Solved Win64/Patched.b.gen Trojan

Tacopsjunky

Posts: 33   +0
Hey there so I got the Trojan mentioned in the title on my PC, my ESET NOD32 5 pop out the message every almost every 10 seconds.

I'm not an expert in Computer stuff but have the basic knowledge.
I did what was writing in the sticky removal guide, here the logs in order (it was writen not to attach any files, I added the Attach.txt but the programm told me not to post it so I attached it):

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
DJDany :: DJDANY-PC [administrator]

01.09.2012 22:50:44
mbam-log-2012-09-01 (22-50-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225333
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




DDS Log's:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by DJDany at 23:22:08 on 2012-09-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6143.4221 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Icecast2 Win32\icecastService.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Tunngle\TnglCtrl.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe
C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\DJDany\Downloads\szbu38ze.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PlayNC Launcher]
uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
uRun: [Womaimnyo] C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\DJDany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EASYTO~1.LNK - C:\Users\DJDany\Desktop\EasyToolz.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: Interfaces\{92F955C0-BF8E-451C-9A9B-AF00548749E4} : DhcpNameServer = 7.254.254.254
TCP: Interfaces\{CA868540-8747-4B04-9167-AA349AECD59F} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer = 169.254.145.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: network.proxy.http - 109.123.126.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\DJDany\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\DJDany\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2009-11-26 87680]
R1 PStrip64;PStrip64;C:\Windows\system32\drivers\pstrip64.sys --> C:\Windows\system32\drivers\pstrip64.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;C:\Program Files (x86)\Icecast2 Win32\icecastService.exe [2010-7-28 417792]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-2-26 5017600]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-10 2416040]
R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2009-11-24 741224]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\system32\DRIVERS\hidusbf.sys --> C:\Windows\system32\DRIVERS\hidusbf.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-12 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250568]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;C:\Windows\system32\DRIVERS\MijUfilt.sys --> C:\Windows\system32\DRIVERS\MijUfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-30 114144]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-12 14544]
.
=============== Created Last 30 ================
.
2012-09-01 20:49:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-01 19:20:50 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-01 16:52:31 -------- d-----w- C:\Users\DJDany\AppData\Roaming\Malwarebytes
2012-09-01 16:51:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-01 16:51:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-31 18:29:16 -------- d-----w- C:\Program Files (x86)\Windows Resource Kits
2012-08-31 18:23:16 -------- d-----w- C:\Program Files\ESET
2012-08-31 17:22:49 -------- d-----w- C:\Users\DJDany\AppData\Local\VS Revo Group
2012-08-31 17:22:47 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-08-31 17:22:46 -------- d-----w- C:\Program Files\VS Revo Group
2012-08-31 17:16:37 -------- d-----w- C:\Users\DJDany\AppData\Local\Macromedia
2012-08-31 17:16:24 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 17:16:24 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 11:24:07 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-31 10:50:23 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-30 13:18:57 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 04:45:38 -------- d-----w- C:\Users\DJDany\AppData\Local\FFsplit
2012-08-27 04:28:04 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-08-27 04:28:02 -------- d-----w- C:\Program Files (x86)\FFsplit
2012-08-27 04:27:49 -------- d-----w- C:\Users\DJDany\AppData\Roaming\FFsplit
2012-08-27 04:20:23 -------- d-----w- C:\Users\DJDany\AppData\Local\SplitMediaLabs
2012-08-27 04:17:00 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-08-27 04:17:00 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-08-27 04:15:43 -------- d-----w- C:\Users\DJDany\AppData\Roaming\SplitMediaLabs
2012-08-11 12:19:43 -------- d-----w- C:\Users\DJDany\AppData\Local\CrashRpt
2012-08-08 19:53:47 -------- d-----w- C:\Program Files (x86)\uTorrent
.
==================== Find3M ====================
.
2012-08-01 21:52:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-01 21:52:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-01 21:52:13 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-13 12:52:28 4269056 ----a-w- C:\Windows\SysWow64\system.dll
2012-07-12 11:57:36 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-21 15:40:42 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-06-21 15:40:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 23:22:28,09 =============



I appreciate any help cause I dont know what to do!

Gretting,
Taco
 

Attachments

  • Attach.txt
    10.8 KB · Views: 1
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

GMER log is missing.

======================================

Please observe forum rules.
ALL logs have to be pasted not attached.

When done with pasting Attach.txt log....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Attach.txt, Gmer.log, RougeKiller.log (logs in order), the Rougekiller log is in german, since I'm running a german system, I hope its ok like that! I tried to scan with aswMBR but it crashes when its get to the Microsoft VirtualStudio folder in the system. I can post a picture if needed!
I'm thankful for your help!


