TechSpot

Win64/Patched.b.gen Trojan

By Tacopsjunky
Sep 1, 2012
  1. Hey there so I got the Trojan mentioned in the title on my PC, my ESET NOD32 5 pop out the message every almost every 10 seconds.

    I'm not an expert in Computer stuff but have the basic knowledge.
    I did what was writing in the sticky removal guide, here the logs in order (it was writen not to attach any files, I added the Attach.txt but the programm told me not to post it so I attached it):

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.01.06

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    DJDany :: DJDANY-PC [administrator]

    01.09.2012 22:50:44
    mbam-log-2012-09-01 (22-50-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225333
    Time elapsed: 2 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    DDS Log's:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Run by DJDany at 23:22:08 on 2012-09-01
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6143.4221 [GMT 2:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Icecast2 Win32\icecastService.exe
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files\NetLimiter 3\nlsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe
    C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Users\DJDany\Downloads\szbu38ze.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.icq.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [PlayNC Launcher]
    uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    uRun: [Womaimnyo] C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\DJDany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EASYTO~1.LNK - C:\Users\DJDany\Desktop\EasyToolz.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: Interfaces\{92F955C0-BF8E-451C-9A9B-AF00548749E4} : DhcpNameServer = 7.254.254.254
    TCP: Interfaces\{CA868540-8747-4B04-9167-AA349AECD59F} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer = 169.254.145.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
    FF - prefs.js: network.proxy.http - 109.123.126.253
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\DJDany\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\DJDany\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2009-11-26 87680]
    R1 PStrip64;PStrip64;C:\Windows\system32\drivers\pstrip64.sys --> C:\Windows\system32\drivers\pstrip64.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
    R2 Icecast-trunk;Icecast-trunk Streaming Media Server;C:\Program Files (x86)\Icecast2 Win32\icecastService.exe [2010-7-28 417792]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-2-26 5017600]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-10 2416040]
    R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2009-11-24 741224]
    R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\system32\DRIVERS\hidusbf.sys --> C:\Windows\system32\DRIVERS\hidusbf.sys [?]
    R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
    R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
    R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-12 1262400]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250568]
    S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;C:\Windows\system32\DRIVERS\MijUfilt.sys --> C:\Windows\system32\DRIVERS\MijUfilt.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-30 114144]
    S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-12 14544]
    .
    =============== Created Last 30 ================
    .
    2012-09-01 20:49:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-01 19:20:50 -------- d-----w- C:\Program Files (x86)\ESET
    2012-09-01 16:52:31 -------- d-----w- C:\Users\DJDany\AppData\Roaming\Malwarebytes
    2012-09-01 16:51:19 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-01 16:51:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-31 18:29:16 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
    2012-08-31 18:23:16 -------- d-----w- C:\Program Files\ESET
    2012-08-31 17:22:49 -------- d-----w- C:\Users\DJDany\AppData\Local\VS Revo Group
    2012-08-31 17:22:47 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2012-08-31 17:22:46 -------- d-----w- C:\Program Files\VS Revo Group
    2012-08-31 17:16:37 -------- d-----w- C:\Users\DJDany\AppData\Local\Macromedia
    2012-08-31 17:16:24 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-31 17:16:24 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-31 11:24:07 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-31 10:50:23 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-30 13:18:57 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-27 04:45:38 -------- d-----w- C:\Users\DJDany\AppData\Local\FFsplit
    2012-08-27 04:28:04 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2012-08-27 04:28:02 -------- d-----w- C:\Program Files (x86)\FFsplit
    2012-08-27 04:27:49 -------- d-----w- C:\Users\DJDany\AppData\Roaming\FFsplit
    2012-08-27 04:20:23 -------- d-----w- C:\Users\DJDany\AppData\Local\SplitMediaLabs
    2012-08-27 04:17:00 -------- d-----w- C:\ProgramData\SplitMediaLabs
    2012-08-27 04:17:00 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
    2012-08-27 04:15:43 -------- d-----w- C:\Users\DJDany\AppData\Roaming\SplitMediaLabs
    2012-08-11 12:19:43 -------- d-----w- C:\Users\DJDany\AppData\Local\CrashRpt
    2012-08-08 19:53:47 -------- d-----w- C:\Program Files (x86)\uTorrent
    .
    ==================== Find3M ====================
    .
    2012-08-01 21:52:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-08-01 21:52:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-08-01 21:52:13 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-13 12:52:28 4269056 ----a-w- C:\Windows\SysWow64\system.dll
    2012-07-12 11:57:36 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-06-21 15:40:42 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2012-06-21 15:40:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    .
    ============= FINISH: 23:22:28,09 =============



    I appreciate any help cause I dont know what to do!

    Gretting,
    Taco
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    GMER log is missing.

    ======================================

    Please observe forum rules.
    ALL logs have to be pasted not attached.

    When done with pasting Attach.txt log....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
    Tacopsjunky likes this.
  3. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Attach.txt, Gmer.log, RougeKiller.log (logs in order), the Rougekiller log is in german, since I'm running a german system, I hope its ok like that! I tried to scan with aswMBR but it crashes when its get to the Microsoft VirtualStudio folder in the system. I can post a picture if needed!
    I'm thankful for your help!


