TechSpot

[A] Another crit error... restart in one minute

By sriver
Aug 5, 2012
  1. :(

    I've Vista Ultimate x64.

    Thanks for your help!
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  3. sriver

    sriver TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
    Ran by SYSTEM at 06-08-2012 02:42:17
    Running from H:\
    Windows Vista (TM) Ultimate Service Pack 1 (X64) OS Language: German Standard
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" /r [880128 2011-11-14] (Creative Technology Ltd)
    HKLM-x32\...\Run: [iTunesHelper] "P:\iTunes\iTunesHelper.exe" [x]
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Fabi\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    ==================== Services (Whitelisted) ======
    3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2012-04-06] (Creative Labs)
    2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [104448 2011-11-28] (Creative Technology Ltd)
    3 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-07-14] ()
    3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    3 O&O Defrag; C:\Windows\system32\oodag.exe [1418248 2007-05-11] (O&O Software GmbH)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-05] ()
    4 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
    3 Viewpoint Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [30152 2008-04-04] (Viewpoint Corporation)
    3 VMwareHostd; "C:\VMware Server\vmware-hostd.exe" -u "C:\ProgramData\VMware\VMware Server\hostd\config.xml" [22026 2011-01-13] ()
    4 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
    3 WireHelpSvc; C:\Program Files\Common Files\WireHelpSvc.exe [168864 2011-08-08] ()
    3 Hamachi2Svc; C:\Hamachi\hamachi-2.exe -s [x]
    3 HiPatchService; C:\Hi-Rez Studios\HiPatchService.exe [x]
    2 StarWindService; C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [x]
    3 VMAuthdService; "C:\VMware Server\vmware-authd.exe" [x]
    3 VMwareServerWebAccess; "C:\VMware Server\tomcat\bin\Tomcat6.exe" //RS//VMwareServerWebAccess [x]
    ========================== Drivers (Whitelisted) =============
    0 31835220; C:\Windows\System32\Drivers\31835220.sys [460888 2012-08-06] (Kaspersky Lab ZAO)
    0 726694761873fee; C:\Windows\System32\Drivers\726694761873fee.sys [85976 2012-08-04] () ATTENTION =====> Rootkit?
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-06] ()
    3 cthda; C:\Windows\System32\Drivers\cthda.sys [1266264 2011-11-28] (Creative Technology Ltd)
    3 CTHDB; C:\Windows\System32\Drivers\CTHDB.sys [23640 2011-11-28] ()
    3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-04-14] (Turtle Entertainment GmbH)
    2 ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [161184 2011-08-08] (<Turtle Entertainment>)
    3 FET5A64; C:\Windows\System32\Drivers\FET5A64.sys [49024 2006-09-18] (VIA Technologies, Inc. )
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-09-23] (LogMeIn, Inc.)
    3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [56832 2008-09-23] (Atheros Communications, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
    3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
    3 RTL2832UBDA; C:\Windows\System32\Drivers\RTL2832UBDA.sys [116728 2010-05-25] (REALTEK SEMICONDUCTOR Corp.)
    3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [38520 2010-05-25] (REALTEK SEMICONDUCTOR Corp.)
    3 RTL2832U_IRHID; C:\Windows\System32\Drivers\RTL2832U_IRHID.sys [43840 2010-05-07] (Realtek)
    3 SNPSTD3; C:\Windows\System32\Drivers\SNPSTD3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
    0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-05-19] (Duplex Secure Ltd.)
