C:\Users\Marcel\AppData\Roaming\VOPackage, In Quarantäne, [c750978aa4e69a9c15c6365743c031cf],
PUP.Optional.VOPackage.A, C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, In Quarantäne, [d5429f823f4b0234b527ace17d86a060],
Dateien: 38
Trojan.MSIL, C:\Users\Marcel\AppData\Roaming\Public.exe, In Quarantäne, [b760ab76e3a7fb3b8b9137d64fb12bd5],
Password.Stealer, C:\Users\Marcel\Desktop\iStealer_6.3_Legends.rar, In Quarantäne, [021561c002880c2a3943069353adf50b],
Hacktool.Crypter, C:\$RECYCLE.BIN\S-1-5-21-2853233061-4257070424-1586124854-1000\$RVDJEG6.exe, In Quarantäne, [6bacfe232f5b40f6cc0a61afad531ce4],
Cryptool.Agent, C:\$RECYCLE.BIN\S-1-5-21-2853233061-4257070424-1586124854-1000\$R3TM55J\Stealth Crypter-v4.exe, In Quarantäne, [071081a059314aec52e7c2243ec7748c],
Trojan.Downloader, C:\$RECYCLE.BIN\S-1-5-21-2853233061-4257070424-1586124854-1000\$RM4ARVF\stub.exe, In Quarantäne, [8d8a23fe4b3f54e2373b324703fd936d],
Trojan.MSIL, C:\$RECYCLE.BIN\S-1-5-21-2853233061-4257070424-1586124854-1000\$RQE161Q\Crime.exe, In Quarantäne, [a671909198f235015c098f2d0af645bb],
Trojan.Agent, C:\$RECYCLE.BIN\S-1-5-21-2853233061-4257070424-1586124854-1000\$RQE161Q\ewerwe.exe, In Quarantäne, [60b7b76a7515ed49d4346f4511ef9a66],
Trojan.MSIL, C:\$RECYCLE.BIN\S-1-5-21-2853233061-4257070424-1586124854-1000\$RSGFJ5U\Stub.exe, In Quarantäne, [49ce4dd4fc8ea5913782043ebb4a10f0],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\140.exe, In Quarantäne, [f621ad74f199be787a5fa963dd238f71],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\254.exe, In Quarantäne, [de39170a701a1d19f7e27993d12fae52],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\257.exe, In Quarantäne, [70a7c35e8802f83ec316e22a13ed54ac],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\268.exe, In Quarantäne, [8790968b870384b2ce0b04089e6213ed],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\377.exe, In Quarantäne, [9384ab76404ab77fbd1cf21a9f6118e8],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\479.exe, In Quarantäne, [60b77da48703ed4929b06d9f1ae6e41c],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\519.exe, In Quarantäne, [9f78a57c7416cc6a18c18f7d36cac040],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\755.exe, In Quarantäne, [021579a8157588ae5980e22add239c64],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\811.exe, In Quarantäne, [7f982ff2ccbed264d306bf4d1be549b7],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\83.exe, In Quarantäne, [0017be63c2c8e650aa2f060627d9e818],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\855.exe, In Quarantäne, [cb4ced3437531125f1e8c84449b7fd03],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\903.exe, In Quarantäne, [6bac3de4771374c213c64cc0ee129070],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\958.exe, In Quarantäne, [f2259b8649412a0ce9f02ede6a961ee2],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\960.exe, In Quarantäne, [9d7a3de47a1038fe9445d23a06faf907],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\965.exe, In Quarantäne, [d245ef325c2e71c5c91024e818e8b54b],
Trojan.VBInject, C:\Users\Marcel\AppData\Local\temp\975.exe, In Quarantäne, [e53236eb3555fb3bd3063ece847c13ed],
Trojan.MSIL, C:\Users\Marcel\Downloads\iStealer 6.rar, In Quarantäne, [2fe8041daae0b77f1a4b497339c7bd43],
PUP.Optional.WebsSearches.A, C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, In Quarantäne, [7f9855ccbcce79bd7136b7e2649f44bc],
PUP.Optional.WebsSearches.A, C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, In Quarantäne, [66b1c25fd3b776c0485fc7d27e850bf5],
Trojan.Agent, C:\Users\Marcel\AppData\Local\temp\winlogon.exe, In Quarantäne, [c94ef32ef793e650105c7d6845becb35],
Trojan.Agent.Gen, C:\Users\Marcel\AppData\Roaming\Marcel-wchelper.dll, In Quarantäne, [8e89938e9eecb482225f40948084f907],
PUP.Optional.AdPeak.A, C:\Program Files\010\duuwysugju32.exe, Löschen bei Neustart, [92850819e3a7cb6b02df43db53b2956b],
Trojan.Agent, C:\Users\Marcel\AppData\Roaming\35028135\svchost.exe, Löschen bei Neustart, [4bccb26f0387c472e50171891ce732ce],
PUP.Optional.OpenCandy, C:\Users\Marcel\AppData\Roaming\OpenCandy\6BBBAC0451F8456E97F29325C20CDF97\WebCompanionInstaller.exe, In Quarantäne, [41d6f9282c5ed85e83aa4317b64d49b7],
PUP.Optional.VOPackage.A, C:\Users\Marcel\AppData\Roaming\VOPackage\Uninstall.exe, In Quarantäne, [c750978aa4e69a9c15c6365743c031cf],
PUP.Optional.VOPackage.A, C:\Users\Marcel\AppData\Roaming\VOPackage\VOPackage.exe, In Quarantäne, [c750978aa4e69a9c15c6365743c031cf],
PUP.Optional.VOPackage.A, C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, In Quarantäne, [d5429f823f4b0234b527ace17d86a060],
PUP.Optional.DefaultSearch, C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\7x72t349.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "default-search.net");), Ersetzt,[839408194446f046ce39ff0690760ff1]
PUP.Optional.DefaultSearch.A, C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\7x72t349.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=15586&tm=620&src=hmp");), Ersetzt,[997e2af7682271c53dc2798cb84ef010]
PUP.Optional.DefaultSearch.A, C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\7x72t349.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=15586&tm=620&src=ds&p=");), Ersetzt,[53c4f62ba0ea1f1733cd0afc46c040c0]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
|
FRST 32-Bit | FRST 64-Bit
So funktioniert es:
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