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11.11.2009 01:33:55
    System Uptime: 01.09.2012 22:13:35 (1 hours ago)
    .
    Motherboard: alienware | | alienware
    Processor: Intel(R) Core(TM)2 Quad CPU @ 2.66GHz | Socket 775 | 3200/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 121 GiB total, 24,577 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 38,103 GiB free.
    E: is FIXED (NTFS) - 149 GiB total, 7,475 GiB free.
    F: is FIXED (NTFS) - 469 GiB total, 45,435 GiB free.
    G: is FIXED (NTFS) - 6 GiB total, 4,551 GiB free.
    H: is FIXED (NTFS) - 342 GiB total, 12,698 GiB free.
    I: is CDROM (CDFS)
    J: is CDROM ()
    K: is FIXED (NTFS) - 105 GiB total, 3,015 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP497: 31.08.2012 19:28:49 - Wiederherstellungsvorgang
    RP498: 31.08.2012 20:01:29 - Installed ESET NOD32 Antivirus
    RP499: 31.08.2012 20:21:27 - Installed ESET NOD32 Antivirus
    RP500: 31.08.2012 20:29:04 - Installed Windows Resource Kit Tools - SubInAcl.exe
    RP501: 31.08.2012 20:34:50 - Installed ESET NOD32 Antivirus
    .
    ==== Installed Programs ======================
    .
    9 Dragons 1.0
    AC3Filter 1.63b
    Achron
    ACR version 0.001
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.2 - Deutsch
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced Tactical Center™ 1.0
    Alien Shooter 2: Reloaded
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Assassin's Creed II
    µTorrent
    Audacity 1.3.12 (Unicode)
    AutoUpdate
    Bandisoft MPEG-1 Decoder
    Battle of the Immortals
    Battlefield 3™
    Battlefield 3™ Open Beta
    Battlefield: Bad Company 2
    Battlefield: Bad Company™ 2
    Battlelog Web Plugins
    Between IGF Demo
    Blitzkrieg Mod
    C9
    CABAL Online
    Cablenut 4.08
    Call of Duty Modern Warfare 2
    Call of Duty(R) 2
    Call of Duty(R) 2 Patch 1.3
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Combined Community Codec Pack 2009-09-09
    Command & Conquer Generals
    Command and ConquerTM Generals Zero Hour
    Company of Heroes
    Company of Heroes: Opposing Fronts
    Company of Heroes: Tales of Valor
    Connect
    Counter-Strike
    Counter-Strike: Source
    Darkest Hour: Europe '44-'45
    Day of Defeat
    Day of Defeat: Source
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DF CrcSfv 1.3
    DiskAid 3.11
    DivX-Setup
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Version Checker
    Dragon Age II
    Drumaxx
    EAX4 Unified Redist
    Elite Cabal
    Elite Launcher
    eReg
    erLT
    ESN Sonar
    EVEREST Home Edition v2.20
    EVGA Precision 2.0.0
    Facebook Plug-In
    Fallout New Vegas
    ffdshow [rev 3154] [2009-12-09]
    FFsplit
    FL Studio 9
    FlashFXP v4.0
    Fraps
    Game Booster 3
    Garry's Mod
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    Hardcore
    HijackThis 2.0.2
    HLSW v1.3.3.7b
    Icecast 2.3.2
    ICQ7.2
    IL Download Manager
    INsanes Small HUD 8 Black
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 21
    JDownloader
    K-Lite Codec Pack 5.4.4 (Full)
    kuler
    LAME v3.98.2 for Audacity
    Lead and Gold - Gangs of the Wild West
    League of Legends
    LineIn plugin for WinAMP v1.80 (remove only)
    Logitech Touch Mouse Server 1.0
    LogMeIn Hamachi
    Mafia II
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mass Effect
    Mass Effect 2
    MatrixDvD Player 2.0b
    MediaMonkey 3.2
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (German) 2010
    Microsoft Office Excel MUI (German) 2010
    Microsoft Office Groove MUI (German) 2010
    Microsoft Office InfoPath MUI (German) 2010
    Microsoft Office OneNote MUI (German) 2010
    Microsoft Office Outlook MUI (German) 2010
    Microsoft Office PowerPoint MUI (German) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Italian) 2010
    Microsoft Office Proofing (German) 2010
    Microsoft Office Publisher MUI (German) 2010
    Microsoft Office Shared MUI (German) 2010
    Microsoft Office Word MUI (German) 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Minecraft Beta Cracked
    mIRC
    Morphine
    Mozilla Firefox 15.0 (x86 de)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mumble and Murmur
    Native Instruments Controller Editor
    Native Instruments Service Center
    Native Instruments Traktor
    NCsoft Launcher
    Need for Speed™ SHIFT
    Nero 7 Premium
    neroxml
    Nexon Game Manager
    NVIDIA Performance
    NVIDIA Photoshop Plug-ins 64 bit
    NVIDIA PhysX
    NVIDIA System Monitor
    NVIDIA System Update
    Octoshape add-in for Adobe Flash Player
    OpenAL
    OpenOffice.org 3.1
    Origin
    PdaNet Desktop (64 bit) for iPhone 1.54
    PDF Settings CS4
    Photoshop Camera Raw
    Pioneer CDJ-400 Driver
    PoiZone
    PokerStars.net
    Portal
    PowerStrip 3 (remove only)
    PunkBuster Services
    QuickTime
    Razer DeathAdder(TM) Mouse
    Realtek High Definition Audio Driver
    Red Faction: Guerrilla
    Red Orchestra: Ostfront 41-45
    Remote Mouse version 1.09
    Rockstar Games Social Club
    Safari
    Sakura
    Sawer
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    SHIFT 2 UNLEASHED™
    Silkroad
    Skype™ 5.5
    SMPlayer 0.6.7
    Source SDK Base 2007
    Source Violence Patch 1.5 BETA
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Star Wars - Jedi Knight II: Jedi Outcast
    Steam
    Suite Shared Configuration CS4
    swMSM
    System Requirements Lab
    TeamViewer 6
    TERA
    TGA Viewer
    Tom Clancy's Rainbow Six Vegas 2
    Toxic Biohazard
    Tunngle beta
    Ubisoft Game Launcher
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Valex AC3-DTS codec (remove only)
    VC80CRTRedist - 8.0.50727.4053
    Vegas Movie Studio Platinum 9.0
    Ventrilo
    Vindictus
    Vindictus EU
    Virtual DJ - Atomix Productions
    VLC media player 1.0.5
    Winamp
    Windows Live-Uploadtool
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Player Firefox Plugin
    Windows Resource Kit Tools - SubInAcl.exe
    Wise Registry Cleaner 5.8.9
    World of Tanks v.0.6.3.11
    X-ray Anti-Cheat
    Xilisoft Video Converter Platinum
    XSplit
    .
    ==== End Of File ===========================



    Gmer.log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-02 15:13:26
    Windows 6.1.7600
    Running: szbu38ze.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF3 0x20 0x01 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF3 0x20 0x01 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x07 0xC3 0x83 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x13 0xB1 0x18 ...

    ---- EOF - GMER 1.0.15 ----


    RougeKiller.log


    RogueKiller V8.0.2 [08/31/2012] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Betriebssystem: Windows 7 (6.1.7600 ) 64 bits version
    Gestartet in : Normal Modus
    Benutzer : DJDany [Admin Rechte]
    Funktion : Scannen -- Datum : 09/02/2012 15:15:50

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry-Einträge : 9 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Womaimnyo (C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe) -> FAND
    [RUN][SUSP PATH] HKUS\S-1-5-21-4248820356-2940563936-93324341-1001[...]\Run : Womaimnyo (C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe) -> FAND
    [STARTUP][SUSP PATH] EasyToolz.lnk @DJDany : C:\Users\DJDany\Desktop\EasyToolz.exe -> FAND
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\n.) -> FAND
    [RUN][BLACKLIST DLL] [ON_E:]HKLM\Software[...]\Run : c4011b78 (rundll32.exe "C:\WINDOWS\system32\siefihlm.dll",b) -> FAND

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@ --> FAND
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U --> FAND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L --> FAND
    [ZeroAccess][FILE] @ : C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@ --> FAND
    [ZeroAccess][FOLDER] U : C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U --> FAND
    [ZeroAccess][FOLDER] L : C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L --> FAND
    [Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FAND

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Infektion : ZeroAccess ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 static3.cdn.ubi.com
    127.0.0.1 ubisoft-orbit.s3.amazonaws.com
    127.0.0.1 onlineconfigservice.ubi.com
    127.0.0.1 orbitservice.ubi.com
    127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 wip3.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 wwis-dubc1-vip60.adobe.com
    [...]


