Jump to content

SWM88

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

914 profile views
  1. The program found nothing. I cant post a log. This is the only information i can get: Malwarebytes Anti-Malware www.malwarebytes.org Protection, 22.04.2014 06:29:47, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2014 06:30:50, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Started, Protection, 22.04.2014 06:44:36, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopping, Protection, 22.04.2014 06:44:37, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopped, Protection, 22.04.2014 06:44:37, SYSTEM, ADMIN-PC, Protection, Malware Protection, Stopping, Protection, 22.04.2014 06:44:37, SYSTEM, ADMIN-PC, Protection, Malware Protection, Stopped, Protection, 22.04.2014 06:45:51, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2014 06:45:51, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Started, Update, 22.04.2014 06:46:11, SYSTEM, ADMIN-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 22.04.2014 06:46:15, SYSTEM, ADMIN-PC, Manual, Malware Database, 2014.3.4.9, 2014.4.22.1, Protection, 22.04.2014 06:46:15, SYSTEM, ADMIN-PC, Protection, Refresh, Starting, Protection, 22.04.2014 06:46:15, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopping, Protection, 22.04.2014 06:46:16, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Stopped, Protection, 22.04.2014 06:46:24, SYSTEM, ADMIN-PC, Protection, Refresh, Success, Protection, 22.04.2014 06:46:24, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Starting, Protection, 22.04.2014 06:46:24, SYSTEM, ADMIN-PC, Protection, Malicious Website Protection, Started, (end)
  2. I already uninstalled µTorrent. Here's the new log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02 Ran by Admin (administrator) on ADMIN-PC on 21-04-2014 14:27:12 Running from C:\Users\Admin\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe () C:\Windows\DAODx.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD) HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [Mobile Partner] => D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] () HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: E - "E:\Diablo III Setup.exe" HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: G - G:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {11d0d086-3275-11e2-8103-20cf3092b053} - H:\LGAutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {15f8f047-0a3f-11e3-aeeb-a8dac7a89c77} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {20840f13-1eda-11e3-a7f6-cfa5a7489e29} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0c8e-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0ca9-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {279b1066-d1a1-11e0-be7c-20cf3092b053} - F:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {284e8834-137f-11e3-808a-89daba781751} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d52-22f5-11e3-a2eb-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d91-22f5-11e3-a2eb-a0b43365dd2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {3696f653-e149-11e0-a98c-20cf3092b053} - G:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a86c-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a879-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a884-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a88f-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a894-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063d4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063f4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb31a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb345-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb35a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {500c9ee0-d2da-11df-842a-806e6f6e6963} - E:\setup.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e738ca-14b6-11e3-87b4-b49057f69231} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73929-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73934-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7d6ff44f-181f-11e3-9b39-be42a6262c2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7ecde6c3-d2d8-11df-9c48-806e6f6e6963} - E:\Launch.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {86a557d7-0cc5-11e3-a9e0-c1ccd0af8704} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {9b744473-07c1-11e1-b1ec-20cf3092b053} - G:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b3a61115-13e2-11e3-b660-99b2a4e7fe53} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69d5-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69f1-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d4d08413-90a1-11e0-adc2-20cf3092b053} - F:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d651983c-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d6519847-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {dbea53c3-4580-11e3-ac41-20cf3092b053} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb1fc-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb214-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb232-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2b6-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2c4-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2d0-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f056648e-593e-11e0-b1bb-20cf3092b053} - F:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f2c0fae1-1581-11e3-ab60-b9c730ea1479} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f439eaad-145e-11e3-9133-a0a9361b4322} - F:\AutoRun.exe IFEO\ccleaner64.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\nusb3utl.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\uninst.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=http://127.0.0.1:9880 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC82E533625EFCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{138FB2CB-AA09-4F9E-8B76-96C785947EFE}: [NameServer]194.48.139.254 194.48.124.200 Tcpip\..