Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   bitte hilfe bluescrenn und gvo6 und mehr ! (https://www.trojaner-board.de/142423-bitte-hilfe-bluescrenn-gvo6-mehr.html)

Hilfe1337 06.10.2013 17:06
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 06-10-2013 18:05:00
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx

========================== Services (Whitelisted) =================

R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:49 - 2013-10-06 17:48 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:17 - 2013-10-06 17:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:01 - 2013-10-05 21:48 - 00000000 ____D C:\Qoobox
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 12:39 - 2013-10-05 21:30 - 00000000 ____D C:\Windows\erdnt
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-06 17:52 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-05 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:36 - 2013-10-05 21:07 - 00000000 ____D C:\Windows\Minidump
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

==================== One Month Modified Files and Folders =======

2013-10-06 18:04 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:58 - 2008-01-21 03:35 - 01868289 _____ C:\Windows\WindowsUpdate.log
2013-10-06 17:56 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-06 17:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-06 17:54 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 17:54 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-06 17:54 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 17:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 17:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 17:53 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 17:52 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:52 - 2013-07-07 21:55 - 00001039 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 17:52 - 2010-11-01 17:17 - 00000937 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:48 - 2013-10-06 17:49 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:42 - 2013-07-03 21:34 - 00649840 _____ C:\Windows\PFRO.log
2013-10-06 17:39 - 2011-12-10 11:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:18 - 2013-10-06 17:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-06 16:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:48 - 2013-10-05 21:01 - 00000000 ____D C:\Qoobox
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-05 21:30 - 2013-10-05 12:39 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:22 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:21 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~3.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 30146560 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:07 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-05 21:07 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-04.dmp
2013-10-05 21:05 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-05 21:03 - 2010-11-01 17:17 - 00001356 _____ C:\Users\ejub\AppData\Local\d3d9caps.dat
2013-10-05 20:59 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-03.dmp
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 14:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-02.dmp
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 14:46 - 2013-07-12 01:21 - 00000000 ____D C:\Users\ejub\.gimp-2.8
2013-10-05 14:42 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 12:41 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100513-01.dmp
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:22 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\DUMP4ca8.tmp
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-29 22:30 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest

Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe


Some content of TEMP:
====================
C:\Users\ejub\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 18:00

==================== End Of Log ============================
--- --- ---

schrauber 06.10.2013 17:07
hab schon neues gepostet :)

Hilfe1337 06.10.2013 20:55
Zitat:
Zitat von schrauber (Beitrag 1169947)
hab schon neues gepostet :)
ja bin dabei xD ist noch am scannen 30min schon hehe aber ist alles wieder top ;)

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8951bca3d3c785469f5004746e08e0a6
# engine=15377
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 07:44:09
# local_time=2013-10-06 09:44:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 209148 218621377 0 0
# scanned=408747
# found=9
# cleaned=0
# scan_time=12717
sh=F180DEFA96A16DA39C7989A35BF5631B59C3DBBB ft=1 fh=bf6c06fa3ebb6603 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo Layers Runtime\YontooIEClient.dll.vir"
sh=8CE70DB13017AC7112DA5DD0A4B853D9C617358B ft=1 fh=b6e6b3580a4ee9d9 vn="a variant of MSIL/Spy.Agent.JG trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\832f5e4c.exe.vir"
sh=95DD45C0966FA25A8A75E2F390AEE3B10A19CF1E ft=1 fh=ce3815a1d01ac32a vn="a variant of MSIL/Injector.BVP trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\bs_stealth.exe.vir"
sh=8CE70DB13017AC7112DA5DD0A4B853D9C617358B ft=1 fh=b6e6b3580a4ee9d9 vn="a variant of MSIL/Spy.Agent.JG trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\832f5e4c\832f5e4c.exe.vir"
sh=5E48D5242891A2D5F7239E0DB68030965979D48F ft=1 fh=133bc6aa5161ec53 vn="a variant of MSIL/Kryptik.NU trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\ejub\AppData\Roaming\Microsoft\taskmsg.exe.vir"
sh=22F2232BAD12325DE295BC0D973B45316CD2C784 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\ejub\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\34e9bf95-5f02af15"
sh=E326A7A2700069105AC6653865FD4A1C0F1FB705 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Obfus.A trojan" ac=I fn="C:\Users\ejub\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\666743f8-24a429ed"
sh=6A4F558B7157DE07CAC08311D842C26754AC38BD ft=1 fh=639c288a0bd481d5 vn="multiple threats" ac=I fn="C:\Users\ejub\Downloads\PageRage-SilentInstaller.exe"
sh=8F9C4F28547D973B381456E23A3C5684809EEBF8 ft=0 fh=0000000000000000 vn="Win32/Adware.OneStep.CF application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3EOE3I1\upgrade[1].cab"
hier von checkup UNSUPPORTED OPERATING SYSTEM! ABORTED!
was heißt das?