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11.11.2009 01:33:55
System Uptime: 01.09.2012 22:13:35 (1 hours ago)
.
Motherboard: alienware | | alienware
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.66GHz | Socket 775 | 3200/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 121 GiB total, 24,577 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 38,103 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 7,475 GiB free.
F: is FIXED (NTFS) - 469 GiB total, 45,435 GiB free.
G: is FIXED (NTFS) - 6 GiB total, 4,551 GiB free.
H: is FIXED (NTFS) - 342 GiB total, 12,698 GiB free.
I: is CDROM (CDFS)
J: is CDROM ()
K: is FIXED (NTFS) - 105 GiB total, 3,015 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP497: 31.08.2012 19:28:49 - Wiederherstellungsvorgang
RP498: 31.08.2012 20:01:29 - Installed ESET NOD32 Antivirus
RP499: 31.08.2012 20:21:27 - Installed ESET NOD32 Antivirus
RP500: 31.08.2012 20:29:04 - Installed Windows Resource Kit Tools - SubInAcl.exe
RP501: 31.08.2012 20:34:50 - Installed ESET NOD32 Antivirus
.
==== Installed Programs ======================
.
9 Dragons 1.0
AC3Filter 1.63b
Achron
ACR version 0.001
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Tactical Center™ 1.0
Alien Shooter 2: Reloaded
Apple Application Support
Apple Software Update
ASIO4ALL
Assassin's Creed II
µTorrent
Audacity 1.3.12 (Unicode)
AutoUpdate
Bandisoft MPEG-1 Decoder
Battle of the Immortals
Battlefield 3™
Battlefield 3™ Open Beta
Battlefield: Bad Company 2
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Between IGF Demo
Blitzkrieg Mod
C9
CABAL Online
Cablenut 4.08
Call of Duty Modern Warfare 2
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Combined Community Codec Pack 2009-09-09
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Company of Heroes
Company of Heroes: Opposing Fronts
Company of Heroes: Tales of Valor
Connect
Counter-Strike
Counter-Strike: Source
Darkest Hour: Europe '44-'45
Day of Defeat
Day of Defeat: Source
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DF CrcSfv 1.3
DiskAid 3.11
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
Dragon Age II
Drumaxx
EAX4 Unified Redist
Elite Cabal
Elite Launcher
eReg
erLT
ESN Sonar
EVEREST Home Edition v2.20
EVGA Precision 2.0.0
Facebook Plug-In
Fallout New Vegas
ffdshow [rev 3154] [2009-12-09]
FFsplit
FL Studio 9
FlashFXP v4.0
Fraps
Game Booster 3
Garry's Mod
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hardcore
HijackThis 2.0.2
HLSW v1.3.3.7b
Icecast 2.3.2
ICQ7.2
IL Download Manager
INsanes Small HUD 8 Black
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 21
JDownloader
K-Lite Codec Pack 5.4.4 (Full)
kuler
LAME v3.98.2 for Audacity
Lead and Gold - Gangs of the Wild West
League of Legends
LineIn plugin for WinAMP v1.80 (remove only)
Logitech Touch Mouse Server 1.0
LogMeIn Hamachi
Mafia II
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect
Mass Effect 2
MatrixDvD Player 2.0b
MediaMonkey 3.2
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Minecraft Beta Cracked
mIRC
Morphine
Mozilla Firefox 15.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor
NCsoft Launcher
Need for Speed™ SHIFT
Nero 7 Premium
neroxml
Nexon Game Manager
NVIDIA Performance
NVIDIA Photoshop Plug-ins 64 bit
NVIDIA PhysX
NVIDIA System Monitor
NVIDIA System Update
Octoshape add-in for Adobe Flash Player
OpenAL
OpenOffice.org 3.1
Origin
PdaNet Desktop (64 bit) for iPhone 1.54
PDF Settings CS4
Photoshop Camera Raw
Pioneer CDJ-400 Driver
PoiZone
PokerStars.net
Portal
PowerStrip 3 (remove only)
PunkBuster Services
QuickTime
Razer DeathAdder(TM) Mouse
Realtek High Definition Audio Driver
Red Faction: Guerrilla
Red Orchestra: Ostfront 41-45
Remote Mouse version 1.09
Rockstar Games Social Club
Safari
Sakura
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SHIFT 2 UNLEASHED™
Silkroad
Skype™ 5.5
SMPlayer 0.6.7
Source SDK Base 2007
Source Violence Patch 1.5 BETA
SpeedFan (remove only)
Spybot - Search & Destroy
Star Wars - Jedi Knight II: Jedi Outcast
Steam
Suite Shared Configuration CS4
swMSM
System Requirements Lab
TeamViewer 6
TERA
TGA Viewer
Tom Clancy's Rainbow Six Vegas 2
Toxic Biohazard
Tunngle beta
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Valex AC3-DTS codec (remove only)
VC80CRTRedist - 8.0.50727.4053
Vegas Movie Studio Platinum 9.0
Ventrilo
Vindictus
Vindictus EU
Virtual DJ - Atomix Productions
VLC media player 1.0.5
Winamp
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Windows Resource Kit Tools - SubInAcl.exe
Wise Registry Cleaner 5.8.9
World of Tanks v.0.6.3.11
X-ray Anti-Cheat
Xilisoft Video Converter Platinum
XSplit
.
==== End Of File ===========================



Gmer.log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-02 15:13:26
Windows 6.1.7600
Running: szbu38ze.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF3 0x20 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF3 0x20 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF4 0x07 0xC3 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x13 0xB1 0x18 ...

---- EOF - GMER 1.0.15 ----


RougeKiller.log


RogueKiller V8.0.2 [08/31/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normal Modus
Benutzer : DJDany [Admin Rechte]
Funktion : Scannen -- Datum : 09/02/2012 15:15:50

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Womaimnyo (C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe) -> FAND
[RUN][SUSP PATH] HKUS\S-1-5-21-4248820356-2940563936-93324341-1001[...]\Run : Womaimnyo (C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe) -> FAND
[STARTUP][SUSP PATH] EasyToolz.lnk @DJDany : C:\Users\DJDany\Desktop\EasyToolz.exe -> FAND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\n.) -> FAND
[RUN][BLACKLIST DLL] [ON_E:]HKLM\Software[...]\Run : c4011b78 (rundll32.exe "C:\WINDOWS\system32\siefihlm.dll",b) -> FAND

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@ --> FAND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U --> FAND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L --> FAND
[ZeroAccess][FILE] @ : C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@ --> FAND
[ZeroAccess][FOLDER] U : C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U --> FAND
[ZeroAccess][FOLDER] L : C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L --> FAND
[Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FAND

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion : ZeroAccess ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
[...]


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1213N ATA Device +++++
--- User ---
[MBR] d8986dfd596392b6ac3717315e513d4c
[BSP] b3db800ad553731c1454b66c5c65b5db : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 107910 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 220999968 | Size: 6588 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 50fd70bf23261b4ad6dd27873dca62f5
[BSP] fde53e3f7121d02b9b3ea6782f9b552d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ST316002 3AS SCSI Disk Device +++++
--- User ---
[MBR] 954fddb065eb9a18544211895c9eeae8
[BSP] 431f8c55ef2f060dc83e7fdbc2c64fd0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD10 01FALS-00J7B SCSI Disk Device +++++
--- User ---
[MBR] 5cf435ff54582a370e7dee25f5bf543a
[BSP] 47d5e137e6c2707ecdf95df47f0f5208 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 480004 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 983049480 | Size: 350002 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1699853715 | Size: 123860 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[1].txt >>
RKreport[1].txt


Greetings,
Taco
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Here the logs in order (FRST.txt, Search.txt):

Scan result of Farbar Recovery Scan Tool Version: 02-09-2012 03
Ran by SYSTEM at 02-09-2012 22:20:54
Running from K:\
Windows 7 Ultimate (X64) OS Language: German Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-08-29] (LogMeIn Inc.)
HKU\DJDany\...\Run: [PlayNC Launcher] [x]
HKU\DJDany\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-05-10] ()
HKU\DJDany\...\Run: [Womaimnyo] C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E}: [NameServer]169.254.145.1

==================== Services (Whitelisted) ======

2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [913144 2012-03-07] (ESET)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.)
2 Icecast-trunk; "C:\Program Files (x86)\Icecast2 Win32\icecastService.exe" "C:\Program Files (x86)\Icecast2 Win32" [417792 2008-05-24] ()
2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [1620992 2009-11-24] (Locktime Software)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-12] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [283304 2012-09-02] ()
2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)