\Interfaces\{98158FD1-7547-4DC3-8D55-C80CC96EE5E5}: [NameServer]194.48.128.199 194.48.139.254 Tcpip\..\Interfaces\{A4037DDA-029B-4029-96F1-5A6D26DB6855}: [NameServer]194.48.128.199 194.48.139.254 Tcpip\..\Interfaces\{D93CAB26-3943-4D3E-9B86-45352821D63C}: [NameServer]194.48.139.254 194.48.124.200 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\user.js FF SelectedSearchEngine: Google FF Homepage: about:home FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Heroes Updater - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldheroespatcher@ea.com [2012-01-28] FF Extension: Battlefield Play4Free - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldplay4free@ea.com [2012-04-01] FF Extension: Google Docs Viewer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\adonis.cuhk@gmail.com.xpi [2012-09-18] FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\firefox@ghostery.com.xpi [2013-08-03] FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\personas@christopher.beard.xpi [2012-01-24] FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-24] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10] FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-07-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; D:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) S4 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904 2014-02-20] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-04] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) S4 TeamViewer9; D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4915040 2014-02-17] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.) S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-24] (Google Inc) S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.) S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated) R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.) S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X] S3 DNIMp50a64; System32\Drivers\DNIMp50a64.sys [X] S3 DNISp50a64; System32\Drivers\DNISp50a64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 14:26 - 2014-04-21 14:27 - 00022175 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-21 14:25 - 2014-04-21 14:25 - 02056704 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-04-20 05:12 - 2014-04-20 05:32 - 184122242 _____ () C:\Users\Admin\Downloads\testavi.avi 2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log 2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe 2014-04-16 08:34 - 2014-04-21 14:27 - 00000000 ____D () C:\FRST 2014-04-16 07:41 - 2014-04-16 07:42 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log 2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 05:02 - 2014-04-21 04:15 - 00001120 _____ () C:\Windows\setupact.log 2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-16 04:54 - 2014-04-21 09:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 04:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 04:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 04:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST 2014-04-15 23:55 - 2014-04-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Pirrit 2014-04-14 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-14 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-14 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-14 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-14 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-14 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-14 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-14 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-14 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-14 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-14 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-14 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-14 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-14 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-14 03:00 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-14 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-14 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-14 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-14 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-14 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-14 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-14 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-14 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-14 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-14 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-14 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-14 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-14 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-14 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-14 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-14 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-14 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-14 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-14 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-14 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-14 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-14 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-14 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-14 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-14 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-14 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-14 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-14 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-14 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-14 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-14 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-14 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-14 