    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG SP1213N ATA Device +++++
    --- User ---
    [MBR] d8986dfd596392b6ac3717315e513d4c
    [BSP] b3db800ad553731c1454b66c5c65b5db : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 107910 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 220999968 | Size: 6588 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: SAMSUNG SP2504C SCSI Disk Device +++++
    --- User ---
    [MBR] 50fd70bf23261b4ad6dd27873dca62f5
    [BSP] fde53e3f7121d02b9b3ea6782f9b552d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ST316002 3AS SCSI Disk Device +++++
    --- User ---
    [MBR] 954fddb065eb9a18544211895c9eeae8
    [BSP] 431f8c55ef2f060dc83e7fdbc2c64fd0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: WDC WD10 01FALS-00J7B SCSI Disk Device +++++
    --- User ---
    [MBR] 5cf435ff54582a370e7dee25f5bf543a
    [BSP] 47d5e137e6c2707ecdf95df47f0f5208 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 480004 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 983049480 | Size: 350002 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1699853715 | Size: 123860 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Abgeschlossen : << RKreport[1].txt >>
    RKreport[1].txt


    Greetings,
    Taco
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
    Tacopsjunky likes this.
  5. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Here the logs in order (FRST.txt, Search.txt):

    Scan result of Farbar Recovery Scan Tool Version: 02-09-2012 03
    Ran by SYSTEM at 02-09-2012 22:20:54
    Running from K:\
    Windows 7 Ultimate (X64) OS Language: German Standard
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
    HKU\DJDany\...\Run: [PlayNC Launcher] [x]
    HKU\DJDany\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-05-10] ()
    HKU\DJDany\...\Run: [Womaimnyo] C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe [x]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\..\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E}: [NameServer]169.254.145.1

    ==================== Services (Whitelisted) ======

    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.)
    2 Icecast-trunk; "C:\Program Files (x86)\Icecast2 Win32\icecastService.exe" "C:\Program Files (x86)\Icecast2 Win32" [417792 2008-05-24] ()
    2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [1620992 2009-11-24] (Locktime Software)
    3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
    2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-12] ()
    2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [283304 2012-09-02] ()
    2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
    2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)

    ==================== Drivers (Whitelisted) ===================

    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-02-19] ()
    3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-14] (ESET)
    2 ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [179616 2011-03-29] (<Turtle Entertainment>)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hidusbf; C:\Windows\System32\Drivers\hidusbf.sys [7808 2009-11-11] (SweetLow)
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-02-19] ()
    3 MotioninJoyUSBFilter; C:\Windows\System32\DRIVERS\MijUfilt.sys [20480 2009-10-03] (MotioninJoy)
    1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [87680 2009-11-26] (Locktime Software)
    3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
    1 PStrip64; C:\Windows\System32\Drivers\PStrip64.sys [13008 2006-09-30] ()
    3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2010-09-07] ()
    0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-11] (Duplex Secure Ltd.)
    3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    3 VBoxNetAdp; C:\Windows\System32\Drivers\VBoxNetAdp.sys [146384 2009-11-30] (Sun Microsystems, Inc.)
    3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    3 dump_wmimmc; \??\F:\NewEliteSRO\GameGuard\dump_wmimmc.sys [x]
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-09-02 22:20 - 2012-09-02 22:20 - 00000000 ____D C:\FRST
    2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
    2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
    2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
    2012-09-02 14:14 - 2012-09-02 14:15 - 00000000 ____D C:\Users\DJDany\Desktop\RK_Quarantine
    2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
    2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
    2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
    2012-09-01 21:55 - 2012-09-02 14:28 - 00000000 ____D C:\Users\DJDany\Downloads\Virustopic
    2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
    2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 21:49 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-01 21:17 - 2012-09-02 14:16 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
    2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
    2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
    2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
    2012-09-01 20:20 - 2012-09-01 20:20 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-09-01 17:52 - 2012-09-01 17:52 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\Malwarebytes
    2012-09-01 17:51 - 2012-09-01 21:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-01 17:51 - 2012-09-01 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-01 17:50 - 2012-09-01 22:12 - 00000000 ____D C:\Users\DJDany\Downloads\MBR
    2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
    2012-08-31 19:29 - 2012-08-31 19:29 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
    2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
    2012-08-31 19:23 - 2012-08-31 19:23 - 00000000 ____D C:\Users\All Users\ESET
    2012-08-31 19:23 - 2012-08-31 19:23 - 00000000 ____D C:\Program Files\ESET
    2012-08-31 19:08 - 2012-08-31 19:16 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
    2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
    2012-08-31 18:59 - 2012-08-31 19:00 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
    2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
    2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Users\DJDany\AppData\Local\VS Revo Group
    2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-08-31 18:22 - 2009-12-30 10:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
    2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
    2012-08-31 18:16 - 2012-09-02 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-31 18:16 - 2012-08-31 18:16 - 00000000 ____D C:\Users\DJDany\AppData\Local\Macromedia
    2012-08-31 18:01 - 2012-08-31 18:14 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
    2012-08-31 12:24 - 2012-08-31 12:24 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-08-31 11:50 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
    2012-08-27 05:45 - 2012-08-27 05:45 - 00000000 ____D C:\Users\DJDany\AppData\Local\FFsplit
    2012-08-27 05:28 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\FFsplit
    2012-08-27 05:28 - 2012-08-27 05:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-08-27 05:27 - 2012-08-31 18:56 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\FFsplit
    2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
    2012-08-27 05:20 - 2012-08-27 05:20 - 00000000 ____D C:\Users\DJDany\AppData\Local\SplitMediaLabs
    2012-08-27 05:19 - 2012-08-27 05:19 - 00000000 ____D C:\Windows\System32\Macromed
    2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
    2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
    2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
    2012-08-27 05:15 - 2012-08-27 05:15 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\SplitMediaLabs
    2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
    2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\Documents\ACR
    2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\AppData\Local\CrashRpt
    2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
    2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
    2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
    2012-08-08 20:53 - 2012-08-08 20:53 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-08-06 18:08 - 2012-08-06 18:08 - 00000000 ____D C:\Users\DJDany\Desktop\Neuer Ordner
    2012-08-04 18:25 - 2012-08-04 18:25 - 00000000 ____D C:\Users\Public\Games
    2012-08-04 18:20 - 2012-08-23 05:38 - 00000805 ____A C:\Users\Public\Desktop\GamezTera Launcher.lnk
    2012-08-04 18:19 - 2012-08-04 18:19 - 01111700 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer.exe