    1 vmm; \??\C:\Windows\system32\Treiber\vmm.sys [294248 2009-07-15] (Microsoft Corporation)
    3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 RTCore64; \??\P:\MSI Afterburner\RTCore64.sys [x]
    2 TBPanel; [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-08-06 01:44 - 2012-08-06 01:45 - 00000000 ____D C:\FRST
    2012-08-06 01:37 - 2006-11-02 12:16 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\wlrmdr.exe
    2012-08-06 01:26 - 2012-08-06 01:26 - 00000000 ___SD C:\32788R22FWJFW
    2012-08-06 01:14 - 2012-08-06 01:14 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.852610020503EF17
    2012-08-06 00:21 - 2012-08-06 00:20 - 00000339 ____A C:\exefix.reg
    2012-08-05 23:57 - 2012-08-05 23:57 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-05 23:57 - 2012-08-05 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 23:57 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-05 23:07 - 2012-08-05 23:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-05 23:07 - 2012-08-05 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-05 22:52 - 2012-08-06 00:09 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\31835220.sys
    2012-08-05 22:47 - 2012-08-05 22:52 - 141755176 ____A C:\Users\Fabi\Desktop\setup_11.0.0.1245.x01_2012_08_06_01_09.exe
    2012-08-05 22:08 - 2012-08-05 22:18 - 155885352 ____A (Kaspersky Lab) C:\Users\Fabi\Desktop\kav12.0.0.374de_de.exe
    2012-08-05 21:47 - 2012-08-05 21:47 - 00000000 ____D C:\Users\Fabi\AppData\Local\{8AF5CAFC-C394-474B-B8DF-ED4CB88801FA}
    2012-08-05 21:47 - 2012-08-05 21:47 - 00000000 ____D C:\Users\Fabi\AppData\Local\{80B80C26-0A0C-485C-B561-33C9D5F99315}
    2012-08-05 21:43 - 2012-08-05 21:43 - 00000398 ____A C:\blitzblank.log
    2012-08-05 21:38 - 2012-08-05 21:38 - 01153912 ____A (Emsi Software GmbH) C:\Users\Fabi\Desktop\BlitzBlank.exe
    2012-08-05 21:32 - 2012-08-05 21:33 - 00000061 ____A C:\Users\Fabi\Desktop\baem.txt
    2012-08-05 21:29 - 2012-08-05 21:29 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-05 21:29 - 2012-08-05 21:29 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-05 21:29 - 2012-08-05 21:29 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-08-05 21:29 - 2012-08-05 21:29 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-05 21:29 - 2012-08-05 21:29 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-05 21:29 - 2012-08-05 21:29 - 00000000 ____D C:\Program Files\Java
    2012-08-05 21:22 - 2012-08-05 21:22 - 00000000 ____D C:\Windows\erdnt
    2012-08-05 21:20 - 2012-08-05 21:20 - 04725168 ____R (Swearware) C:\Users\Fabi\Desktop\ComboFix.exe
    2012-08-05 21:17 - 2012-08-05 21:47 - 00000241 ____A C:\Users\Fabi\Desktop\remove it.url
    2012-08-05 09:46 - 2012-08-05 09:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{4CE48065-3133-4541-B5A1-93011F080CEB}
    2012-08-05 09:45 - 2012-08-05 09:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{732E6818-FB08-41F0-A181-2AD0502422EA}
    2012-08-04 23:42 - 2012-08-04 23:42 - 00000000 ____D C:\Program Files\Microsoft Security Client(37)
    2012-08-04 21:06 - 2012-08-04 21:07 - 00000000 ____D C:\Users\Fabi\AppData\Local\{61D9B869-2664-4DA2-8A36-DDA57588B454}
    2012-08-04 21:06 - 2012-08-04 21:06 - 00000000 ____D C:\Users\Fabi\AppData\Local\{FAEA690C-A331-41D9-AD83-5FB622E6D9EA}
    2012-08-04 21:06 - 2012-08-04 21:06 - 00000000 ____D C:\Users\Fabi\AppData\Local\{F0861607-BB87-42B8-AFBC-67A7A6737CFD}
    2012-08-04 21:06 - 2012-08-04 21:06 - 00000000 ____D C:\Users\Fabi\AppData\Local\{B67C47A4-A43D-4BC9-BC71-5AACA6DD358C}
    2012-08-04 16:52 - 2012-08-04 16:52 - 00000000 ____D C:\Users\Fabi\AppData\Roaming\Malwarebytes
    2012-08-04 16:51 - 2012-08-04 16:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-04 09:05 - 2012-08-04 09:06 - 00000000 ____D C:\Users\Fabi\AppData\Local\{4AE2C332-8BA5-4DF5-8C49-726E2F7B60BB}
    2012-08-04 09:05 - 2012-08-04 09:05 - 00000000 ____D C:\Users\Fabi\AppData\Local\{977895F9-9CCE-4F89-914B-1EB0D1523BFE}
    2012-08-04 09:02 - 2012-08-04 09:02 - 00085976 ____A C:\Windows\System32\Drivers\726694761873fee.sys
    2012-08-04 09:01 - 2012-08-04 09:01 - 00000000 ____D C:\Users\Fabi\AppData\Local\{7F8DE644-A71D-4B32-AD6B-7A2A2A7E843F}
    2012-08-04 09:01 - 2012-08-04 09:01 - 00000000 ____D C:\Users\Fabi\AppData\Local\{0C81FE54-F4C7-4771-9A0A-C007FA4F6732}
    2012-08-03 20:46 - 2012-08-03 20:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{A9D0A063-CA52-4FBB-9831-6003000376A9}