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt 2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip 2014-04-09 20:27 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 20:27 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 20:27 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 20:27 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 20:27 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 20:27 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 20:27 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3 ==================== One Month Modified Files and Folders ======= 2014-04-21 14:27 - 2014-04-21 14:26 - 00022175 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-21 14:27 - 2014-04-16 08:34 - 00000000 ____D () C:\FRST 2014-04-21 14:25 - 2014-04-21 14:25 - 02056704 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-04-21 09:15 - 2014-04-16 04:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-21 04:28 - 2010-10-10 14:25 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-21 04:24 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 04:24 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 04:15 - 2014-04-16 05:02 - 00001120 _____ () C:\Windows\setupact.log 2014-04-21 04:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 19:09 - 2012-03-06 10:20 - 01108687 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 16:35 - 2012-01-07 12:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Paint.NET 2014-04-20 05:37 - 2012-06-26 19:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2014-04-20 05:32 - 2014-04-20 05:12 - 184122242 _____ () C:\Users\Admin\Downloads\testavi.avi 2014-04-19 10:44 - 2010-10-10 13:42 - 00002878 _____ () C:\Windows\System32\Tasks\{55FFC241-A927-4FEF-B898-D45E30517C06} 2014-04-18 02:49 - 2010-10-10 13:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2014-04-17 10:03 - 2012-04-30 02:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2014-04-16 19:37 - 2013-05-15 04:02 - 00000000 ____D () C:\Windows\rescache 2014-04-16 09:22 - 2013-06-25 21:56 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log 2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe 2014-04-16 07:42 - 2014-04-16 07:41 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log 2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 04:39 - 2012-04-16 21:02 - 00000000 ____D () C:\Windows\pss 2014-04-16 03:58 - 2011-07-21 15:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-16 03:57 - 2010-10-08 15:34 - 00000000 ____D () C:\Windows\Panther 2014-04-16 03:56 - 2010-10-10 13:57 - 00000000 ____D () C:\Windows\Minidump 2014-04-15 23:57 - 2010-10-08 14:40 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST 2014-04-15 23:56 - 2014-04-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Pirrit 2014-04-14 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-13 23:30 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-04-13 23:30 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-04-13 23:30 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt 2014-04-12 21:54 - 2011-07-12 01:12 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip 2014-04-09 20:30 - 2013-07-31 08:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:28 - 2010-10-08 15:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 18:16 - 2013-08-17 03:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-08 18:16 - 2010-10-10 13:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-04-03 09:51 - 2014-04-16 04:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 04:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-16 04:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 17:49 - 2010-10-26 10:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games 2014-03-31 09:35 - 2010-10-08 15:02 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-03-28 12:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3 2014-03-24 09:43 - 2013-08-21 07:57 - 00000000 ____D () C:\ProgramData\Package Cache ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-16 08:11 ==================== End Of Log ============================
  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 Ran by Admin at 2014-04-16 08:35:31 Running from C:\Users\Admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden AMD Fuel (Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.04.0000 - AMD) Hidden AMD System Monitor (HKLM-x32\...\{13EE03A3-7B77-47BC-9C42-B60576AB3A08}) (Version: 1.0.0 - Advanced Micro Devices, Inc.) AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Ihr Firmenname) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.) ATI AVIVO64 Codecs (Version: 11.1.0.50504 - ATI Technologies Inc.) Hidden ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts) BioShock 2 (x32 Version: 1.0.0003.131 - Take-Two Interactive Software) Hidden BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Debugging Tools for Windows (HKLM-x32\...\{1C943495-B69F-4D41-AE0E-23C57ECD90EE}) (Version: 6.4.7.2 - Microsoft Corporation) Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - ) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto Vice City (HKCU\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - ) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden LG United Mobile Drivers (HKLM-x32\...\{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}) (Version: 3.6.0.0 - LG Electronics) Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.00.801 - Huawei Technologies Co.,Ltd) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.13.22054 - Grinding Gear Games) Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games) PC Suite For Android Handset (HKLM-x32\...\PC Suite For Android Handset) (Version: 12.09.109.U8230D100SP03 - Huawei Technologies Co.,Ltd) Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.3 - NETGEAR) Raptr (HKLM-x32\...\Raptr) (Version: - ) Razer Lycosa (HKLM-x32\...