    ==================== 3 Months Modified Files ================================

    2012-09-02 21:16 - 2009-11-21 00:42 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
    2012-09-02 21:13 - 2009-07-14 18:58 - 00698726 ____A C:\Windows\System32\perfh007.dat
    2012-09-02 21:13 - 2009-07-14 18:58 - 00148782 ____A C:\Windows\System32\perfc007.dat
    2012-09-02 21:13 - 2009-07-14 06:13 - 01613166 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-02 21:08 - 2012-07-19 22:05 - 00005972 ____A C:\Windows\setupact.log
    2012-09-02 20:45 - 2012-08-31 18:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-02 20:33 - 2009-11-11 15:19 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-09-02 20:33 - 2009-11-11 15:02 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-09-02 20:33 - 2009-11-11 15:02 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-09-02 14:59 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-02 14:59 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-02 14:55 - 2012-07-19 22:48 - 00078414 ____A C:\Windows\WindowsUpdate.log
    2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
    2012-09-02 14:54 - 2012-07-21 13:52 - 00021694 ____A C:\Windows\PFRO.log
    2012-09-02 14:54 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
    2012-09-02 14:16 - 2012-09-01 21:17 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
    2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
    2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
    2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
    2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
    2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
    2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
    2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
    2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
    2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
    2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
    2012-08-31 19:16 - 2012-08-31 19:08 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
    2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
    2012-08-31 19:00 - 2012-08-31 18:59 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
    2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
    2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
    2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-31 18:14 - 2012-08-31 18:01 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
    2012-08-31 12:24 - 2012-08-31 12:24 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
    2012-08-29 03:11 - 2009-11-11 01:50 - 00007596 ____A C:\Users\DJDany\AppData\Local\Resmon.ResmonCfg
    2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
    2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
    2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
    2012-08-23 05:38 - 2012-08-04 18:20 - 00000805 ____A C:\Users\Public\Desktop\GamezTera Launcher.lnk
    2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
    2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
    2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
    2012-08-04 18:19 - 2012-08-04 18:19 - 01111700 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer.exe
    2012-08-02 16:24 - 2012-08-02 16:24 - 13839192 ____A (Frogster Online Gaming GmbH ) C:\Users\DJDany\Downloads\TERASetup.exe
    2012-07-30 16:07 - 2012-07-30 16:07 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 6.lnk
    2012-07-30 16:06 - 2012-07-30 16:06 - 04171032 ____A (TeamViewer GmbH) C:\Users\DJDany\Downloads\TeamViewer_Setup.exe
    2012-07-29 19:32 - 2012-07-29 19:32 - 00008068 ____A C:\Users\DJDany\Downloads\d29d98ac0acb008a2629d474ada86c57.dlc
    2012-07-25 22:05 - 2012-07-25 22:05 - 01223168 ____A C:\Users\DJDany\Downloads\BF3 Config Utility.exe
    2012-07-25 20:34 - 2012-07-25 20:15 - 1552182149 ____A C:\Users\DJDany\Downloads\Jae_SRO_-(1Mir)_Full_Client.rar
    2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\UpdatusUser\Desktop\Play 9Dragons.lnk
    2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\DJDany\Desktop\Play 9Dragons.lnk
    2012-07-24 12:28 - 2012-07-24 12:15 - 1122401654 ____A C:\Users\DJDany\Downloads\Setup-Play9D.exe
    2012-07-19 22:05 - 2012-07-19 22:05 - 00000000 ____A C:\Windows\setuperr.log
    2012-07-19 20:33 - 2012-07-19 20:33 - 00013168 ____A C:\Users\DJDany\Downloads\98b2a695ddd9b2e90dc42a3a3980aaf7.dlc
    2012-07-18 13:57 - 2010-05-06 22:40 - 00004359 ____A C:\Users\DJDany\Desktop\lol.txt
    2012-07-17 19:47 - 2012-07-17 19:47 - 00000185 ____A C:\Users\Public\Desktop\Vindictus EU.url
    2012-07-17 16:02 - 2012-07-17 16:02 - 00000201 ____A C:\Users\Public\Desktop\Vindictus.url
    2012-07-14 00:05 - 2011-04-22 23:47 - 01594042 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-13 13:52 - 2009-12-02 03:21 - 04269056 ____A C:\Windows\SysWOW64\system.dll
    2012-07-12 12:57 - 2009-11-11 15:02 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-12 12:52 - 2012-07-12 12:52 - 03878112 ____A C:\Users\DJDany\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
    2012-07-12 12:50 - 2010-02-21 01:31 - 00000020 ____A C:\Users\DJDany\Documents\aionmemo_1dbe5b45.dat
    2012-07-12 12:22 - 2012-07-12 12:18 - 211927944 ____A (NVIDIA Corporation) C:\Users\DJDany\Downloads\301.42-desktop-win7-winvista-64bit-international-whql.exe
    2012-07-12 12:07 - 2012-07-12 12:07 - 11733072 ____A (IObit ) C:\Users\DJDany\Downloads\gb3.5-beta-setup.exe
    2012-07-12 12:07 - 2011-09-02 20:38 - 00001182 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    2012-07-12 12:07 - 2011-09-02 20:38 - 00001170 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
    2012-07-12 08:17 - 2009-07-14 05:45 - 03049760 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:57 - 2009-11-11 04:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 12:46 - 2012-09-01 21:49 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 14:05 - 2009-07-14 03:34 - 00000478 ____A C:\Windows\win.ini
    2012-06-21 16:40 - 2012-06-21 16:40 - 00768848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
    2012-06-21 16:40 - 2012-06-21 16:40 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
    2012-06-12 04:02 - 2012-07-12 00:00 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-09 06:30 - 2012-07-11 11:37 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-09 05:46 - 2012-07-11 11:37 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-06 06:50 - 2012-07-11 11:37 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-06 06:50 - 2012-07-11 11:37 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-06 06:09 - 2012-07-11 11:37 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-06 06:09 - 2012-07-11 11:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll


    ZeroAccess:
    C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}
    C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@
    C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L
    C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U
    C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U\00000001.@

    ZeroAccess:
    C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}
    C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@
    C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L
    C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-31 18:28:58
    Restore point made on: 2012-08-31 19:01:56
    Restore point made on: 2012-08-31 19:21:44
    Restore point made on: 2012-08-31 19:29:08
    Restore point made on: 2012-08-31 19:35:07

    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 6142.55 MB
    Available physical RAM: 5387.65 MB
    Total Pagefile: 6140.7 MB
    Available Pagefile: 5381.97 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions ============================

    1 Drive c: () (Fixed) (Total:120.96 GB) (Free:23.24 GB) NTFS
    2 Drive d: () (Fixed) (Total:232.82 GB) (Free:38.1 GB) NTFS
    3 Drive e: () (Fixed) (Total:149.04 GB) (Free:7.47 GB) NTFS
    4 Drive f: (Games) (Fixed) (Total:468.75 GB) (Free:45.43 GB) NTFS
    5 Drive g: (CS) (Fixed) (Total:6.43 GB) (Free:4.55 GB) NTFS
    6 Drive h: (Movies) (Fixed) (Total:341.8 GB) (Free:12.7 GB) NTFS
    7 Drive j: (Battlefield 3) (CDROM) (Total:5.63 GB) (Free:0 GB) CDFS
    8 Drive k: (TRANSCEND) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: () (Fixed) (Total:105.38 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Datentr„ger ### Status Gr”áe Frei Dyn GPT
    --------------- ------------- ------- ------- --- ---
    Datentr„ger 0 Online 111 GB 0 B
    Datentr„ger 1 Online 232 GB 7168 KB
    Datentr„ger 2 Online 149 GB 8 MB
    Datentr„ger 3 Online 931 GB 0 B
    Datentr„ger 4 Online 1926 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 105 GB 31 KB
    Partition 0 Erweitert 6588 MB 105 GB
    Partition 2 Logisch 6588 MB 105 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 105 GB Fehlerfre

    ==================================================================================

    Disk: 0
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 G CS NTFS Partition 6588 MB Fehlerfre

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 232 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D NTFS Partition 232 GB Fehlerfre

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 149 GB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E NTFS Partition 149 GB Fehlerfre

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 468 GB 31 KB
    Partition 2 Prim„r 341 GB 468 GB
    Partition 3 Prim„r 120 GB 810 GB

    ==================================================================================

    Disk: 3
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F Games NTFS Partition 468 GB Fehlerfre

    ==================================================================================

    Disk: 3
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 H Movies NTFS Partition 341 GB Fehlerfre

    ==================================================================================

    Disk: 3
    Partition 3
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 C NTFS Partition 120 GB Fehlerfre

    ==================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 1922 MB 4096 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Typ : 0B
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K TRANSCEND FAT32 Wechselmed 1922 MB Fehlerfre

    ==================================================================================

    Last Boot: 2012-08-28 22:41

    ==================== End Of Log =============================



    Search.txt

    Farbar Recovery Scan Tool Version: 02-09-2012 03
    Ran by SYSTEM at 2012-09-02 22:22:46
    Running from K:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     

    Attached Files:

  7. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Ok ran ComboFix, rebooted, left ComboFix to finish, rebooted again and dont have any Internetconnection.
    Hope you can help me to get the Internet on my PC back wroking normally :)
    Here the logs in order (Sorry that the log's are in german, cant change it.):

    Fixlog.log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-09-2012 03
    Ran by SYSTEM at 2012-09-03 02:26:34 Run:1
    Running from K:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_USERS\DJDany\Software\Microsoft\Windows\CurrentVersion\Run\\Womaimnyo Value deleted successfully.
    C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe not found.
    C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50} moved successfully.
    C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50} moved successfully.