    2012-08-03 20:46 - 2012-08-03 20:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{44EEC47A-A2E8-4D7B-93E2-533E1A913D2E}
    2012-08-03 08:46 - 2012-08-03 08:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{C6B95CE4-BFDF-4BF7-91BF-215F7D515C6E}
    2012-08-03 08:45 - 2012-08-03 08:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{D7FCF93F-D50F-4710-B257-B133460B05F5}
    2012-08-02 20:45 - 2012-08-02 20:45 - 00000000 ____D C:\Users\Fabi\AppData\Local\{1D4BB87D-E773-4892-9B4B-E8E9CFB6F9FD}
    2012-08-02 20:45 - 2012-08-02 20:45 - 00000000 ____D C:\Users\Fabi\AppData\Local\{1915252E-4B14-41FB-95C6-6E827AD8A5AA}
    2012-08-02 08:45 - 2012-08-02 08:45 - 00000000 ____D C:\Users\Fabi\AppData\Local\{270BC113-FB5B-4311-B3EE-426A6DE8BCC9}
    2012-08-02 08:44 - 2012-08-02 08:45 - 00000000 ____D C:\Users\Fabi\AppData\Local\{A7EF7154-1B38-4754-982D-DDE75E30897D}
    2012-08-01 08:46 - 2012-08-01 08:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{7BF4C4FE-58A9-4A59-9976-FE163C0B1C61}
    2012-08-01 08:46 - 2012-08-01 08:46 - 00000000 ____D C:\Users\Fabi\AppData\Local\{595EBEAC-45C3-4BBE-9520-1A419FAA53A5}
    2012-07-31 09:59 - 2012-07-31 09:59 - 00000000 ____D C:\Users\Fabi\AppData\Local\{D7CFD6BB-B3D3-4C9A-B4DD-630B82FED355}
    2012-07-31 09:59 - 2012-07-31 09:59 - 00000000 ____D C:\Users\Fabi\AppData\Local\{2DF16F1A-D9DF-4BF7-8375-A8CB57A8F84D}
    2012-07-30 21:58 - 2012-07-30 21:58 - 00000000 ____D C:\Users\Fabi\AppData\Local\{ED405EEB-2FD9-45BF-BCBC-56634C547F1B}
    2012-07-30 21:58 - 2012-07-30 21:58 - 00000000 ____D C:\Users\Fabi\AppData\Local\{0763FA0F-B1FC-45AB-837C-A3BF0E3C158F}
    2012-07-30 09:16 - 2012-07-30 09:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{EDC7603B-CA20-489E-82A8-B534382E9317}
    2012-07-30 09:16 - 2012-07-30 09:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{183FBCCB-A2FC-4868-8D15-24BAEF1CBADE}
    2012-07-29 21:15 - 2012-07-29 21:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{B1EA4A84-D167-4354-AF64-1B7F200DC717}
    2012-07-29 09:15 - 2012-07-29 21:15 - 00000000 ____D C:\Users\Fabi\AppData\Local\{BC93C775-520F-47FA-A830-AA0CA2440BDA}
    2012-07-29 09:15 - 2012-07-29 09:15 - 00000000 ____D C:\Users\Fabi\AppData\Local\{15CE832D-3B68-4A9F-8706-1964B2BF2786}
    2012-07-28 09:15 - 2012-07-28 09:15 - 00000000 ____D C:\Users\Fabi\AppData\Local\{BB0E7ABF-862D-4BA3-B9A1-B86A00CC8851}
    2012-07-27 21:15 - 2012-07-28 09:15 - 00000000 ____D C:\Users\Fabi\AppData\Local\{4A4052FA-DAD9-4326-A394-FDB850E76F28}
    2012-07-27 21:15 - 2012-07-27 21:15 - 00000000 ____D C:\Users\Fabi\AppData\Local\{4E761993-7659-41F4-AB38-DDF878F28FDC}
    2012-07-26 18:45 - 2012-07-26 18:45 - 00000000 ____D C:\Users\Fabi\AppData\Local\{B503F581-AA29-45AE-A948-207C7F6DA042}
    2012-07-26 18:45 - 2012-07-26 18:45 - 00000000 ____D C:\Users\Fabi\AppData\Local\{9CACA776-0F41-4AEC-80D2-5521E068CF5B}
    2012-07-25 16:07 - 2012-07-25 16:07 - 00000000 ____D C:\Users\Fabi\AppData\Local\{D5EB1EBA-372C-49D1-932E-FB9412F1F3E0}
    2012-07-25 16:07 - 2012-07-25 16:07 - 00000000 ____D C:\Users\Fabi\AppData\Local\{BC54BDCB-C187-46E5-8881-43452998B34E}
    2012-07-24 17:33 - 2012-07-24 17:33 - 00000000 ____D C:\Users\Fabi\AppData\Local\{7807D976-D54A-4C9A-A97F-857A3F3CD678}
    2012-07-24 17:33 - 2012-07-24 17:33 - 00000000 ____D C:\Users\Fabi\AppData\Local\{562FF818-B0AC-469B-B497-D6EDFD44425C}
    2012-07-23 21:53 - 2012-07-23 21:53 - 00000000 ____D C:\Users\Fabi\AppData\Local\{7DEAB493-2770-4D2D-BB46-0E38662EB4F4}
    2012-07-23 21:53 - 2012-07-23 21:53 - 00000000 ____D C:\Users\Fabi\AppData\Local\{43BF60FA-BCEC-46BC-85BE-35C1A33E978F}
    2012-07-22 20:36 - 2012-07-22 20:36 - 00000000 ____D C:\Users\Fabi\AppData\Local\{E8FB403C-88DC-4509-83CB-3659B5822112}
    2012-07-22 20:36 - 2012-07-22 20:36 - 00000000 ____D C:\Users\Fabi\AppData\Local\{80B382DD-A35A-4F39-AA1E-BC05354E522C}
    2012-07-21 20:29 - 2012-07-21 20:29 - 00000000 ____D C:\Users\Fabi\AppData\Local\{93B76C3F-DFBB-4E97-9439-5A06BA1D33F4}
    2012-07-21 20:28 - 2012-07-21 20:29 - 00000000 ____D C:\Users\Fabi\AppData\Local\{5B9D010E-DC4D-4FFF-A9E7-C60E1385D5B8}
    2012-07-21 08:28 - 2012-07-21 08:28 - 00000000 ____D C:\Users\Fabi\AppData\Local\{97E4125C-09CD-4A88-8BDC-0A2D133E6766}
    2012-07-21 08:28 - 2012-07-21 08:28 - 00000000 ____D C:\Users\Fabi\AppData\Local\{2A7DB124-DE4D-4404-9958-2E77FC4D2B3F}