==================== Drivers (Whitelisted) ===================

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-02-19] ()
3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2012-03-14] (ESET)
2 ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [179616 2011-03-29] (<Turtle Entertainment>)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hidusbf; C:\Windows\System32\Drivers\hidusbf.sys [7808 2009-11-11] (SweetLow)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-02-19] ()
3 MotioninJoyUSBFilter; C:\Windows\System32\DRIVERS\MijUfilt.sys [20480 2009-10-03] (MotioninJoy)
1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [87680 2009-11-26] (Locktime Software)
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
1 PStrip64; C:\Windows\System32\Drivers\PStrip64.sys [13008 2006-09-30] ()
3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2010-09-07] ()
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-11] (Duplex Secure Ltd.)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
3 VBoxNetAdp; C:\Windows\System32\Drivers\VBoxNetAdp.sys [146384 2009-11-30] (Sun Microsystems, Inc.)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
3 dump_wmimmc; \??\F:\NewEliteSRO\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-02 22:20 - 2012-09-02 22:20 - 00000000 ____D C:\FRST
2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
2012-09-02 14:14 - 2012-09-02 14:15 - 00000000 ____D C:\Users\DJDany\Desktop\RK_Quarantine
2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
2012-09-01 21:55 - 2012-09-02 14:28 - 00000000 ____D C:\Users\DJDany\Downloads\Virustopic
2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-01 21:49 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-01 21:17 - 2012-09-02 14:16 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
2012-09-01 20:20 - 2012-09-01 20:20 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-01 17:52 - 2012-09-01 17:52 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\Malwarebytes
2012-09-01 17:51 - 2012-09-01 21:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 17:51 - 2012-09-01 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-01 17:50 - 2012-09-01 22:12 - 00000000 ____D C:\Users\DJDany\Downloads\MBR
2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
2012-08-31 19:29 - 2012-08-31 19:29 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
2012-08-31 19:23 - 2012-08-31 19:23 - 00000000 ____D C:\Users\All Users\ESET
2012-08-31 19:23 - 2012-08-31 19:23 - 00000000 ____D C:\Program Files\ESET
2012-08-31 19:08 - 2012-08-31 19:16 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
2012-08-31 18:59 - 2012-08-31 19:00 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Users\DJDany\AppData\Local\VS Revo Group
2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Program Files\VS Revo Group
2012-08-31 18:22 - 2009-12-30 10:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
2012-08-31 18:16 - 2012-09-02 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-31 18:16 - 2012-08-31 18:16 - 00000000 ____D C:\Users\DJDany\AppData\Local\Macromedia
2012-08-31 18:01 - 2012-08-31 18:14 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
2012-08-31 12:24 - 2012-08-31 12:24 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-31 11:50 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
2012-08-27 05:45 - 2012-08-27 05:45 - 00000000 ____D C:\Users\DJDany\AppData\Local\FFsplit
2012-08-27 05:28 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\FFsplit
2012-08-27 05:28 - 2012-08-27 05:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-08-27 05:27 - 2012-08-31 18:56 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\FFsplit
2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
2012-08-27 05:20 - 2012-08-27 05:20 - 00000000 ____D C:\Users\DJDany\AppData\Local\SplitMediaLabs
2012-08-27 05:19 - 2012-08-27 05:19 - 00000000 ____D C:\Windows\System32\Macromed
2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
2012-08-27 05:15 - 2012-08-27 05:15 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\SplitMediaLabs
2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\Documents\ACR
2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\AppData\Local\CrashRpt
2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
2012-08-08 20:53 - 2012-08-08 20:53 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-08-06 18:08 - 2012-08-06 18:08 - 00000000 ____D C:\Users\DJDany\Desktop\Neuer Ordner
2012-08-04 18:25 - 2012-08-04 18:25 - 00000000 ____D C:\Users\Public\Games
2012-08-04 18:20 - 2012-08-23 05:38 - 00000805 ____A C:\Users\Public\Desktop\GamezTera Launcher.lnk
2012-08-04 18:19 - 2012-08-04 18:19 - 01111700 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer.exe

==================== 3 Months Modified Files ================================

2012-09-02 21:16 - 2009-11-21 00:42 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-09-02 21:13 - 2009-07-14 18:58 - 00698726 ____A C:\Windows\System32\perfh007.dat
2012-09-02 21:13 - 2009-07-14 18:58 - 00148782 ____A C:\Windows\System32\perfc007.dat
2012-09-02 21:13 - 2009-07-14 06:13 - 01613166 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-02 21:08 - 2012-07-19 22:05 - 00005972 ____A C:\Windows\setupact.log
2012-09-02 20:45 - 2012-08-31 18:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-02 20:33 - 2009-11-11 15:19 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-09-02 20:33 - 2009-11-11 15:02 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-09-02 20:33 - 2009-11-11 15:02 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-09-02 14:59 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-02 14:59 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-02 14:55 - 2012-07-19 22:48 - 00078414 ____A C:\Windows\WindowsUpdate.log
2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
2012-09-02 14:54 - 2012-07-21 13:52 - 00021694 ____A C:\Windows\PFRO.log
2012-09-02 14:54 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
2012-09-02 14:16 - 2012-09-01 21:17 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
2012-08-31 19:16 - 2012-08-31 19:08 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
2012-08-31 19:00 - 2012-08-31 18:59 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-31 18:14 - 2012-08-31 18:01 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
2012-08-31 12:24 - 2012-08-31 12:24 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
2012-08-29 03:11 - 2009-11-11 01:50 - 00007596 ____A C:\Users\DJDany\AppData\Local\Resmon.ResmonCfg
2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
2012-08-23 05:38 - 2012-08-04 18:20 - 00000805 ____A C:\Users\Public\Desktop\GamezTera Launcher.lnk
2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
2012-08-04 18:19 - 2012-08-04 18:19 - 01111700 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer.exe
2012-08-02 16:24 - 2012-08-02 16:24 - 13839192 ____A (Frogster Online Gaming GmbH ) C:\Users\DJDany\Downloads\TERASetup.exe
2012-07-30 16:07 - 2012-07-30 16:07 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 6.lnk
2012-07-30 16:06 - 2012-07-30 16:06 - 04171032 ____A (TeamViewer GmbH) C:\Users\DJDany\Downloads\TeamViewer_Setup.exe
2012-07-29 19:32 - 2012-07-29 19:32 - 00008068 ____A C:\Users\DJDany\Downloads\d29d98ac0acb008a2629d474ada86c57.dlc
2012-07-25 22:05 - 2012-07-25 22:05 - 01223168 ____A C:\Users\DJDany\Downloads\BF3 Config Utility.exe
2012-07-25 20:34 - 2012-07-25 20:15 - 1552182149 ____A C:\Users\DJDany\Downloads\Jae_SRO_-(1Mir)_Full_Client.rar
2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\UpdatusUser\Desktop\Play 9Dragons.lnk
2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\DJDany\Desktop\Play 9Dragons.lnk
2012-07-24 12:28 - 2012-07-24 12:15 - 1122401654 ____A C:\Users\DJDany\Downloads\Setup-Play9D.exe
2012-07-19 22:05 - 2012-07-19 22:05 - 00000000 ____A C:\Windows\setuperr.log
2012-07-19 20:33 - 2012-07-19 20:33 - 00013168 ____A C:\Users\DJDany\Downloads\98b2a695ddd9b2e90dc42a3a3980aaf7.dlc
2012-07-18 13:57 - 2010-05-06 22:40 - 00004359 ____A C:\Users\DJDany\Desktop\lol.txt
2012-07-17 19:47 - 2012-07-17 19:47 - 00000185 ____A C:\Users\Public\Desktop\Vindictus EU.url
2012-07-17 16:02 - 2012-07-17 16:02 - 00000201 ____A C:\Users\Public\Desktop\Vindictus.url
2012-07-14 00:05 - 2011-04-22 23:47 - 01594042 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-13 13:52 - 2009-12-02 03:21 - 04269056 ____A C:\Windows\SysWOW64\system.dll
2012-07-12 12:57 - 2009-11-11 15:02 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-12 12:52 - 2012-07-12 12:52 - 03878112 ____A C:\Users\DJDany\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
2012-07-12 12:50 - 2010-02-21 01:31 - 00000020 ____A C:\Users\DJDany\Documents\aionmemo_1dbe5b45.dat
2012-07-12 12:22 - 2012-07-12 12:18 - 211927944 ____A (NVIDIA Corporation) C:\Users\DJDany\Downloads\301.42-desktop-win7-winvista-64bit-international-whql.exe
2012-07-12 12:07 - 2012-07-12 12:07 - 11733072 ____A (IObit ) C:\Users\DJDany\Downloads\gb3.5-beta-setup.exe
2012-07-12 12:07 - 2011-09-02 20:38 - 00001182 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
2012-07-12 12:07 - 2011-09-02 20:38 - 00001170 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
2012-07-12 08:17 - 2009-07-14 05:45 - 03049760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:57 - 2009-11-11 04:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 12:46 - 2012-09-01 21:49 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 14:05 - 2009-07-14 03:34 - 00000478 ____A C:\Windows\win.ini
2012-06-21 16:40 - 2012-06-21 16:40 - 00768848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2012-06-21 16:40 - 2012-06-21 16:40 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2012-06-12 04:02 - 2012-07-12 00:00 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:30 - 2012-07-11 11:37 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:46 - 2012-07-11 11:37 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 06:50 - 2012-07-11 11:37 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 06:50 - 2012-07-11 11:37 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 06:09 - 2012-07-11 11:37 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 06:09 - 2012-07-11 11:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll


ZeroAccess:
C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}
C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@
C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L
C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U
C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U\00000001.@

ZeroAccess:
C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}
C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\@
C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\L
C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-31 18:28:58
Restore point made on: 2012-08-31 19:01:56
Restore point made on: 2012-08-31 19:21:44
Restore point made on: 2012-08-31 19:29:08
Restore point made on: 2012-08-31 19:35:07

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6142.55 MB
Available physical RAM: 5387.65 MB
Total Pagefile: 6140.7 MB
Available Pagefile: 5381.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:120.96 GB) (Free:23.24 GB) NTFS
2 Drive d: () (Fixed) (Total:232.82 GB) (Free:38.1 GB) NTFS
3 Drive e: () (Fixed) (Total:149.04 GB) (Free:7.47 GB) NTFS
4 Drive f: (Games) (Fixed) (Total:468.75 GB) (Free:45.43 GB) NTFS
5 Drive g: (CS) (Fixed) (Total:6.43 GB) (Free:4.55 GB) NTFS
6 Drive h: (Movies) (Fixed) (Total:341.8 GB) (Free:12.7 GB) NTFS
7 Drive j: (Battlefield 3) (CDROM) (Total:5.63 GB) (Free:0 GB) CDFS
8 Drive k: (TRANSCEND) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: () (Fixed) (Total:105.38 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 111 GB 0 B
Datentr„ger 1 Online 232 GB 7168 KB
Datentr„ger 2 Online 149 GB 8 MB
Datentr„ger 3 Online 931 GB 0 B
Datentr„ger 4 Online 1926 MB 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 105 GB 31 KB
Partition 0 Erweitert 6588 MB 105 GB
Partition 2 Logisch 6588 MB 105 GB

==================================================================================

Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 105 GB Fehlerfre

==================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G CS NTFS Partition 6588 MB Fehlerfre

==================================================================================

Partitions of Disk 1:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 232 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 232 GB Fehlerfre

==================================================================================

Partitions of Disk 2:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 149 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 149 GB Fehlerfre

==================================================================================

Partitions of Disk 3:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 468 GB 31 KB
Partition 2 Prim„r 341 GB 468 GB
Partition 3 Prim„r 120 GB 810 GB

==================================================================================

Disk: 3
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F Games NTFS Partition 468 GB Fehlerfre

==================================================================================

Disk: 3
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H Movies NTFS Partition 341 GB Fehlerfre

==================================================================================

Disk: 3
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 C NTFS Partition 120 GB Fehlerfre

==================================================================================

Partitions of Disk 4:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 1922 MB 4096 KB

==================================================================================

Disk: 4
Partition 1
Typ : 0B
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K TRANSCEND FAT32 Wechselmed 1922 MB Fehlerfre

==================================================================================

Last Boot: 2012-08-28 22:41

==================== End Of Log =============================



Search.txt

Farbar Recovery Scan Tool Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-02 22:22:46
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 

Attachments

  • fixlist.txt
    585 bytes · Views: 1
Ok ran ComboFix, rebooted, left ComboFix to finish, rebooted again and dont have any Internetconnection.
Hope you can help me to get the Internet on my PC back wroking normally :)
Here the logs in order (Sorry that the log's are in german, cant change it.):

Fixlog.log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-03 02:26:34 Run:1
Running from K:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\DJDany\Software\Microsoft\Windows\CurrentVersion\Run\\Womaimnyo Value deleted successfully.
C:\Users\DJDany\AppData\Roaming\Acyw\inhas.exe not found.
C:\Windows\Installer\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50} moved successfully.
C:\Users\DJDany\AppData\Local\{e046c03c-b8e5-39c9-2c3c-4d0339d12b50} moved successfully.

Der Vorgang wurde erfolgreich beendet.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====



ComboFix.log:


ComboFix 12-09-01.01 - DJDany 03.09.2012 2:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6143.4738 [GMT 2:00]
ausgeführt von:: c:\users\DJDany\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DJDany\AppData\Local\assembly\tmp
c:\users\DJDany\AppData\Roaming\edxLabs
c:\users\DJDany\AppData\Roaming\edxLabs\edxSilkroadLoader\edxSilkroadLoader.ini
c:\users\DJDany\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\windows\box.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\system.dll
D:\install.exe
F:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-03 bis 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-03 00:54 . 2012-09-03 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-02 21:20 . 2012-09-02 21:20 -------- d-----w- C:\FRST
2012-09-01 20:49 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 19:20 . 2012-09-01 19:20 -------- d-----w- c:\program files (x86)\ESET
2012-09-01 16:52 . 2012-09-01 16:52 -------- d-----w- c:\users\DJDany\AppData\Roaming\Malwarebytes
2012-09-01 16:51 . 2012-09-01 16:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-01 16:51 . 2012-09-01 20:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 18:29 . 2012-08-31 18:29 -------- d-----w- c:\program files (x86)\Windows Resource Kits
2012-08-31 18:23 . 2012-08-31 18:23 -------- d-----w- c:\program files\ESET
2012-08-31 17:22 . 2012-08-31 17:22 -------- d-----w- c:\users\DJDany\AppData\Local\VS Revo Group
2012-08-31 17:22 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-08-31 17:22 . 2012-08-31 17:22 -------- d-----w- c:\program files\VS Revo Group
2012-08-31 17:16 . 2012-08-31 17:16 -------- d-----w- c:\users\DJDany\AppData\Local\Macromedia
2012-08-31 17:16 . 2012-08-31 17:16 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 17:16 . 2012-08-31 17:16 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-31 10:50 . 2012-08-31 17:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-30 13:18 . 2012-08-30 13:18 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 04:45 . 2012-08-27 04:45 -------- d-----w- c:\users\DJDany\AppData\Local\FFsplit
2012-08-27 04:28 . 2012-08-27 04:28 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-08-27 04:28 . 2012-08-31 17:56 -------- d-----w- c:\program files (x86)\FFsplit
2012-08-27 04:27 . 2012-08-31 17:56 -------- d-----w- c:\users\DJDany\AppData\Roaming\FFsplit
2012-08-27 04:20 . 2012-08-27 04:20 -------- d-----w- c:\users\DJDany\AppData\Local\SplitMediaLabs
2012-08-27 04:19 . 2012-08-27 04:19 -------- d-----w- c:\windows\system32\Macromed
2012-08-27 04:17 . 2012-08-27 04:17 -------- d-----w- c:\programdata\SplitMediaLabs
2012-08-27 04:17 . 2012-08-27 04:17 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-08-27 04:15 . 2012-08-27 04:15 -------- d-----w- c:\users\DJDany\AppData\Roaming\SplitMediaLabs
2012-08-11 12:19 . 2012-08-11 12:19 -------- d-----w- c:\users\DJDany\AppData\Local\CrashRpt
2012-08-08 19:53 . 2012-08-08 19:53 -------- d-----w- c:\program files (x86)\uTorrent
2012-08-04 17:25 . 2012-08-04 17:25 -------- d-----w- c:\users\Public\Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 00:29 . 2010-04-29 14:01 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-02 20:57 . 2009-11-11 14:19 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-02 20:57 . 2009-11-11 14:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-02 20:56 . 2009-11-11 14:02 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-12 11:57 . 2009-11-11 14:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-11 22:57 . 2009-11-11 03:15 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-21 15:40 . 2012-06-21 15:40 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-21 15:40 . 2012-06-21 15:40 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-12 03:02 . 2012-07-11 23:00 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 10:37 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 10:37 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 10:37 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 10:37 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 10:37 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-05-10 872448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\DJDany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EasyToolz.lnk - c:\users\DJDany\Desktop\EasyToolz.exe [2011-9-2 1391616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-07-16 2416040]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 250568]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-19 12032]
R3 dump_wmimmc;dump_wmimmc;f:\newelitesro\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-18 1038088]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2009-11-11 7808]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [2009-10-03 20480]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2009-11-26 32896]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-09-07 14440]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 146384]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-11 834544]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2009-11-26 87680]
S1 PStrip64;PStrip64;c:\windows\system32\drivers\pstrip64.sys [2006-09-30 13008]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-03-29 179616]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files (x86)\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-02-26 5017600]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-08-09 741224]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2009-11-26 32896]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 17:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E}: NameServer = 169.254.145.1
FF - ProfilePath - c:\users\DJDany\AppData\Roaming\Mozilla\Firefox\Profiles\nxtgu32b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: network.proxy.http - 109.123.126.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-9 Dragons - f:\9 dragons\Play9D\uninst.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-CABAL Online (Europe)_is1 - f:\cabal helix real\unins000.exe
AddRemove-Silkroad - f:\grindsro\Silkroad\Remove.Exe
AddRemove-{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1 - f:\battle of the immortal\Battle of the Immortals\unins000.exe
AddRemove-{A2S166A0-F031-4E27-A057-C69733219434}_is1 - f:\tera\TERA\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4248820356-2940563936-93324341-1001\Software\SecuROM\License information*]
"datasecu"=hex:47,97,90,63,2a,08,0c,ec,74,30,f7,ce,87,2c,07,ae,9e,b5,4c,61,9d,
84,62,91,55,65,e7,6e,87,47,30,32,80,18,b9,14,11,8d,ab,82,a1,37,09,9d,0c,0f,\
"rkeysecu"=hex:b1,f2,8c,19,11,3d,b2,d8,88,02,25,77,01,d1,47,a3
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03 03:03:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-03 01:03
.
Vor Suchlauf: 10 Verzeichnis(se), 26.016.673.792 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 27.095.056.384 Bytes frei
.
- - End Of File - - CD8F454CF16244489D9521454ADBECBB




Greetings,
Taco
 
Did you have internet connection right BEFORE you ran Combofix?

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
I had normal Internet connection before using ComboFix, after the second restart when ComboFix finished the job my connection was gone. I get the 169.254.232 IP, so I'm not even connected to the router, I searched about it on google but didnt do anything since we're working here so I'll post the log from FSSD in a sec!
 
Farbar Service Scanner Version: 06-08-2012
Ran by DJDany (administrator) on 03-09-2012 at 15:51:08
Running from "C:\Users\DJDany\Downloads\Virustopic"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-06-30 12:00] - [2011-12-28 05:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-06-30 12:04] - [2012-03-30 13:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 02:09] - [2009-07-14 03:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 01:36] - [2009-07-14 03:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-07-11 12:37] - [2012-04-24 07:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Combofix created restore point around 03.09.2012 2:47.
Use it and see if your connection is back.
 
Hey Broni,

I restored it but its still not giving me a connection, it is like it was before. Writing from a laptop at the moment.
Any other ideas?

Thanks for your time really appreciate the help.

By the way, my svhost.exe shows 50% of cpu usage if this helps.
 
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
 
Netsh int ip reset reset.log worked fine but at "netsh winsock reset catalog" I get "access denied" it doesnt let me do it.

I will restart the PC and see if the first command help and write after it again.


EDIT*****

Still no connection.
 
Did you open command prompt as administrator (in Vista and 7, while holding CTRL, and SHIFT, press Enter)?
 
Yes I did, it didnt worked.

I cant execute the command, it still gives me "access denied" even with the administrator command prompt!
Do you have any other idea?
 
Scan result of Farbar Recovery Scan Tool Version: 02-09-2012 03
Ran by SYSTEM at 04-09-2012 02:53:12
Running from K:\
Windows 7 Ultimate (X64) OS Language: German Standard
The current controlset is ControlSet003

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKU\DJDany\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-05-10] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E}: [NameServer]169.254.145.1

==================== Services (Whitelisted) ======

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-08-29] (LogMeIn Inc.)
2 Icecast-trunk; "C:\Program Files (x86)\Icecast2 Win32\icecastService.exe" "C:\Program Files (x86)\Icecast2 Win32" [417792 2008-05-24] ()
2 nlsvc; "C:\Program Files\NetLimiter 3\nlsvc.exe" [1620992 2009-11-24] (Locktime Software)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [279848 2007-06-27] (Nero AG)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [276584 2010-03-22] (NVIDIA)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-12] ()
2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [282728 2009-11-06] (NVIDIA)