\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}) (Version: 3.00.0000 - Razer USA Ltd.) Razer Megalodon Firmware Updater (HKLM-x32\...\{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}) (Version: 2.12.02 - Razer USA Ltd.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.15.209.2010 - Realtek) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10.1 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.143 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.143 - TuneUp Software) Hidden TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.20 - ) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Windows Driver Frameworks Update Packages (HKLM-x32\...\{42267A4D-9BDD-4B06-9FB7-2A7D7D5D6D6F}) (Version: 8.0.0.0 - Microsoft) Windows Driver Kit (HKLM-x32\...\{b30a945f-0808-4e62-adc1-827f8fbd259e}) (Version: 8.59.29757 - Microsoft Corporation) Windows Driver Kit (x32 Version: 8.59.29757 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WN111v2 (x32 Version: 3.0.0.3 - NETGEAR) Hidden World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.17128 - Blizzard Entertainment) World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: 0.0.0.0 - Blizzard Entertainment) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-04-16 03:52 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {00926A6A-BFC6-421A-BFFE-759A448E78E3} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe [2010-04-02] (ASUSTeK Computer Inc.) Task: {4F7202EC-ECDD-48F7-9C5A-1310DF981A38} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => D:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-10-12] (TuneUp Software) Task: {54111914-134D-4383-B7C1-4AE02AFEC3BE} - System32\Tasks\{55FFC241-A927-4FEF-B898-D45E30517C06} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {5AD5E2A9-3D94-43BE-9FDB-D964386D6C6F} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {66D55E1E-2C58-47A3-BC5D-37539239FF97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {E257F55C-BE05-48C2-9514-8C13CD0A6D0E} - System32\Tasks\Razer_Game_Booster_AutoUpdate => D:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2013-08-19 15:09 - 2012-06-28 04:46 - 00655744 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe 2012-01-28 15:08 - 2013-11-04 14:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-10-12 03:29 - 2013-10-12 03:29 - 00757048 _____ () D:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe 2013-09-21 21:39 - 2012-08-06 09:08 - 00515072 _____ () D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe 2013-08-19 15:09 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2013-08-19 15:09 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2013-08-19 15:09 - 2010-07-23 06:58 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2013-08-19 15:09 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2013-08-19 15:09 - 2012-06-28 04:34 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2013-08-19 15:09 - 2010-02-10 16:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2010-10-09 14:27 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll 2010-10-09 14:27 - 2008-12-10 20:04 - 00253952 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00518144 _____ () D:\Program Files (x86)\Mobile Partner\core.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00286720 _____ () D:\Program Files (x86)\Mobile Partner\sdk.dll 2013-09-21 21:39 - 2010-07-23 06:58 - 02415104 _____ () D:\Program Files (x86)\Mobile Partner\QtCore4.dll 2013-09-21 21:39 - 2009-01-10 12:32 - 00011362 _____ () D:\Program Files (x86)\Mobile Partner\mingwm10.dll 2013-09-21 21:39 - 2009-06-22 20:42 - 00043008 _____ () D:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll 2013-09-21 21:39 - 2010-02-10 16:43 - 09515520 _____ () D:\Program Files (x86)\Mobile Partner\QtGui4.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00405504 _____ () D:\Program Files (x86)\Mobile Partner\Proxy.DLL 2013-09-21 21:39 - 2012-08-06 09:04 - 00628224 _____ () D:\Program Files (x86)\Mobile Partner\Common.dll 2013-09-21 21:39 - 2012-08-06 09:04 - 00157184 _____ () D:\Program Files (x86)\Mobile Partner\Trace.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00583168 _____ () D:\Program Files (x86)\Mobile Partner\PluginContainer.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00646144 _____ () D:\Program Files (x86)\Mobile Partner\AtCodec.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00729088 _____ () D:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00195584 _____ () D:\Program Files (x86)\Mobile Partner\XCodec.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00241152 _____ () D:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00164864 _____ () D:\Program Files (x86)\Mobile Partner\OSDialup.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00155136 _____ () D:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00177152 _____ () D:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00672768 _____ () D:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00219648 _____ () D:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00142336 _____ () D:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00157184 _____ () D:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00730624 _____ () D:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:04 - 00065536 _____ () D:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll 2013-09-21 21:39 - 2012-06-06 03:22 - 00155648 _____ () D:\Program Files (x86)\Mobile Partner\Win7Support.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 01124352 _____ () D:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00704000 _____ () D:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00187392 _____ () D:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00569344 _____ () D:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00158720 _____ () D:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00236032 _____ () D:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:04 - 00102400 _____ () D:\Program Files (x86)\Mobile Partner\OSAdapt.