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 06-10-2013 21:54:12
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx

========================== Services (Whitelisted) =================

R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:49 - 2013-10-06 17:48 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:17 - 2013-10-06 17:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:01 - 2013-10-05 21:48 - 00000000 ____D C:\Qoobox
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 12:39 - 2013-10-05 21:30 - 00000000 ____D C:\Windows\erdnt
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-06 17:52 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-05 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:36 - 2013-10-05 21:07 - 00000000 ____D C:\Windows\Minidump
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

==================== One Month Modified Files and Folders =======

2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 20:55 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-10-06 19:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 19:54 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-06 18:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:04 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 18:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:58 - 2008-01-21 03:35 - 01868385 _____ C:\Windows\WindowsUpdate.log
2013-10-06 17:56 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-06 17:56 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-06 17:54 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 17:54 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-06 17:54 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-06 17:53 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-06 17:52 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:52 - 2013-07-07 21:55 - 00001039 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 17:52 - 2010-11-01 17:17 - 00000937 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:48 - 2013-10-06 17:49 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:42 - 2013-07-03 21:34 - 00649840 _____ C:\Windows\PFRO.log
2013-10-06 17:39 - 2011-12-10 11:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:18 - 2013-10-06 17:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:48 - 2013-10-05 21:01 - 00000000 ____D C:\Qoobox
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-05 21:30 - 2013-10-05 12:39 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:22 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:21 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~3.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 30146560 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:07 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-05 21:07 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-04.dmp
2013-10-05 21:05 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-05 21:03 - 2010-11-01 17:17 - 00001356 _____ C:\Users\ejub\AppData\Local\d3d9caps.dat
2013-10-05 20:59 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-03.dmp
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 14:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-02.dmp
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 14:46 - 2013-07-12 01:21 - 00000000 ____D C:\Users\ejub\.gimp-2.8
2013-10-05 14:42 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 12:41 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100513-01.dmp
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:22 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\DUMP4ca8.tmp
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest

Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe


Some content of TEMP:
====================
C:\Users\ejub\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-06 18:00

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 07.10.2013 09:43
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw
C:\Windows\system32\Windupdt
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Frisches FRST log bitte.

Hilfe1337 07.10.2013 20:30
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by ejub at 2013-10-07 12:54:56 Run:1
Running from C:\Users\ejub\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Gast.ejub-PC\...\Run: [{92DF5512-F4E9-2934-45D4-5057384EB3F5}] - C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw\usid.exe
HKU\Gast.ejub-PC\...\Run: [winupdater] - C:\Windows\system32\Windupdt\winupdate.exe
HKU\Gast.ejub-PC\...\Policies\system: [DisableTaskMgr] 1
HKU\Gast.ejub-PC\...\Policies\system: [DisableRegistryTools] 1
C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw
C:\Windows\system32\Windupdt
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8555
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 8555
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 8555
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8555
FF NetworkProxy: "type", 0
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]
S3 XDva398; \??\C:\Windows\system32\XDva398.sys [x]
S3 XDva399; \??\C:\Windows\system32\XDva399.sys [x]
S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
       
*****************

HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Run\\{92DF5512-F4E9-2934-45D4-5057384EB3F5} => Value deleted successfully.
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Run\\winupdater => Value deleted successfully.
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => Value deleted successfully.
HKU\Gast.ejub-PC\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
"C:\Users\Gast.ejub-PC\AppData\Roaming\Odaw" => File/Directory not found.
"C:\Windows\system32\Windupdt" => File/Directory not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
XDva397 => Service deleted successfully.
XDva398 => Service deleted successfully.
XDva399 => Service deleted successfully.
XDva400 => Service deleted successfully.
XDva401 => Service deleted successfully.
XDva403 => Service deleted successfully.
XDva404 => Service deleted successfully.
XDva405 => Service deleted successfully.
xhunter1 => Service deleted successfully.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by ejub (administrator) on EJUB-PC on 07-10-2013 13:11:19
Running from C:\Users\ejub\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\system32\mqsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9808488 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [4StoryPrePatch] - C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe [327680 2012-11-29] (Zemi Interactive Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RoccatIsku] - C:\Program Files\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ShowDriveLettersFirst] 4
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [EnableLUA] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Gast.ejub-PC\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKU\Gast.ejub-PC\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Gast.ejub-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2012-03-08] (Microsoft Corporation)
HKU\Gast.ejub-PC\...\Run: [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\Gast.ejub-PC\...\Run: [Exetender] - "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Gast.ejub-PC\...\Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\Gast.ejub-PC\...\Policies\system: [EnableLUA] 0
HKU\gast2\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C15CDED7290CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {FB291D82-6B3F-4A51-9A75-1B9E9C4E1ED9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\ejub\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\entrusted-customized-web-search.xml
FF SearchPlugin: C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}
FF Extension: No Name - C:\Users\ejub\AppData\Roaming\Mozilla\Firefox\Profiles\z069vy7q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR Extension: (Skype Click to Call) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ejub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.3.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx

========================== Services (Whitelisted) =================

R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1612112 2013-10-01] (LogMeIn Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2013-08-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [125952 2009-04-11] (Microsoft Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4670000 2012-08-06] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-03-04] ()

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-12] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-02-01] (Eugene V. Muzychenko)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [126976 2008-01-21] (Microsoft Corporation)
R3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30816 2008-11-26] (Intel Corporation )
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-22] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-07 12:58 - 2013-10-07 12:58 - 00448512 _____ (OldTimer Tools) C:\Users\ejub\Desktop\TFC.exe
2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:49 - 2013-10-06 17:48 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:19 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-06 17:17 - 2013-10-06 17:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 21:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 21:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 21:01 - 2013-10-05 21:48 - 00000000 ____D C:\Qoobox
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 12:39 - 2013-10-05 21:30 - 00000000 ____D C:\Windows\erdnt
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-01 23:55 - 2013-10-06 17:52 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-10-01 17:17 - 2010-04-05 22:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-01 14:13 - 2013-10-05 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 18:05 - 2013-09-30 23:58 - 00000000 _____ C:\dfu.log
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-21 15:29 - 2013-09-22 01:16 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:36 - 2013-10-05 21:07 - 00000000 ____D C:\Windows\Minidump
2013-09-12 23:44 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:44 - 2013-08-01 12:21 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 23:44 - 2013-08-01 12:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 23:44 - 2013-08-01 12:18 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 06016512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 23:44 - 2013-08-01 12:16 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 23:44 - 2013-08-01 12:15 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-12 23:44 - 2013-08-01 12:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 23:44 - 2013-08-01 12:13 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-12 23:44 - 2013-08-01 10:37 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-12 23:44 - 2013-08-01 08:56 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 23:44 - 2013-08-01 08:56 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 23:44 - 2013-08-01 08:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-12 23:44 - 2013-08-01 08:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 23:44 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