    2012-07-20 16:07 - 2012-07-20 16:07 - 00000000 ____D C:\Users\Fabi\AppData\Local\{E8CDEA83-2014-4AD0-B466-AEE7A067EF74}
    2012-07-20 16:07 - 2012-07-20 16:07 - 00000000 ____D C:\Users\Fabi\AppData\Local\{46527916-A585-4664-960D-DA74A2306376}
    2012-07-19 18:32 - 2012-07-19 18:32 - 00000000 ____D C:\Users\Fabi\AppData\Local\{7DE4AF21-C0E3-4B6B-AB2B-A07101E318C0}
    2012-07-19 18:31 - 2012-07-19 18:32 - 00000000 ____D C:\Users\Fabi\AppData\Local\{8D22F788-7F4A-4597-917D-D02093C9A683}
    2012-07-18 16:16 - 2012-07-18 16:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{CD655840-CA5D-4BC6-98D1-23A11CF70375}
    2012-07-18 16:15 - 2012-07-18 16:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{5D8B15EF-685A-4C1F-B797-CC4761B27753}
    2012-07-17 17:16 - 2012-07-17 17:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{E7595366-BD38-40F7-B7AB-D5A075061117}
    2012-07-17 17:16 - 2012-07-17 17:16 - 00000000 ____D C:\Users\Fabi\AppData\Local\{1FA1D3D4-152C-4B2A-9012-E5C070420EEC}
    2012-07-15 22:32 - 2012-07-15 22:32 - 00000000 ____D C:\Users\Fabi\AppData\Local\{262A1F78-7A7E-49E7-BCB8-EB37842DF375}
    2012-07-15 22:32 - 2012-07-15 22:32 - 00000000 ____D C:\Users\Fabi\AppData\Local\{03E5472E-796C-4702-A16A-C778949BE6AE}
    2012-07-15 13:19 - 2012-07-15 13:19 - 00001586 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-07-15 10:31 - 2012-07-15 10:32 - 00000000 ____D C:\Users\Fabi\AppData\Local\{D9F62239-627F-4992-81C4-C5A5CCBFEE43}
    2012-07-15 08:19 - 2012-07-15 08:20 - 00000000 ____D C:\Program Files\iTunes
    2012-07-15 08:19 - 2012-07-15 08:19 - 00000000 ____D C:\Program Files\iPod
    2012-07-14 22:31 - 2012-07-15 10:31 - 00000000 ____D C:\Users\Fabi\AppData\Local\{E0995383-058D-4E77-A78A-DCD9B14EF531}
    2012-07-14 22:31 - 2012-07-14 22:31 - 00000000 ____D C:\Users\Fabi\AppData\Local\{FFECC044-F4D5-41EF-9524-5D54E4A6AF75}
    2012-07-14 08:18 - 2012-07-14 08:18 - 00000000 ____D C:\Users\Fabi\AppData\Local\{2FCD10AF-5C57-41F7-A34F-9015A57327D9}
    2012-07-14 08:17 - 2012-07-14 08:18 - 00000000 ____D C:\Users\Fabi\AppData\Local\{AD7A505B-11EB-49D0-B8AC-273F96FD03F7}
    2012-07-13 16:21 - 2012-07-13 16:21 - 00000000 ____D C:\Users\Fabi\AppData\Local\{C7630D71-98B4-41FE-A571-4260A5C6AAC3}
    2012-07-13 16:21 - 2012-07-13 16:21 - 00000000 ____D C:\Users\Fabi\AppData\Local\{6FAF036E-3596-4EFB-9899-B7DD38898A80}
    2012-07-12 18:43 - 2012-07-12 18:43 - 00000000 ____D C:\Users\Fabi\AppData\Local\{DC367153-C944-49F3-867C-A82FA6089059}
    2012-07-12 18:43 - 2012-07-12 18:43 - 00000000 ____D C:\Users\Fabi\AppData\Local\{91A52A16-5DD3-4CFF-A49C-170677C6BFE0}
    2012-07-11 17:35 - 2012-07-11 17:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Vorlagen
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Lokale Einstellungen
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Eigene Dateien
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000000 __SHD C:\Users\UpdatusUser\Anwendungsdaten
    2012-07-11 17:35 - 2012-05-15 10:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-07-11 17:35 - 2012-05-15 10:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-07-11 17:35 - 2012-05-15 10:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-07-11 17:35 - 2012-05-15 10:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-07-11 17:35 - 2012-05-15 10:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-07-11 17:35 - 2012-05-15 10:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-07-11 17:35 - 2011-11-25 00:30 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Microsoft Help
    2012-07-11 17:35 - 2011-11-09 18:51 - 00000000 ____D C:\Users\UpdatusUser\Documents\Visual Studio 2010
    2012-07-11 17:17 - 2012-07-11 17:17 - 00272220 ____A C:\Users\Fabi\Desktop\cc_20120711_181733.reg
    2012-07-11 17:12 - 2012-07-11 17:12 - 00000000 ____D C:\Program Files\CCleaner