==================== Drivers (Whitelisted) ===================

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-02-19] ()
3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
2 ESLWireAC; \??\C:\Windows\system32\drivers\ESLWireACD.sys [179616 2011-03-29] (<Turtle Entertainment>)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 hidusbf; C:\Windows\System32\Drivers\hidusbf.sys [7808 2009-11-11] (SweetLow)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-02-19] ()
3 MotioninJoyUSBFilter; C:\Windows\System32\DRIVERS\MijUfilt.sys [20480 2009-10-03] (MotioninJoy)
1 nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [87680 2009-11-26] (Locktime Software)
3 nvoclk64; C:\Windows\System32\Drivers\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
1 PStrip64; C:\Windows\System32\Drivers\PStrip64.sys [13008 2006-09-30] ()
3 RTCore64; \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14440 2010-09-07] ()
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-11-11] (Duplex Secure Ltd.)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
3 VBoxNetAdp; C:\Windows\System32\Drivers\VBoxNetAdp.sys [146384 2009-11-30] (Sun Microsystems, Inc.)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dump_wmimmc; \??\F:\NewEliteSRO\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-03 22:35 - 2012-09-03 22:35 - 00003664 ____N C:\bootsqm.dat
2012-09-03 19:52 - 2012-09-03 19:52 - 00000000 ____D C:\Users\All Users\ESET
2012-09-03 19:29 - 2012-09-03 19:30 - 00000000 ___SD C:\uninstall
2012-09-03 18:09 - 2012-09-03 19:30 - 00000000 ___SD C:\32788R22FWJFW
2012-09-03 17:56 - 2012-09-03 17:58 - 00002566 ____A C:\Windows\diagwrn.xml
2012-09-03 17:56 - 2012-09-03 17:58 - 00001908 ____A C:\Windows\diagerr.xml
2012-09-03 01:35 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-03 01:32 - 2012-09-03 19:30 - 00000000 ____D C:\Windows\erdnt
2012-09-03 01:29 - 2012-09-03 01:29 - 00000381 ____A C:\Windows\LkmdfCoInst.log
2012-09-02 22:20 - 2012-09-02 22:20 - 00000000 ____D C:\FRST
2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
2012-09-02 14:14 - 2012-09-02 14:15 - 00000000 ____D C:\Users\DJDany\Desktop\RK_Quarantine
2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
2012-09-01 21:55 - 2012-09-04 01:50 - 00000000 ____D C:\Users\DJDany\Downloads\Virustopic
2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-01 21:49 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-01 21:17 - 2012-09-02 14:16 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
2012-09-01 20:20 - 2012-09-01 20:20 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-01 17:52 - 2012-09-01 17:52 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\Malwarebytes
2012-09-01 17:51 - 2012-09-01 21:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 17:51 - 2012-09-01 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-01 17:50 - 2012-09-01 22:12 - 00000000 ____D C:\Users\DJDany\Downloads\MBR
2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
2012-08-31 19:29 - 2012-08-31 19:29 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
2012-08-31 19:23 - 2012-08-31 19:23 - 00000000 ____D C:\Program Files\ESET
2012-08-31 19:08 - 2012-08-31 19:16 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
2012-08-31 18:59 - 2012-08-31 19:00 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Users\DJDany\AppData\Local\VS Revo Group
2012-08-31 18:22 - 2012-08-31 18:22 - 00000000 ____D C:\Program Files\VS Revo Group
2012-08-31 18:22 - 2009-12-30 10:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
2012-08-31 18:16 - 2012-09-03 01:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-31 18:16 - 2012-08-31 18:16 - 00000000 ____D C:\Users\DJDany\AppData\Local\Macromedia
2012-08-31 18:01 - 2012-08-31 18:14 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
2012-08-31 11:50 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
2012-08-27 05:45 - 2012-08-27 05:45 - 00000000 ____D C:\Users\DJDany\AppData\Local\FFsplit
2012-08-27 05:28 - 2012-08-31 18:56 - 00000000 ____D C:\Program Files (x86)\FFsplit
2012-08-27 05:28 - 2012-08-27 05:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-08-27 05:27 - 2012-08-31 18:56 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\FFsplit
2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
2012-08-27 05:20 - 2012-08-27 05:20 - 00000000 ____D C:\Users\DJDany\AppData\Local\SplitMediaLabs
2012-08-27 05:19 - 2012-08-27 05:19 - 00000000 ____D C:\Windows\System32\Macromed
2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Users\All Users\SplitMediaLabs
2012-08-27 05:17 - 2012-08-27 05:17 - 00000000 ____D C:\Program Files (x86)\SplitMediaLabs
2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
2012-08-27 05:15 - 2012-08-27 05:15 - 00000000 ____D C:\Users\DJDany\AppData\Roaming\SplitMediaLabs
2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\Documents\ACR
2012-08-11 13:19 - 2012-08-11 13:19 - 00000000 ____D C:\Users\DJDany\AppData\Local\CrashRpt
2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
2012-08-08 20:53 - 2012-08-08 20:53 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-08-06 18:08 - 2012-08-06 18:08 - 00000000 ____D C:\Users\DJDany\Desktop\Neuer Ordner