    Der Vorgang wurde erfolgreich beendet.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====



    ComboFix.log:


    ComboFix 12-09-01.01 - DJDany 03.09.2012 2:47.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6143.4738 [GMT 2:00]
    ausgeführt von:: c:\users\DJDany\Downloads\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\DJDany\AppData\Local\assembly\tmp
    c:\users\DJDany\AppData\Roaming\edxLabs
    c:\users\DJDany\AppData\Roaming\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini
    c:\users\DJDany\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
    c:\windows\box.exe
    c:\windows\SysWow64\FlashPlayerInstaller.exe
    c:\windows\SysWow64\system.dll
    D:\install.exe
    F:\Setup.exe
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2012-08-03 bis 2012-09-03 ))))))))))))))))))))))))))))))
    .
    .
    2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-02 21:20 . 2012-09-02 21:20 -------- d-----w- C:\FRST
    2012-09-01 20:49 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-01 19:20 . 2012-09-01 19:20 -------- d-----w- c:\program files (x86)\ESET
    2012-09-01 16:52 . 2012-09-01 16:52 -------- d-----w- c:\users\DJDany\AppData\Roaming\Malwarebytes
    2012-09-01 16:51 . 2012-09-01 16:51 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-01 16:51 . 2012-09-01 20:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-31 18:29 . 2012-08-31 18:29 -------- d-----w- c:\program files (x86)\Windows Resource Kits
    2012-08-31 18:23 . 2012-08-31 18:23 -------- d-----w- c:\program files\ESET
    2012-08-31 17:22 . 2012-08-31 17:22 -------- d-----w- c:\users\DJDany\AppData\Local\VS Revo Group
    2012-08-31 17:22 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-08-31 17:22 . 2012-08-31 17:22 -------- d-----w- c:\program files\VS Revo Group
    2012-08-31 17:16 . 2012-08-31 17:16 -------- d-----w- c:\users\DJDany\AppData\Local\Macromedia
    2012-08-31 17:16 . 2012-08-31 17:16 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-31 17:16 . 2012-08-31 17:16 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-31 10:50 . 2012-08-31 17:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-08-30 13:18 . 2012-08-30 13:18 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-27 04:45 . 2012-08-27 04:45 -------- d-----w- c:\users\DJDany\AppData\Local\FFsplit
    2012-08-27 04:28 . 2012-08-27 04:28 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2012-08-27 04:28 . 2012-08-31 17:56 -------- d-----w- c:\program files (x86)\FFsplit
    2012-08-27 04:27 . 2012-08-31 17:56 -------- d-----w- c:\users\DJDany\AppData\Roaming\FFsplit
    2012-08-27 04:20 . 2012-08-27 04:20 -------- d-----w- c:\users\DJDany\AppData\Local\SplitMediaLabs
    2012-08-27 04:19 . 2012-08-27 04:19 -------- d-----w- c:\windows\system32\Macromed
    2012-08-27 04:17 . 2012-08-27 04:17 -------- d-----w- c:\programdata\SplitMediaLabs
    2012-08-27 04:17 . 2012-08-27 04:17 -------- d-----w- c:\program files (x86)\SplitMediaLabs
    2012-08-27 04:15 . 2012-08-27 04:15 -------- d-----w- c:\users\DJDany\AppData\Roaming\SplitMediaLabs
    2012-08-11 12:19 . 2012-08-11 12:19 -------- d-----w- c:\users\DJDany\AppData\Local\CrashRpt
    2012-08-08 19:53 . 2012-08-08 19:53 -------- d-----w- c:\program files (x86)\uTorrent
    2012-08-04 17:25 . 2012-08-04 17:25 -------- d-----w- c:\users\Public\Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-03 00:29 . 2010-04-29 14:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-09-02 20:57 . 2009-11-11 14:19 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-09-02 20:57 . 2009-11-11 14:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-09-02 20:56 . 2009-11-11 14:02 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-12 11:57 . 2009-11-11 14:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-11 22:57 . 2009-11-11 03:15 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-21 15:40 . 2012-06-21 15:40 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2012-06-21 15:40 . 2012-06-21 15:40 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2012-06-12 03:02 . 2012-07-11 23:00 3147264 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:30 . 2012-07-11 10:37 14165504 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 05:50 . 2012-07-11 10:37 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:50 . 2012-07-11 10:37 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:09 . 2012-07-11 10:37 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 10:37 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-05-10 872448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
    .
    c:\users\DJDany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EasyToolz.lnk - c:\users\DJDany\Desktop\EasyToolz.exe [2011-9-2 1391616]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-07-16 2416040]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 250568]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-19 12032]
    R3 dump_wmimmc;dump_wmimmc;f:\newelitesro\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
    R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2009-11-11 7808]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2009-10-03 20480]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2009-11-26 32896]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-09-07 14440]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 146384]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-11 834544]
    S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2009-11-26 87680]
    S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [2006-09-30 13008]
    S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-03-29 179616]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
    S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files (x86)\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-02-26 5017600]
    S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
    S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2009-11-26 32896]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
    S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
    S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
    .
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 17:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.icq.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E}: NameServer = 169.254.145.1
    FF - ProfilePath - c:\users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
    FF - prefs.js: network.proxy.http - 109.123.126.253
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-9 Dragons - f:\9 dragons\Play9D\uninst.exe
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-CABAL Online (Europe)_is1 - f:\cabal helix real\unins000.exe
    AddRemove-Silkroad - f:\grindsro\Silkroad\Remove.Exe
    AddRemove-{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1 - f:\battle of the immortal\Battle of the Immortals\unins000.exe
    AddRemove-{A2S166A0-F031-4E27-A057-C69733219434}_is1 - f:\tera\TERA\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_USERS\S-1-5-21-4248820356-2940563936-93324341-1001\Software\SecuROM\License information*]
    "datasecu"=hex:47,97,90,63,2a,08,0c,ec,74,30,f7,ce,87,2c,07,ae,9e,b5,4c,61,9d,
    84,62,91,55,65,e7,6e,87,47,30,32,80,18,b9,14,11,8d,ab,82,a1,37,09,9d,0c,0f,\
    "rkeysecu"=hex:b1,f2,8c,19,11,3d,b2,d8,88,02,25,77,01,d1,47,a3
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Razer\DeathAdder\razerofa.exe
    c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2012-09-03 03:03:24 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2012-09-03 01:03
    .
    Vor Suchlauf: 10 Verzeichnis(se), 26.016.673.792 Bytes frei
    Nach Suchlauf: 15 Verzeichnis(se), 27.095.056.384 Bytes frei
    .
    - - End Of File - - CD8F454CF16244489D9521454ADBECBB




    Greetings,
    Taco
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Did you have internet connection right BEFORE you ran Combofix?