    2012-07-11 16:49 - 2012-06-13 14:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 16:49 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 16:49 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 16:49 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 16:49 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 16:49 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 16:49 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 16:49 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 16:49 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 16:49 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 16:49 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 16:49 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 16:49 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 16:49 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 16:49 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 16:49 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 16:49 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 16:49 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 16:49 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 16:49 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 16:49 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 16:49 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 16:49 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 16:49 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 16:49 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 16:49 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 16:49 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 16:49 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 16:49 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 16:25 - 2012-06-08 18:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 16:25 - 2012-06-08 18:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 16:25 - 2012-06-05 17:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 16:25 - 2012-06-05 17:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 16:25 - 2012-06-05 17:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 16:25 - 2012-06-05 17:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 16:25 - 2012-06-04 16:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 16:25 - 2012-06-02 01:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 16:25 - 2012-06-02 01:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 16:25 - 2012-06-02 01:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 16:25 - 2012-06-02 01:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 16:25 - 2012-06-02 01:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 16:18 - 2012-07-11 16:18 - 00000000 ____D C:\Users\Fabi\AppData\Local\{78948B12-CBF4-47B7-8FC6-BFF6B5E45FA6}
    2012-07-11 16:18 - 2012-07-11 16:18 - 00000000 ____D C:\Users\Fabi\AppData\Local\{3851E979-2D0E-42B9-94BD-AB473BD1B7C4}
    2012-07-10 17:27 - 2012-07-10 17:28 - 00000000 ____D C:\Users\Fabi\AppData\Local\{2091A57A-1A33-4785-B144-CC931278984C}
    2012-07-10 17:27 - 2012-07-10 17:27 - 00000000 ____D C:\Users\Fabi\AppData\Local\{9A755E2C-DFB2-4BED-AEBE-594714A2FE21}
    2012-07-08 21:04 - 2012-07-08 21:04 - 00000000 ____D C:\Users\Fabi\AppData\Local\{446AE38E-EBCB-4555-86AE-B5F08289447E}
    2012-07-08 21:04 - 2012-07-08 21:04 - 00000000 ____D C:\Users\Fabi\AppData\Local\{09008DCC-762D-46D1-A9DC-B9750B762D22}
    2012-07-08 21:00 - 2012-07-08 21:00 - 00016536 ____A C:\Users\Fabi\Desktop\american pie klassentreffen.dlc
    2012-07-08 09:03 - 2012-07-08 09:04 - 00000000 ____D C:\Users\Fabi\AppData\Local\{D4037B2C-E31A-4656-B25C-B8A5D7D3CD78}
    2012-07-08 09:03 - 2012-07-08 09:03 - 00000000 ____D C:\Users\Fabi\AppData\Local\{C9BF0F99-3891-4125-83E1-6B320FA2848D}
    2012-07-07 19:25 - 2012-07-07 19:25 - 00000000 ____D C:\Users\Fabi\AppData\Local\{8D13B0B7-42CF-47F6-A95E-E368DDE0B62D}
    2012-07-07 19:25 - 2012-07-07 19:25 - 00000000 ____D C:\Users\Fabi\AppData\Local\{321DDBD5-B671-499E-AB3F-302174B2124A}
    2012-07-07 07:24 - 2012-07-07 07:24 - 00000000 ____D C:\Users\Fabi\AppData\Local\{D1FFA10D-9F03-4445-9F02-93BCEC8188D5}
    2012-07-07 07:24 - 2012-07-07 07:24 - 00000000 ____D C:\Users\Fabi\AppData\Local\{BBD79245-0C37-4929-A134-64FB65E5574C}
    ============ 3 Months Modified Files ========================
    2012-08-06 01:26 - 2009-05-28 20:06 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-06 01:25 - 2006-11-02 16:21 - 00004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-06 01:25 - 2006-11-02 16:21 - 00004224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-06 01:24 - 2010-08-31 18:21 - 00000282 ___AH C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    2012-08-06 01:24 - 2010-04-06 20:03 - 00000282 ___AH C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    2012-08-06 01:24 - 2010-04-06 20:03 - 00000244 ___AH C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    2012-08-06 01:24 - 2006-11-02 16:40 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-06 01:23 - 2011-02-13 10:38 - 01095666 ____A C:\Windows\System32\oodbs.lor