==================== 3 Months Modified Files ================================

2012-09-04 01:50 - 2012-07-19 22:48 - 00136393 ____A C:\Windows\WindowsUpdate.log
2012-09-04 01:50 - 2009-11-21 00:42 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-09-04 01:50 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-04 01:50 - 2009-07-14 05:45 - 00016944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-04 01:47 - 2012-07-19 22:05 - 00001365 ____A C:\Windows\setupact.log
2012-09-04 01:47 - 2009-07-14 06:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-04 01:47 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-04 01:32 - 2009-07-14 18:58 - 00698726 ____A C:\Windows\System32\perfh007.dat
2012-09-04 01:32 - 2009-07-14 18:58 - 00148782 ____A C:\Windows\System32\perfc007.dat
2012-09-04 01:32 - 2009-07-14 06:13 - 01613166 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-04 00:54 - 2009-11-11 01:50 - 00007596 ____A C:\Users\DJDany\AppData\Local\Resmon.ResmonCfg
2012-09-03 22:35 - 2012-09-03 22:35 - 00003664 ____N C:\bootsqm.dat
2012-09-03 19:31 - 2012-07-21 13:52 - 00022780 ____A C:\Windows\PFRO.log
2012-09-03 17:58 - 2012-09-03 17:56 - 00002566 ____A C:\Windows\diagwrn.xml
2012-09-03 17:58 - 2012-09-03 17:56 - 00001908 ____A C:\Windows\diagerr.xml
2012-09-03 17:56 - 2012-07-19 22:05 - 00000000 ____A C:\Windows\setuperr.log
2012-09-03 01:56 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-09-03 01:45 - 2012-08-31 18:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-03 01:29 - 2012-09-03 01:29 - 00000381 ____A C:\Windows\LkmdfCoInst.log
2012-09-03 01:29 - 2010-04-29 15:01 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-09-02 21:57 - 2009-11-11 15:19 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-09-02 21:57 - 2009-11-11 15:02 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-09-02 21:56 - 2009-11-11 15:02 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-09-02 14:54 - 2012-09-02 14:54 - 00291056 ____A C:\Windows\Minidump\090212-26515-01.dmp
2012-09-02 14:25 - 2012-09-02 14:25 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller(1).exe
2012-09-02 14:16 - 2012-09-01 21:17 - 04731392 ____A (AVAST Software) C:\Users\DJDany\Downloads\aswMBR.exe
2012-09-02 14:15 - 2012-09-02 14:15 - 00004689 ____A C:\Users\DJDany\Desktop\RKreport[1].txt
2012-09-02 14:14 - 2012-09-02 14:14 - 01376768 ____A C:\Users\DJDany\Downloads\RogueKiller.exe
2012-09-02 04:13 - 2012-09-02 04:13 - 00291064 ____A C:\Windows\Minidump\090212-27031-01.dmp
2012-09-01 22:21 - 2012-09-01 22:21 - 00607260 ____R (Swearware) C:\Users\DJDany\Downloads\dds.com
2012-09-01 21:53 - 2012-09-01 21:53 - 00302592 ____A C:\Users\DJDany\Downloads\szbu38ze.exe
2012-09-01 21:49 - 2012-09-01 21:49 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-01 21:48 - 2012-09-01 21:48 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\DJDany\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-01 20:56 - 2012-09-01 20:56 - 00002255 ____A C:\Users\DJDany\Desktop\aswMBR.txt
2012-09-01 20:56 - 2012-09-01 20:56 - 00000512 ____A C:\Users\DJDany\Desktop\MBR.dat
2012-09-01 20:31 - 2012-09-01 20:31 - 00011766 ____A C:\Users\DJDany\Downloads\hijackthis.log
2012-08-31 19:29 - 2012-08-31 19:29 - 00652569 ____A C:\Users\DJDany\Downloads\BFE_Fix.exe
2012-08-31 19:28 - 2012-08-31 19:28 - 00379392 ____A C:\Users\DJDany\Downloads\subinacl.msi
2012-08-31 19:16 - 2012-08-31 19:08 - 00007847 ____A C:\Users\DJDany\Downloads\~ESETUninstaller.log
2012-08-31 19:07 - 2012-08-31 19:07 - 00638976 ____A (ESET) C:\Users\DJDany\Downloads\ESETUninstaller.exe
2012-08-31 19:00 - 2012-08-31 18:59 - 56469504 ____A C:\Users\DJDany\Downloads\eav_nt64_enu.msi
2012-08-31 18:22 - 2012-08-31 18:22 - 07902008 ____A (VS Revo Group ) C:\Users\DJDany\Downloads\RevoUninProSetup.exe
2012-08-31 18:20 - 2012-08-31 18:20 - 00181156 ____A C:\Users\DJDany\Downloads\nod32removal.exe
2012-08-31 18:16 - 2012-08-31 18:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-31 18:16 - 2012-08-31 18:16 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-31 18:14 - 2012-08-31 18:01 - 01378744 ____A (ESET) C:\Users\DJDany\Downloads\eset_nod32_antivirus_live_installer.exe
2012-08-31 12:26 - 2012-08-31 12:26 - 00284520 ____A C:\Windows\Minidump\083112-29656-01.dmp
2012-08-30 14:21 - 2012-08-30 14:21 - 06724176 ____A (Adobe Systems Inc.) C:\Users\DJDany\Downloads\Shockwave_Installer_Slim.exe
2012-08-27 05:27 - 2012-08-27 05:27 - 08588474 ____A (FFsplit) C:\Users\DJDany\Downloads\FFsplit.exe
2012-08-27 05:15 - 2012-08-27 05:15 - 23324368 ____A (SplitMediaLabs) C:\Users\DJDany\Downloads\xsplit_installer_v1.0.1207.2601.exe
2012-08-23 05:38 - 2012-08-23 05:38 - 01117345 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer_v1.03.exe
2012-08-23 05:38 - 2012-08-04 18:20 - 00000805 ____A C:\Users\Public\Desktop\GamezTera Launcher.lnk
2012-08-10 17:39 - 2012-08-10 17:39 - 00591656 ____A (Unity Technologies ApS) C:\Users\DJDany\Downloads\UnityWebPlayer.exe
2012-08-10 17:33 - 2012-08-10 17:33 - 00000952 ____A C:\Users\Public\Desktop\ACR Launcher.lnk
2012-08-10 17:32 - 2012-08-10 17:32 - 35486247 ____A (Eutechnyx, Ltd ) C:\Users\DJDany\Downloads\ACR_setup.exe
2012-08-04 18:19 - 2012-08-04 18:19 - 01111700 ____A () C:\Users\DJDany\Downloads\Gamez Tera Launcher Installer.exe
2012-08-02 16:24 - 2012-08-02 16:24 - 13839192 ____A (Frogster Online Gaming GmbH ) C:\Users\DJDany\Downloads\TERASetup.exe
2012-07-30 16:07 - 2012-07-30 16:07 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 6.lnk
2012-07-30 16:06 - 2012-07-30 16:06 - 04171032 ____A (TeamViewer GmbH) C:\Users\DJDany\Downloads\TeamViewer_Setup.exe
2012-07-29 19:32 - 2012-07-29 19:32 - 00008068 ____A C:\Users\DJDany\Downloads\d29d98ac0acb008a2629d474ada86c57.dlc
2012-07-25 22:05 - 2012-07-25 22:05 - 01223168 ____A C:\Users\DJDany\Downloads\BF3 Config Utility.exe
2012-07-25 20:34 - 2012-07-25 20:15 - 1552182149 ____A C:\Users\DJDany\Downloads\Jae_SRO_-(1Mir)_Full_Client.rar
2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\UpdatusUser\Desktop\Play 9Dragons.lnk
2012-07-24 13:02 - 2012-07-24 13:02 - 00000697 ____A C:\Users\DJDany\Desktop\Play 9Dragons.lnk
2012-07-24 12:28 - 2012-07-24 12:15 - 1122401654 ____A C:\Users\DJDany\Downloads\Setup-Play9D.exe
2012-07-19 20:33 - 2012-07-19 20:33 - 00013168 ____A C:\Users\DJDany\Downloads\98b2a695ddd9b2e90dc42a3a3980aaf7.dlc
2012-07-18 13:57 - 2010-05-06 22:40 - 00004359 ____A C:\Users\DJDany\Desktop\lol.txt
2012-07-17 19:47 - 2012-07-17 19:47 - 00000185 ____A C:\Users\Public\Desktop\Vindictus EU.url
2012-07-17 16:02 - 2012-07-17 16:02 - 00000201 ____A C:\Users\Public\Desktop\Vindictus.url
2012-07-14 00:05 - 2011-04-22 23:47 - 01594042 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-12 12:57 - 2009-11-11 15:02 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-12 12:52 - 2012-07-12 12:52 - 03878112 ____A C:\Users\DJDany\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe
2012-07-12 12:50 - 2010-02-21 01:31 - 00000020 ____A C:\Users\DJDany\Documents\aionmemo_1dbe5b45.dat
2012-07-12 12:22 - 2012-07-12 12:18 - 211927944 ____A (NVIDIA Corporation) C:\Users\DJDany\Downloads\301.42-desktop-win7-winvista-64bit-international-whql.exe
2012-07-12 12:07 - 2012-07-12 12:07 - 11733072 ____A (IObit ) C:\Users\DJDany\Downloads\gb3.5-beta-setup.exe
2012-07-12 12:07 - 2011-09-02 20:38 - 00001182 ____A C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
2012-07-12 12:07 - 2011-09-02 20:38 - 00001170 ____A C:\Users\Public\Desktop\Game Booster 3.lnk
2012-07-12 08:17 - 2009-07-14 05:45 - 03049760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:57 - 2009-11-11 04:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 12:46 - 2012-09-01 21:49 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 14:05 - 2009-07-14 03:34 - 00000478 ____A C:\Windows\win.ini
2012-06-21 16:40 - 2012-06-21 16:40 - 00768848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2012-06-21 16:40 - 2012-06-21 16:40 - 00421200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2012-06-12 04:02 - 2012-07-12 00:00 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 06:30 - 2012-07-11 11:37 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 05:46 - 2012-07-11 11:37 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-03 19:51:06
Restore point made on: 2012-09-04 01:03:51