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  9. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    I had normal Internet connection before using ComboFix, after the second restart when ComboFix finished the job my connection was gone. I get the 169.254.232 IP, so I'm not even connected to the router, I searched about it on google but didnt do anything since we're working here so I'll post the log from FSSD in a sec!
     
  10. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Farbar Service Scanner Version: 06-08-2012
    Ran by DJDany (administrator) on 03-09-2012 at 15:51:08
    Running from "C:\Users\DJDany\Downloads\Virustopic"
    Microsoft Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    There is no connection to network.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-06-30 12:00] - [2011-12-28 05:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-06-30 12:04] - [2012-03-30 13:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-14 02:09] - [2009-07-14 03:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-14 01:36] - [2009-07-14 03:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-07-11 12:37] - [2012-04-24 07:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Combofix created restore point around 03.09.2012 2:47.
    Use it and see if your connection is back.
     
  12. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Hey Broni,

    I restored it but its still not giving me a connection, it is like it was before. Writing from a laptop at the moment.
    Any other ideas?

    Thanks for your time really appreciate the help.

    By the way, my svhost.exe shows 50% of cpu usage if this helps.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
     
  14. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Netsh int ip reset reset.log worked fine but at "netsh winsock reset catalog" I get "access denied" it doesnt let me do it.

    I will restart the PC and see if the first command help and write after it again.


    EDIT*****

    Still no connection.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Did you open command prompt as administrator (in Vista and 7, while holding CTRL, and SHIFT, press Enter)?
     
  16. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Yes I did, it didnt worked.

    I cant execute the command, it still gives me "access denied" even with the administrator command prompt!
    Do you have any other idea?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Try both commands from safe mode.
     
  18. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Still shows the same "Access denied".
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please give me new FRST log.
     
  20. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Scan result of Farbar Recovery Scan Tool Version: 02-09-2012 03
    Ran by SYSTEM at 04-09-2012 02:53:12
    Running from K:\
    Windows 7 Ultimate (X64) OS Language: German Standard
    The current controlset is ControlSet003

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
    HKU\DJDany\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-05-10] ()
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\..\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E}: [NameServer]169.254.145.1

    ==================== Services (Whitelisted) ======

    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.)
    2 Icecast-trunk; "C:\Program Files (x86)\Icecast2 Win32\icecastService.exe" "C:\Program Files (x86)\Icecast2 Win32" [417792 2008-05-24] ()
    2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [1620992 2009-11-24] (Locktime Software)
    3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
    2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-12] ()
    2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
    2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)

    ==================== Drivers (Whitelisted) ===================

    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-02-19] ()
    3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
    2 ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [179616 2011-03-29] (<Turtle Entertainment>)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 hidusbf; C:\Windows\System32\Drivers\hidusbf.sys [7808 2009-11-11] (SweetLow)
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-02-19] ()
    3 MotioninJoyUSBFilter; C:\Windows\System32\DRIVERS\MijUfilt.sys [20480 2009-10-03] (MotioninJoy)
    1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [87680 2009-11-26] (Locktime Software)
    3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
    1 PStrip64; C:\Windows\System32\Drivers\PStrip64.sys [13008 2006-09-30] ()
    3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2010-09-07] ()
    0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-11] (Duplex Secure Ltd.)
    3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    3 VBoxNetAdp; C:\Windows\System32\Drivers\VBoxNetAdp.sys [146384 2009-11-30] (Sun Microsystems, Inc.)
    3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 dump_wmimmc; \??\F:\NewEliteSRO\GameGuard\dump_wmimmc.sys [x]
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-09-03 22:35 - 2012-09-03 22:35 - 00003664 ____N C:\bootsqm.dat
    2012-09-03 19:52 - 2012-09-03 19:52 - 00000000 ____D C:\Users\All Users\ESET
    2012-09-03 19:29 - 2012-09-03 19:30 - 00000000 ___SD C:\uninstall
    2012-09-03 18:09 - 2012-09-03 19:30 - 00000000 ___SD C:\32788R22FWJFW
    2012-09-03 17:56 - 2012-09-03 17:58 - 00002566 ____A C:\Windows\diagwrn.xml
    2012-09-03 17:56 - 2012-09-03 17:58 - 00001908 ____A C:\Windows\diagerr.xml
    2012-09-03 01:35 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-03 01:32 - 2012-09-03 19:30 - 00000000 ____D C:\Windows\erdnt
    2012-09-03 01:29 - 2012-09-03 01:29 - 00000381 ____A C:\Windows\LkmdfCoInst.log
    2012-09-02 22:20 - 2012-09-02 22:20 - 00000000 ____D C:\FRST
    2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
    2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
    2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
    2012-09-02 14:14 - 2012-09-02 14:15 - 00000000 ____D C:\Users\DJDany\Desktop\RK_Quarantine
    2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
    2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
    2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
    2012-09-01 21:55 - 2012-09-04 01:50 - 00000000 ____D C:\Users\DJDany\Downloads\Virustopic
    2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
    2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 21:49 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-01 21:17 - 2012-09-02 14:16 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
    2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
    2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
    2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
    2012-09-01 20:20 - 2012-09-01 20:20 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-09-01 17:52 - 2012-09-01 17:52 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\Malwarebytes
    2012-09-01 17:51 - 2012-09-01 21:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-01 17:51 - 2012-09-01 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-01 17:50 - 2012-09-01 22:12 - 00000000 ____D C:\Users\DJDany\Downloads\MBR
    2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
    2012-08-31 19:29 - 2012-08-31 19:29 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
    2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
    2012-08-31 19:23 - 2012-08-31 19:23 - 00000000 ____D C:\Program Files\ESET
    2012-08-31 19:08 - 2012-08-31 19:16 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
    2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
    2012-08-31 18:59 - 2012-08-31 19:00 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
    2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
    2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Users\DJDany\AppData\Local\VS Revo Group
    2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-08-31 18:22 - 2009-12-30 10:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
    2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
    2012-08-31 18:16 - 2012-09-03 01:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-31 18:16 - 2012-08-31 18:16 - 00000000 ____D C:\Users\DJDany\AppData\Local\Macromedia
    2012-08-31 18:01 - 2012-08-31 18:14 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
    2012-08-31 11:50 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
    2012-08-27 05:45 - 2012-08-27 05:45 - 00000000 ____D C:\Users\DJDany\AppData\Local\FFsplit
    2012-08-27 05:28 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\FFsplit
    2012-08-27 05:28 - 2012-08-27 05:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
    2012-08-27 05:27 - 2012-08-31 18:56 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\FFsplit
    2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
    2012-08-27 05:20 - 2012-08-27 05:20 - 00000000 ____D C:\Users\DJDany\AppData\Local\SplitMediaLabs
    2012-08-27 05:19 - 2012-08-27 05:19 - 00000000 ____D C:\Windows\System32\Macromed
    2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
    2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
    2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
    2012-08-27 05:15 - 2012-08-27 05:15 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\SplitMediaLabs
    2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
    2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\Documents\ACR
    2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\AppData\Local\CrashRpt
    2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
    2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
    2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
    2012-08-08 20:53 - 2012-08-08 20:53 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2012-08-06 18:08 - 2012-08-06 18:08 - 00000000 ____D C:\Users\DJDany\Desktop\Neuer Ordner