    2012-08-06 01:14 - 2012-08-06 01:14 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.852610020503EF17
    2012-08-06 00:20 - 2012-08-06 00:21 - 00000339 ____A C:\exefix.reg
    2012-08-06 00:09 - 2012-08-05 22:52 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\31835220.sys
    2012-08-05 23:57 - 2012-08-05 23:57 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-05 23:57 - 2008-01-21 11:47 - 01583400 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-05 23:57 - 2008-01-21 11:46 - 00678982 ____A C:\Windows\System32\perfh007.dat
    2012-08-05 23:57 - 2008-01-21 11:46 - 00147446 ____A C:\Windows\System32\perfc007.dat
    2012-08-05 23:08 - 2011-01-26 19:00 - 00001912 ____A C:\Windows\epplauncher.mif
    2012-08-05 23:08 - 2009-05-19 19:15 - 01611046 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-05 23:08 - 2008-01-21 02:53 - 01761278 ____A C:\Windows\WindowsUpdate.log
    2012-08-05 22:53 - 2006-11-02 16:40 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-05 22:52 - 2012-08-05 22:47 - 141755176 ____A C:\Users\Fabi\Desktop\setup_11.0.0.1245.x01_2012_08_06_01_09.exe
    2012-08-05 22:18 - 2012-08-05 22:08 - 155885352 ____A (Kaspersky Lab) C:\Users\Fabi\Desktop\kav12.0.0.374de_de.exe
    2012-08-05 22:03 - 2009-04-26 01:38 - 00101624 ____A C:\Users\Fabi\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-05 22:02 - 2006-11-02 16:21 - 00372520 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-05 22:00 - 2006-11-02 16:39 - 00090126 ____A C:\Windows\PFRO.log
    2012-08-05 21:47 - 2012-08-05 21:17 - 00000241 ____A C:\Users\Fabi\Desktop\remove it.url
    2012-08-05 21:43 - 2012-08-05 21:43 - 00000398 ____A C:\blitzblank.log
    2012-08-05 21:38 - 2012-08-05 21:38 - 01153912 ____A (Emsi Software GmbH) C:\Users\Fabi\Desktop\BlitzBlank.exe
    2012-08-05 21:33 - 2012-08-05 21:32 - 00000061 ____A C:\Users\Fabi\Desktop\baem.txt
    2012-08-05 21:29 - 2012-08-05 21:29 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-08-05 21:29 - 2012-08-05 21:29 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-08-05 21:29 - 2012-08-05 21:29 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-08-05 21:29 - 2012-08-05 21:29 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-08-05 21:29 - 2012-08-05 21:29 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-08-05 21:20 - 2012-08-05 21:20 - 04725168 ____R (Swearware) C:\Users\Fabi\Desktop\ComboFix.exe
    2012-08-05 10:33 - 2006-11-02 13:33 - 29097984 ____A C:\Windows\System32\config\system_previous
    2012-08-05 10:33 - 2006-11-02 13:33 - 105644032 ____A C:\Windows\System32\config\software_previous
    2012-08-05 10:26 - 2006-11-02 13:33 - 65536000 ____A C:\Windows\System32\config\components_previous
    2012-08-05 10:26 - 2006-11-02 13:33 - 03145728 ____A C:\Windows\System32\config\default_previous
    2012-08-05 10:26 - 2006-11-02 13:33 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-08-05 10:26 - 2006-11-02 13:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-08-04 13:37 - 2009-04-26 02:28 - 00008192 _RASH C:\BOOTSECT.BAK
    2012-08-04 12:04 - 2006-11-02 16:26 - 00001230 ____A C:\Windows\setupact.log
    2012-08-04 12:04 - 2006-11-02 16:26 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-04 09:02 - 2012-08-04 09:02 - 00085976 ____A C:\Windows\System32\Drivers\726694761873fee.sys
    2012-07-15 17:27 - 2011-10-02 11:05 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-15 17:27 - 2011-03-20 15:19 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-15 17:27 - 2011-03-20 15:19 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-15 13:19 - 2012-07-15 13:19 - 00001586 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-07-11 17:35 - 2012-07-11 17:35 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-07-11 17:32 - 2009-04-26 01:37 - 00001460 ____A C:\Users\Fabi\AppData\Local\d3d9caps64.dat
    2012-07-11 17:22 - 2011-07-31 21:24 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-11 17:22 - 2011-07-31 21:24 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-11 17:17 - 2012-07-11 17:17 - 00272220 ____A C:\Users\Fabi\Desktop\cc_20120711_181733.reg
    2012-07-11 16:50 - 2006-11-02 13:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-08 21:00 - 2012-07-08 21:00 - 00016536 ____A C:\Users\Fabi\Desktop\american pie klassentreffen.dlc