==================== One Month Modified Files and Folders =======

2013-10-07 13:10 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\inetsrv
2013-10-07 13:09 - 2013-08-09 20:01 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn Hamachi
2013-10-07 13:08 - 2013-07-07 21:54 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 13:08 - 2010-11-25 08:21 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-07 13:08 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 13:08 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 13:08 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 13:07 - 2008-01-21 03:35 - 01889959 _____ C:\Windows\WindowsUpdate.log
2013-10-07 13:07 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-07 13:06 - 2013-07-07 21:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 12:58 - 2013-10-07 12:58 - 00448512 _____ (OldTimer Tools) C:\Users\ejub\Desktop\TFC.exe
2013-10-07 12:43 - 2012-10-12 05:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-07 12:28 - 2013-07-03 21:34 - 00650638 _____ C:\Windows\PFRO.log
2013-10-07 00:50 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-06 21:51 - 2013-10-06 21:51 - 00891167 _____ C:\Users\ejub\Desktop\SecurityCheck.exe
2013-10-06 20:55 - 2010-11-25 19:57 - 00000000 ____D C:\Users\ejub\AppData\Roaming\TS3Client
2013-10-06 18:08 - 2013-10-06 18:08 - 02347384 _____ (ESET) C:\Users\ejub\Downloads\esetsmartinstaller_enu.exe
2013-10-06 18:00 - 2013-10-06 18:00 - 00040145 _____ C:\Users\ejub\Desktop\JRT.txt
2013-10-06 17:58 - 2013-10-06 17:58 - 01032220 _____ (Thisisu) C:\Users\ejub\Desktop\JRT.exe
2013-10-06 17:58 - 2013-10-06 17:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-06 17:52 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-06 17:52 - 2013-07-07 21:55 - 00001039 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-06 17:52 - 2010-11-01 17:17 - 00000937 _____ C:\Users\ejub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-06 17:48 - 2013-10-06 17:49 - 01045226 _____ C:\Users\ejub\Desktop\adwcleaner.exe
2013-10-06 17:39 - 2011-12-10 11:57 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-06 17:19 - 2013-10-06 17:19 - 00000870 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Users\ejub\AppData\Roaming\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-06 17:19 - 2013-10-06 17:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-06 17:18 - 2013-10-06 17:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\ejub\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-05 22:20 - 2013-10-05 22:20 - 00000000 ____D C:\CFLog
2013-10-05 21:48 - 2013-10-05 21:48 - 00017888 _____ C:\ComboFix.txt
2013-10-05 21:48 - 2013-10-05 21:01 - 00000000 ____D C:\Qoobox
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-05 21:48 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-05 21:30 - 2013-10-05 12:39 - 00000000 ____D C:\Windows\erdnt
2013-10-05 21:22 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2013-10-05 21:21 - 2006-11-02 12:22 - 45088768 _____ C:\Windows\system32\config\software.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 41418752 _____ C:\Windows\system32\config\COMPON~3.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 30146560 _____ C:\Windows\system32\config\system.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 05242880 _____ C:\Windows\system32\config\default.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-10-05 21:21 - 2006-11-02 12:22 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-10-05 21:07 - 2013-09-19 02:36 - 00000000 ____D C:\Windows\Minidump
2013-10-05 21:07 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-04.dmp
2013-10-05 21:05 - 2013-06-27 12:56 - 00000000 ____D C:\Users\ejub\Tracing
2013-10-05 21:03 - 2010-11-01 17:17 - 00001356 _____ C:\Users\ejub\AppData\Local\d3d9caps.dat
2013-10-05 20:59 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-03.dmp
2013-10-05 20:57 - 2013-10-05 20:57 - 05130782 ____R (Swearware) C:\Users\ejub\Desktop\ComboFix.exe
2013-10-05 14:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100513-02.dmp
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-05 14:47 - 2010-11-25 18:33 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-05 14:46 - 2013-07-12 01:21 - 00000000 ____D C:\Users\ejub\.gimp-2.8
2013-10-05 14:42 - 2013-10-01 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 12:41 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100513-01.dmp
2013-10-05 00:07 - 2013-10-05 00:07 - 00023670 _____ C:\Users\ejub\Downloads\Addition.txt
2013-10-03 19:13 - 2012-05-21 21:22 - 00000000 ____D C:\Users\ejub\Documents\Cross Fire
2013-10-03 12:46 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100313-01.dmp
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\Users\ejub\AppData\Local\LogMeIn
2013-10-02 22:51 - 2013-10-02 22:51 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-02 22:50 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-07.dmp
2013-10-02 22:09 - 2013-10-02 22:09 - 01087213 _____ (Farbar) C:\Users\ejub\Downloads\FRST.exe
2013-10-02 21:37 - 2013-10-02 21:37 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-10-02 21:36 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-06.dmp
2013-10-02 15:14 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini100213-05.dmp
2013-10-02 15:04 - 2013-10-02 15:04 - 00281896 _____ (Mozilla) C:\Users\ejub\Downloads\Firefox Setup Stub 24.0.exe
2013-10-02 15:04 - 2013-10-02 15:04 - 00000810 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-02 15:04 - 2013-10-02 15:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-02 15:03 - 2013-10-02 15:03 - 00000952 _____ C:\Users\ejub\Desktop\Continue Firefox Installation.lnk