    ==================== 3 Months Modified Files ================================

    2012-09-04 01:50 - 2012-07-19 22:48 - 00136393 ____A C:\Windows\WindowsUpdate.log
    2012-09-04 01:50 - 2009-11-21 00:42 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
    2012-09-04 01:50 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-04 01:50 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-04 01:47 - 2012-07-19 22:05 - 00001365 ____A C:\Windows\setupact.log
    2012-09-04 01:47 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-04 01:47 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-04 01:32 - 2009-07-14 18:58 - 00698726 ____A C:\Windows\System32\perfh007.dat
    2012-09-04 01:32 - 2009-07-14 18:58 - 00148782 ____A C:\Windows\System32\perfc007.dat
    2012-09-04 01:32 - 2009-07-14 06:13 - 01613166 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-04 00:54 - 2009-11-11 01:50 - 00007596 ____A C:\Users\DJDany\AppData\Local\Resmon.ResmonCfg
    2012-09-03 22:35 - 2012-09-03 22:35 - 00003664 ____N C:\bootsqm.dat
    2012-09-03 19:31 - 2012-07-21 13:52 - 00022780 ____A C:\Windows\PFRO.log
    2012-09-03 17:58 - 2012-09-03 17:56 - 00002566 ____A C:\Windows\diagwrn.xml
    2012-09-03 17:58 - 2012-09-03 17:56 - 00001908 ____A C:\Windows\diagerr.xml
    2012-09-03 17:56 - 2012-07-19 22:05 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-03 01:56 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
    2012-09-03 01:45 - 2012-08-31 18:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-03 01:29 - 2012-09-03 01:29 - 00000381 ____A C:\Windows\LkmdfCoInst.log
    2012-09-03 01:29 - 2010-04-29 15:01 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-09-02 21:57 - 2009-11-11 15:19 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-09-02 21:57 - 2009-11-11 15:02 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-09-02 21:56 - 2009-11-11 15:02 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
    2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
    2012-09-02 14:16 - 2012-09-01 21:17 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
    2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
    2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
    2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
    2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
    2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
    2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
    2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
    2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
    2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
    2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
    2012-08-31 19:16 - 2012-08-31 19:08 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
    2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
    2012-08-31 19:00 - 2012-08-31 18:59 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
    2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
    2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
    2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-31 18:14 - 2012-08-31 18:01 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
    2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
    2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
    2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
    2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
    2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
    2012-08-23 05:38 - 2012-08-04 18:20 - 00000805 ____A C:\Users\Public\Desktop\GamezTera Launcher.lnk
    2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
    2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
    2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
    2012-08-04 18:19 - 2012-08-04 18:19 - 01111700 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer.exe
    2012-08-02 16:24 - 2012-08-02 16:24 - 13839192 ____A (Frogster Online Gaming GmbH ) C:\Users\DJDany\Downloads\TERASetup.exe
    2012-07-30 16:07 - 2012-07-30 16:07 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 6.lnk
    2012-07-30 16:06 - 2012-07-30 16:06 - 04171032 ____A (TeamViewer GmbH) C:\Users\DJDany\Downloads\TeamViewer_Setup.exe
    2012-07-29 19:32 - 2012-07-29 19:32 - 00008068 ____A C:\Users\DJDany\Downloads\d29d98ac0acb008a2629d474ada86c57.dlc
    2012-07-25 22:05 - 2012-07-25 22:05 - 01223168 ____A C:\Users\DJDany\Downloads\BF3 Config Utility.exe
    2012-07-25 20:34 - 2012-07-25 20:15 - 1552182149 ____A C:\Users\DJDany\Downloads\Jae_SRO_-(1Mir)_Full_Client.rar
    2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\UpdatusUser\Desktop\Play 9Dragons.lnk
    2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\DJDany\Desktop\Play 9Dragons.lnk
    2012-07-24 12:28 - 2012-07-24 12:15 - 1122401654 ____A C:\Users\DJDany\Downloads\Setup-Play9D.exe
    2012-07-19 20:33 - 2012-07-19 20:33 - 00013168 ____A C:\Users\DJDany\Downloads\98b2a695ddd9b2e90dc42a3a3980aaf7.dlc
    2012-07-18 13:57 - 2010-05-06 22:40 - 00004359 ____A C:\Users\DJDany\Desktop\lol.txt
    2012-07-17 19:47 - 2012-07-17 19:47 - 00000185 ____A C:\Users\Public\Desktop\Vindictus EU.url
    2012-07-17 16:02 - 2012-07-17 16:02 - 00000201 ____A C:\Users\Public\Desktop\Vindictus.url
    2012-07-14 00:05 - 2011-04-22 23:47 - 01594042 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-12 12:57 - 2009-11-11 15:02 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-12 12:52 - 2012-07-12 12:52 - 03878112 ____A C:\Users\DJDany\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
    2012-07-12 12:50 - 2010-02-21 01:31 - 00000020 ____A C:\Users\DJDany\Documents\aionmemo_1dbe5b45.dat
    2012-07-12 12:22 - 2012-07-12 12:18 - 211927944 ____A (NVIDIA Corporation) C:\Users\DJDany\Downloads\301.42-desktop-win7-winvista-64bit-international-whql.exe
    2012-07-12 12:07 - 2012-07-12 12:07 - 11733072 ____A (IObit ) C:\Users\DJDany\Downloads\gb3.5-beta-setup.exe
    2012-07-12 12:07 - 2011-09-02 20:38 - 00001182 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    2012-07-12 12:07 - 2011-09-02 20:38 - 00001170 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
    2012-07-12 08:17 - 2009-07-14 05:45 - 03049760 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:57 - 2009-11-11 04:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-03 12:46 - 2012-09-01 21:49 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-30 14:05 - 2009-07-14 03:34 - 00000478 ____A C:\Windows\win.ini
    2012-06-21 16:40 - 2012-06-21 16:40 - 00768848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
    2012-06-21 16:40 - 2012-06-21 16:40 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
    2012-06-12 04:02 - 2012-07-12 00:00 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-09 06:30 - 2012-07-11 11:37 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-09 05:46 - 2012-07-11 11:37 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-03 19:51:06
    Restore point made on: 2012-09-04 01:03:51

    ==================== Memory info ===========================

    Percentage of memory in use: 12%
    Total physical RAM: 6142.55 MB
    Available physical RAM: 5365.77 MB
    Total Pagefile: 6140.7 MB
    Available Pagefile: 5358.79 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions ============================

    1 Drive c: () (Fixed) (Total:120.96 GB) (Free:27.18 GB) NTFS
    2 Drive d: () (Fixed) (Total:232.82 GB) (Free:38.34 GB) NTFS
    3 Drive e: () (Fixed) (Total:149.04 GB) (Free:21.45 GB) NTFS
    4 Drive f: (Games) (Fixed) (Total:468.75 GB) (Free:45.56 GB) NTFS
    5 Drive g: (CS) (Fixed) (Total:6.43 GB) (Free:4.55 GB) NTFS
    6 Drive h: (Movies) (Fixed) (Total:341.8 GB) (Free:12.7 GB) NTFS
    7 Drive j: (bie764g) (CDROM) (Total:2.85 GB) (Free:0 GB) CDFS
    8 Drive k: (TRANSCEND) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: () (Fixed) (Total:105.38 GB) (Free:3.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Datentr„ger ### Status Gr”áe Frei Dyn GPT
    --------------- ------------- ------- ------- --- ---
    Datentr„ger 0 Online 111 GB 0 B
    Datentr„ger 1 Online 232 GB 7168 KB
    Datentr„ger 2 Online 149 GB 8 MB
    Datentr„ger 3 Online 931 GB 0 B
    Datentr„ger 4 Online 1926 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 105 GB 31 KB
    Partition 0 Erweitert 6588 MB 105 GB
    Partition 2 Logisch 6588 MB 105 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 105 GB Fehlerfre