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6142.55 MB
Available physical RAM: 5365.77 MB
Total Pagefile: 6140.7 MB
Available Pagefile: 5358.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:120.96 GB) (Free:27.18 GB) NTFS
2 Drive d: () (Fixed) (Total:232.82 GB) (Free:38.34 GB) NTFS
3 Drive e: () (Fixed) (Total:149.04 GB) (Free:21.45 GB) NTFS
4 Drive f: (Games) (Fixed) (Total:468.75 GB) (Free:45.56 GB) NTFS
5 Drive g: (CS) (Fixed) (Total:6.43 GB) (Free:4.55 GB) NTFS
6 Drive h: (Movies) (Fixed) (Total:341.8 GB) (Free:12.7 GB) NTFS
7 Drive j: (bie764g) (CDROM) (Total:2.85 GB) (Free:0 GB) CDFS
8 Drive k: (TRANSCEND) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: () (Fixed) (Total:105.38 GB) (Free:3.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 111 GB 0 B
Datentr„ger 1 Online 232 GB 7168 KB
Datentr„ger 2 Online 149 GB 8 MB
Datentr„ger 3 Online 931 GB 0 B
Datentr„ger 4 Online 1926 MB 0 B

Partitions of Disk 0:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 105 GB 31 KB
Partition 0 Erweitert 6588 MB 105 GB
Partition 2 Logisch 6588 MB 105 GB

==================================================================================

Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 105 GB Fehlerfre

==================================================================================

Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G CS NTFS Partition 6588 MB Fehlerfre

==================================================================================

Partitions of Disk 1:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 232 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 232 GB Fehlerfre

==================================================================================

Partitions of Disk 2:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 149 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E NTFS Partition 149 GB Fehlerfre

==================================================================================

Partitions of Disk 3:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 468 GB 31 KB
Partition 2 Prim„r 341 GB 468 GB
Partition 3 Prim„r 120 GB 810 GB

==================================================================================

Disk: 3
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F Games NTFS Partition 468 GB Fehlerfre

==================================================================================

Disk: 3
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H Movies NTFS Partition 341 GB Fehlerfre

==================================================================================

Disk: 3
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 C NTFS Partition 120 GB Fehlerfre

==================================================================================

Partitions of Disk 4:
===============

Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 1922 MB 4096 KB

==================================================================================

Disk: 4
Partition 1
Typ : 0B
Versteckt: Nein
Aktiv : Nein

Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K TRANSCEND FAT32 Wechselmed 1922 MB Fehlerfre

==================================================================================

Last Boot: 2012-08-28 22:41

==================== End Of Log =============================
 
Nothing suspicious there.

Let's try something...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can connect afterwards.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 4
It worked I got connection!

Thanks for that already!

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-04 03:06:41 Run:2
Running from K:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====


Whats the next step? :)
 
Very well :)
We restored your computer to 8/28 so we must re-run some scans to see what's going on.

First of all create fresh restore point (IMPORTANT!).

Then....

Re-run MBAM (update it first), RogueKiller and aswMBR.
Post all three logs.
 
Okay here is the MBAM log and the RKiller.log, aswMBR takes its time to download the definitions (14kb/s, got 16mbits...):

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
DJDany :: DJDANY-PC [administrator]

04.09.2012 03:24:09
mbam-log-2012-09-04 (03-24-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231146
Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RKiller.log

RogueKiller V8.0.2 [08/31/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normal Modus
Benutzer : DJDany [Admin Rechte]
Funktion : Scannen -- Datum : 09/04/2012 03:29:30

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 5 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{ED8E083E-C468-424C-A6F0-4C44822C9E7E} : NameServer (169.254.145.1) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND
[RUN][BLACKLIST DLL] [ON_E:]HKLM\Software[...]\Run : c4011b78 (rundll32.exe "C:\WINDOWS\system32\siefihlm.dll",b) -> FAND

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion : ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1213N ATA Device +++++
--- User ---
[MBR] d8986dfd596392b6ac3717315e513d4c
[BSP] b3db800ad553731c1454b66c5c65b5db : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 107910 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 220999968 | Size: 6588 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SP2504C SCSI Disk Device +++++
--- User ---
[MBR] 50fd70bf23261b4ad6dd27873dca62f5
[BSP] fde53e3f7121d02b9b3ea6782f9b552d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ST316002 3AS SCSI Disk Device +++++
--- User ---
[MBR] 954fddb065eb9a18544211895c9eeae8
[BSP] 431f8c55ef2f060dc83e7fdbc2c64fd0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD10 01FALS-00J7B SCSI Disk Device +++++
--- User ---
[MBR] 5cf435ff54582a370e7dee25f5bf543a
[BSP] 47d5e137e6c2707ecdf95df47f0f5208 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 480004 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 983049480 | Size: 350002 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1699853715 | Size: 123860 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: JetFlash Transcend 2GB USB Device +++++
--- User ---
[MBR] 02b0428f470414ee3c32ae94fa36a5a8
[BSP] e1b6546b754dac1a850095bd1d624e14 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 1922 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


I'll post the aswMBR log as soon as it finished!
 
Okay so aswMBR crashed again but I saved a log before it could crash (Always crashes at Microsoft Visual Studio):

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-04 03:39:12
-----------------------------
03:39:12.526 OS Version: Windows x64 6.1.7600
03:39:12.526 Number of processors: 4 586 0xF07
03:39:12.526 ComputerName: DJDANY-PC UserName: DJDany
03:39:13.737 Initialize success
03:39:17.872 AVAST engine defs: 12090301
03:39:18.997 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
03:39:18.997 Disk 0 Vendor: SAMSUNG_SP1213N TL100-30 Size: 114498MB BusType: 3
03:39:18.997 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007f
03:39:18.997 Disk 1 Vendor: SAMSUNG_ VT10 Size: 238418MB BusType: 3
03:39:19.004 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000080
03:39:19.004 Disk 2 Vendor: ST316002 3.00 Size: 152627MB BusType: 3
03:39:19.004 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\00000081
03:39:19.012 Disk 3 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
03:39:19.036 Disk 3 MBR read successfully
03:39:19.036 Disk 3 MBR scan
03:39:19.043 Disk 3 Windows 7 default MBR code
03:39:19.043 Disk 3 Partition 1 00 07 HPFS/NTFS NTFS 480004 MB offset 63
03:39:19.059 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 350002 MB offset 983049480
03:39:19.083 Disk 3 Partition 3 00 07 HPFS/NTFS NTFS 123860 MB offset 1699853715
03:39:19.098 Disk 3 scanning C:\Windows\system32\drivers
03:39:26.958 Service scanning
03:39:44.603 Modules scanning
03:39:44.603 Disk 3 trace - called modules:
03:39:44.626 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80065082c0]<<spwj.sys storport.sys hal.dll nvstor64.sys
03:39:44.634 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8006927060]
03:39:44.634 3 CLASSPNP.SYS[fffff88001ab543f] -> nt!IofCallDriver -> [0xfffffa8006676b20]
03:39:44.642 5 ACPI.sys[fffff88000f84781] -> nt!IofCallDriver -> \Device\00000081[0xfffffa80066778b0]
03:39:44.650 \Driver\nvstor64[0xfffffa800665e900] -> IRP_MJ_CREATE -> 0xfffffa80065082c0
03:39:45.783 AVAST engine scan C:\Windows
03:39:47.346 AVAST engine scan C:\Windows\system32
03:41:02.951 Disk 3 MBR has been saved successfully to "C:\Users\DJDany\Documents\MBR.dat"
03:41:02.958 The log file has been saved successfully to "C:\Users\DJDany\Documents\aswMBR.txt"


And I created a fresh restore point! So this is saved :)
 
Back