    2012-07-05 19:12 - 2011-03-20 15:19 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-03 12:46 - 2012-08-05 23:57 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-21 22:08 - 2012-06-21 22:08 - 00002500 ____A C:\Users\Fabi\Desktop\Der.ultimative.Blowjob.Wie.Sie.Ihn.in.Ekstase.blasen.GERMAN.DL.DOKU.1080p.BluRay.x264-SiTiN-yws6z5m0mtvcg.dlc
    2012-06-20 21:18 - 2012-06-20 21:18 - 01294768 ____A (Microsoft Corporation) C:\Users\Fabi\Desktop\vs_ultimate.exe
    2012-06-13 14:58 - 2012-07-11 16:49 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-10 17:48 - 2012-04-01 10:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-10 17:48 - 2011-10-24 21:16 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-08 18:59 - 2012-07-11 16:25 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 18:47 - 2012-07-11 16:25 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 17:47 - 2012-07-11 16:25 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 17:47 - 2012-07-11 16:25 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 17:22 - 2012-07-11 16:25 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 17:22 - 2012-07-11 16:25 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-04 19:32 - 2009-05-13 19:17 - 00001712 ___AH C:\Users\Fabi\Documents\Default.rdp
    2012-06-04 16:29 - 2012-07-11 16:25 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-02 23:19 - 2012-06-21 19:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 23:19 - 2012-06-21 19:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 23:19 - 2012-06-21 19:11 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 23:19 - 2012-06-21 19:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 23:19 - 2012-06-21 19:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 23:19 - 2012-06-21 19:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 23:19 - 2012-06-21 19:11 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 23:15 - 2012-06-21 19:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 23:15 - 2012-06-21 19:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 23:12 - 2012-06-21 19:11 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 14:19 - 2012-06-21 19:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-21 19:11 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 14:15 - 2012-06-21 19:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 14:12 - 2012-06-21 19:11 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-02 13:49 - 2012-07-11 16:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 13:17 - 2012-07-11 16:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 13:12 - 2012-07-11 16:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 13:05 - 2012-07-11 16:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 13:05 - 2012-07-11 16:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 13:04 - 2012-07-11 16:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 13:04 - 2012-07-11 16:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 13:03 - 2012-07-11 16:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 13:01 - 2012-07-11 16:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 13:00 - 2012-07-11 16:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 12:59 - 2012-07-11 16:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 12:57 - 2012-07-11 16:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 12:57 - 2012-07-11 16:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 12:54 - 2012-07-11 16:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 10:07 - 2012-07-11 16:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 09:43 - 2012-07-11 16:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 09:33 - 2012-07-11 16:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 09:26 - 2012-07-11 16:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 09:25 - 2012-07-11 16:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 09:25 - 2012-07-11 16:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 09:23 - 2012-07-11 16:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 09:21 - 2012-07-11 16:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 09:20 - 2012-07-11 16:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 09:19 - 2012-07-11 16:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 09:19 - 2012-07-11 16:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 09:17 - 2012-07-11 16:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 09:16 - 2012-07-11 16:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 09:14 - 2012-07-11 16:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-02 01:22 - 2012-07-11 16:25 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-02 01:22 - 2012-07-11 16:25 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-02 01:05 - 2012-07-11 16:25 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-02 01:04 - 2012-07-11 16:25 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-02 01:03 - 2012-07-11 16:25 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 22:29 - 2012-06-01 22:29 - 00360820 ____A C:\Users\Fabi\AppData\Local\dd_vcredistMSI1F2A.txt