    ==================================================================================

    Disk: 0
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 G CS NTFS Partition 6588 MB Fehlerfre

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 232 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D NTFS Partition 232 GB Fehlerfre

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 149 GB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E NTFS Partition 149 GB Fehlerfre

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 468 GB 31 KB
    Partition 2 Prim„r 341 GB 468 GB
    Partition 3 Prim„r 120 GB 810 GB

    ==================================================================================

    Disk: 3
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F Games NTFS Partition 468 GB Fehlerfre

    ==================================================================================

    Disk: 3
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 H Movies NTFS Partition 341 GB Fehlerfre

    ==================================================================================

    Disk: 3
    Partition 3
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 C NTFS Partition 120 GB Fehlerfre

    ==================================================================================

    Partitions of Disk 4:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 1922 MB 4096 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Typ : 0B
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K TRANSCEND FAT32 Wechselmed 1922 MB Fehlerfre

    ==================================================================================

    Last Boot: 2012-08-28 22:41

    ==================== End Of Log =============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Nothing suspicious there.

    Let's try something...

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can connect afterwards.
     

    Attached Files:

  22. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    It worked I got connection!

    Thanks for that already!

    Here is the log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-09-2012 03
    Ran by SYSTEM at 2012-09-04 03:06:41 Run:2
    Running from K:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====


    Whats the next step? :)
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well :)
    We restored your computer to 8/28 so we must re-run some scans to see what's going on.

    First of all create fresh restore point (IMPORTANT!).

    Then....

    Re-run MBAM (update it first), RogueKiller and aswMBR.
    Post all three logs.
     
  24. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Okay here is the MBAM log and the RKiller.log, aswMBR takes its time to download the definitions (14kb/s, got 16mbits...):

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.03.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    DJDany :: DJDANY-PC [administrator]

    04.09.2012 03:24:09
    mbam-log-2012-09-04 (03-24-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231146
    Time elapsed: 1 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    RKiller.log

    RogueKiller V8.0.2 [08/31/2012] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Betriebssystem: Windows 7 (6.1.7600 ) 64 bits version
    Gestartet in : Normal Modus
    Benutzer : DJDany [Admin Rechte]
    Funktion : Scannen -- Datum : 09/04/2012 03:29:30

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry-Einträge : 5 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND
    [RUN][BLACKLIST DLL] [ON_E:]HKLM\Software[...]\Run : c4011b78 (rundll32.exe "C:\WINDOWS\system32\siefihlm.dll",b) -> FAND

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Infektion : ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG SP1213N ATA Device +++++
    --- User ---
    [MBR] d8986dfd596392b6ac3717315e513d4c
    [BSP] b3db800ad553731c1454b66c5c65b5db : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 107910 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 220999968 | Size: 6588 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SAMSUNG SP2504C SCSI Disk Device +++++
    --- User ---
    [MBR] 50fd70bf23261b4ad6dd27873dca62f5
    [BSP] fde53e3f7121d02b9b3ea6782f9b552d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ST316002 3AS SCSI Disk Device +++++
    --- User ---
    [MBR] 954fddb065eb9a18544211895c9eeae8
    [BSP] 431f8c55ef2f060dc83e7fdbc2c64fd0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: WDC WD10 01FALS-00J7B SCSI Disk Device +++++
    --- User ---
    [MBR] 5cf435ff54582a370e7dee25f5bf543a
    [BSP] 47d5e137e6c2707ecdf95df47f0f5208 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 480004 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 983049480 | Size: 350002 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1699853715 | Size: 123860 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: JetFlash Transcend 2GB USB Device +++++
    --- User ---
    [MBR] 02b0428f470414ee3c32ae94fa36a5a8
    [BSP] e1b6546b754dac1a850095bd1d624e14 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 1922 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Abgeschlossen : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    I'll post the aswMBR log as soon as it finished!
     
  25. Tacopsjunky

    Tacopsjunky TS Rookie Topic Starter Posts: 33

    Okay so aswMBR crashed again but I saved a log before it could crash (Always crashes at Microsoft Visual Studio):

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-04 03:39:12
    -----------------------------
    03:39:12.526 OS Version: Windows x64 6.1.7600
    03:39:12.526 Number of processors: 4 586 0xF07
    03:39:12.526 ComputerName: DJDANY-PC UserName: DJDany
    03:39:13.737 Initialize success
    03:39:17.872 AVAST engine defs: 12090301
    03:39:18.997 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
    03:39:18.997 Disk 0 Vendor: SAMSUNG_SP1213N TL100-30 Size: 114498MB BusType: 3
    03:39:18.997 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007f
    03:39:18.997 Disk 1 Vendor: SAMSUNG_ VT10 Size: 238418MB BusType: 3
    03:39:19.004 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000080
    03:39:19.004 Disk 2 Vendor: ST316002 3.00 Size: 152627MB BusType: 3
    03:39:19.004 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\00000081
    03:39:19.012 Disk 3 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
    03:39:19.036 Disk 3 MBR read successfully
    03:39:19.036 Disk 3 MBR scan
    03:39:19.043 Disk 3 Windows 7 default MBR code
    03:39:19.043 Disk 3 Partition 1 00 07 HPFS/NTFS NTFS 480004 MB offset 63
    03:39:19.059 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 350002 MB offset 983049480
    03:39:19.083 Disk 3 Partition 3 00 07 HPFS/NTFS NTFS 123860 MB offset 1699853715
    03:39:19.098 Disk 3 scanning C:\Windows\system32\drivers
    03:39:26.958 Service scanning
    03:39:44.603 Modules scanning
    03:39:44.603 Disk 3 trace - called modules:
    03:39:44.626 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80065082c0]<<spwj.sys storport.sys hal.dll nvstor64.sys
    03:39:44.634 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8006927060]
    03:39:44.634 3 CLASSPNP.SYS[fffff88001ab543f] -> nt!IofCallDriver -> [0xfffffa8006676b20]
    03:39:44.642 5 ACPI.sys[fffff88000f84781] -> nt!IofCallDriver -> \Device\00000081[0xfffffa80066778b0]
    03:39:44.650 \Driver\nvstor64[0xfffffa800665e900] -> IRP_MJ_CREATE -> 0xfffffa80065082c0
    03:39:45.783 AVAST engine scan C:\Windows
    03:39:47.346 AVAST engine scan C:\Windows\system32
    03:41:02.951 Disk 3 MBR has been saved successfully to "C:\Users\DJDany\Documents\MBR.dat"
    03:41:02.958 The log file has been saved successfully to "C:\Users\DJDany\Documents\aswMBR.txt"


    And I created a fresh restore point! So this is saved :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...