2013-10-02 01:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-04.dmp
2013-10-02 01:16 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-03.dmp
2013-10-02 00:27 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-02.dmp
2013-10-02 00:24 - 2013-10-02 00:24 - 00000000 ____D C:\FRST
2013-10-02 00:22 - 2013-10-02 00:22 - 01953880 _____ (Farbar) C:\Users\ejub\Downloads\FRST64.exe
2013-10-02 00:04 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini100213-01.dmp
2013-10-01 23:55 - 2013-10-01 23:55 - 01045226 _____ C:\Users\ejub\Downloads\adwcleaner_3.0.0.6.exe
2013-10-01 17:19 - 2013-10-01 17:19 - 00002052 _____ C:\Windows\epplauncher.mif
2013-09-30 23:58 - 2013-09-28 18:05 - 00000000 _____ C:\dfu.log
2013-09-29 17:45 - 2010-12-05 20:50 - 00000000 ____D C:\Program Files\[Z-H-C]ScRipT V4
2013-09-29 10:46 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092913-01.dmp
2013-09-28 18:05 - 2013-09-28 18:05 - 00001723 _____ C:\Users\Public\Desktop\S.K.I.L.L. - Special Force 2.lnk
2013-09-28 18:04 - 2012-11-29 15:32 - 00000000 ____D C:\Users\ejub\Documents\Gameforge Live
2013-09-28 12:11 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092813-01.dmp
2013-09-28 00:37 - 2013-08-08 03:04 - 00000000 ____D C:\Users\ejub\Desktop\Cube World Cracked
2013-09-27 11:29 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092713-01.dmp
2013-09-26 22:35 - 2013-01-23 15:25 - 00000828 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2013-09-26 22:35 - 2012-11-29 15:31 - 00000000 ____D C:\Program Files\GameforgeLive
2013-09-26 22:33 - 2010-11-01 17:17 - 00000000 ____D C:\Users\ejub
2013-09-26 21:28 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-02.dmp
2013-09-26 16:26 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-25 22:19 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092513-02.dmp
2013-09-25 18:45 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092513-01.dmp
2013-09-24 17:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092413-01.dmp
2013-09-23 21:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-03.dmp
2013-09-23 12:43 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092313-02.dmp
2013-09-23 02:41 - 2013-09-23 02:41 - 00000000 ___RD C:\Users\ejub\Documents\Notes
2013-09-23 01:31 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092313-01.dmp
2013-09-22 01:16 - 2013-09-21 15:29 - 00157528 _____ C:\Users\ejub\AppData\Roaming\ejub.txt
2013-09-21 14:55 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini092113-03.dmp
2013-09-21 14:51 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-02.dmp
2013-09-21 14:06 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092113-01.dmp
2013-09-20 23:57 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-03.dmp
2013-09-20 22:30 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-02.dmp
2013-09-20 21:43 - 2012-10-12 05:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:43 - 2011-09-19 20:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 21:32 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 21:29 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-10.dmp
2013-09-19 16:37 - 2010-04-29 14:14 - 00147285 _____ C:\Windows\Minidump\Mini091913-09.dmp
2013-09-19 16:04 - 2013-08-12 00:32 - 00000000 ____D C:\Users\ejub\AppData\Roaming\.minecraft
2013-09-19 15:47 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-08.dmp
2013-09-19 15:41 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-07.dmp
2013-09-19 15:35 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-06.dmp
2013-09-19 13:33 - 2013-09-19 13:33 - 00000000 _____ C:\ProgramData\2d23263642223a_c
2013-09-19 12:48 - 2010-04-29 14:14 - 00147093 _____ C:\Windows\Minidump\Mini091913-05.dmp
2013-09-19 03:14 - 2010-04-29 14:14 - 00147221 _____ C:\Windows\Minidump\Mini091913-04.dmp
2013-09-19 03:03 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-03.dmp
2013-09-19 02:47 - 2013-09-19 02:47 - 01254900 _____ (Sophos Limited) C:\Users\ejub\Downloads\Sophos_Virus_Removal_Tool24.exe.part
2013-09-19 02:43 - 2010-04-29 14:14 - 00147189 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 02:36 - 2010-04-29 14:14 - 00147157 _____ C:\Windows\Minidump\Mini091913-01.dmp
2013-09-16 17:46 - 2006-11-02 14:47 - 00231016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 09:40 - 2013-08-15 20:35 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 09:37 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 21:56 - 2010-11-29 11:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-09 10:52 - 2013-01-07 20:14 - 00632656 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-09-09 10:52 - 2013-01-07 20:14 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest

Files to move or delete:
====================
C:\Users\ejub\13-4_vista_win7_win8_32_dd_ccc_whql.exe
C:\Users\ejub\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\ejub\ClarioN-ScripTV3(1).exe
C:\Users\ejub\dotnetfx45_full_x86_x64.exe
C:\Users\ejub\gimp-2-8-4-setup.exe
C:\Users\ejub\SCP-087-B.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-07 12:39

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

ist jetzt alles wieder sauber ?

schrauber 08.10.2013 08:51
Fertig :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hilfe1337 08.10.2013 11:28
vielen dank für die ganze hilfe schrauber sehr geiles forum hier :)

schrauber 09.10.2013 07:44
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:57 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130