    2012-06-01 22:29 - 2012-06-01 22:29 - 00011154 ____A C:\Users\Fabi\AppData\Local\dd_vcredistUI1F2A.txt
    2012-05-31 23:01 - 2012-05-31 23:01 - 00000114 ____A C:\Users\Fabi\Desktop\wakü.txt
    2012-05-28 20:12 - 2012-05-27 23:11 - 00000235 ____A C:\Users\Fabi\Desktop\Monc Guide.url
    2012-05-19 06:08 - 2009-04-26 02:28 - 00389720 _RASH C:\bootmgr
    2012-05-17 16:42 - 2012-05-17 16:42 - 00000025 ____A C:\Users\Fabi\Desktop\tacs.txt
    2012-05-15 18:31 - 2012-05-15 18:30 - 00360530 ____A C:\Users\Fabi\AppData\Local\dd_vcredistMSI3884.txt
    2012-05-15 18:31 - 2012-05-15 18:30 - 00015098 ____A C:\Users\Fabi\AppData\Local\dd_vcredistUI3884.txt
    2012-05-15 11:48 - 2012-05-22 20:26 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 11:48 - 2012-05-22 20:26 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 11:48 - 2012-05-22 20:25 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 11:48 - 2012-05-20 15:59 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 11:48 - 2012-05-20 15:59 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 11:48 - 2012-05-20 15:59 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 11:48 - 2012-05-20 15:59 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 11:48 - 2011-10-26 21:29 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 11:48 - 2011-10-26 21:29 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 11:48 - 2011-10-26 21:29 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 11:48 - 2011-10-26 21:29 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 10:29 - 2012-07-11 17:35 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 10:29 - 2012-07-11 17:35 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-05-15 10:29 - 2012-07-11 17:35 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 10:29 - 2012-07-11 17:35 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 10:29 - 2012-07-11 17:35 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 10:28 - 2012-07-11 17:35 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
     
  4. sriver

    sriver TS Rookie Topic Starter

    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 10%
    Total physical RAM: 8190.12 MB
    Available physical RAM: 7360.17 MB
    Total Pagefile: 7795.15 MB
    Available Pagefile: 7312.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:97.66 GB) (Free:17.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive e: (Games) (Fixed) (Total:244.14 GB) (Free:50.56 GB) NTFS
    3 Drive f: (Programme) (Fixed) (Total:321.97 GB) (Free:88.16 GB) NTFS
    5 Drive h: () (Removable) (Total:14.91 GB) (Free:11.14 GB) NTFS
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: () (Fixed) (Total:232.83 GB) (Free:209.43 GB) NTFS
    Datentr ### Status GrӇe Frei Dyn GPT
    -------- ---------- ------- ------- --- ---
    0 Online 932 GB 268 GB
    1 Online 233 GB 0 B
    2 Online 15 GB 0 B

    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

    ==========================================================
    Last Boot: 2012-08-05 23:12
    ======================= End Of Log ==========================
     
  5. sriver

    sriver TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 05-08-2012 03
    Ran by SYSTEM at 2012-08-06 02:44:32
    Running from H:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-05-28 20:06] - [2009-04-11 07:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-21 03:49] - [2008-01-21 03:49] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-05-28 20:06] - [2009-04-11 08:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-21 03:48] - [2008-01-21 03:48] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719
    C:\Windows\SysWOW64\services.exe
    [2009-05-28 20:06] - [2009-04-11 07:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\System32\services.exe
    [2009-05-28 20:06] - [2012-08-06 01:26] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229
    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...