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00201216 _____ () D:\Program Files (x86)\Mobile Partner\NDISPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00131584 _____ () D:\Program Files (x86)\Mobile Partner\OSNDIS.dll 2013-09-21 21:39 - 2012-07-27 08:53 - 01114112 _____ () D:\Program Files (x86)\Mobile Partner\NDISAPI.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00702464 _____ () D:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00062976 _____ () D:\Program Files (x86)\Mobile Partner\OSCall.dll 2013-09-21 21:39 - 2012-06-06 03:22 - 00224256 _____ () D:\Program Files (x86)\Mobile Partner\tdpcvoice.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00581120 _____ () D:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll 2013-09-21 21:39 - 2010-02-10 16:06 - 00398336 _____ () D:\Program Files (x86)\Mobile Partner\QtXml4.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00168960 _____ () D:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00270848 _____ () D:\Program Files (x86)\Mobile Partner\XFramePlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00323584 _____ () D:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00359936 _____ () D:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:05 - 00592896 _____ () D:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00097792 _____ () D:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00117248 _____ () D:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:08 - 00119296 _____ () D:\Program Files (x86)\Mobile Partner\ConnectMgrUIPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00330752 _____ () D:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:07 - 00302592 _____ () D:\Program Files (x86)\Mobile Partner\DiagnosisPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:07 - 00493568 _____ () D:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00854528 _____ () D:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00818688 _____ () D:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll 2013-09-21 21:39 - 2012-08-06 09:06 - 00219648 _____ () D:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll 2013-09-21 21:39 - 2012-06-28 04:34 - 00694272 _____ () D:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL 2013-09-21 21:39 - 2010-02-10 16:10 - 01148416 _____ () D:\Program Files (x86)\Mobile Partner\QtNetwork4.dll 2013-09-21 21:39 - 2012-06-06 03:21 - 00082944 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll 2013-09-21 21:39 - 2012-06-06 03:21 - 00081920 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll 2013-09-21 21:39 - 2012-06-06 03:21 - 00192000 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll 2013-09-21 21:39 - 2012-06-06 03:21 - 00350720 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll 2013-09-21 21:39 - 2012-06-06 03:21 - 00370176 _____ () D:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll 2013-08-17 03:55 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-01-08 09:43 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll 2014-01-08 09:43 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll 2013-03-12 18:10 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2011-07-13 07:01 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2010-10-10 14:39 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-03-16 11:18 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-03-16 11:18 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-03-16 11:18 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2013-08-21 09:43 - 2012-06-28 04:45 - 01545088 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe 2013-08-19 15:09 - 2010-02-10 16:43 - 09515520 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtGui4.dll 2013-08-21 09:43 - 2012-06-06 03:21 - 00082944 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\plugins\imageformats\qgif4.dll 2013-08-21 09:43 - 2012-06-06 03:21 - 00081920 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\plugins\imageformats\qico4.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: Fax => 3 MSCONFIG\Services: PirritDesktop => 2 MSCONFIG\Services: PirritUpdater => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\startupreg: A1Webassistent => C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe /auto MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TAG_A1Dashboard.exe => C:\Program Files (x86)\A1 Dashboard\A1Dashboard.exe MSCONFIG\startupreg: TAG_A1Dashboard_Launcher.exe => C:\Program Files (x86)\A1 Dashboard\A1Dashboard_Launcher.exe MSCONFIG\startupreg: TurboV EVO => "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" MSCONFIG\startupreg: WinSATRestorePower => powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/16/2014 08:35:36 AM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] ist ein Fehler aufgetreten. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (04/16/2014 08:35:36 AM) (Source: VSS) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. ] Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (04/16/2014 08:28:20 AM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service) (User: ) Description: Fehler bei der Erfassung des authentischen Tickets (hr=0x80072EE7) für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f. Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service) (User: ) Description: Lizenzerwerb-Fehlerdetails. hr=0x80072EE7 Error: (04/16/2014 08:17:25 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 4.5.0.0, Zeitstempel: 0x51891507 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677 Ausnahmecode: 0xe0434352 Fehleroffset: 0x000000000000940d ID des fehlerhaften Prozesses: 0xa00 Startzeit der fehlerhaften Anwendung: 0xMOM.exe0 Pfad der fehlerhaften Anwendung: MOM.exe1 Pfad des fehlerhaften Moduls: MOM.exe2 Berichtskennung: MOM.exe3 Error: (04/16/2014 08:17:23 AM) (Source: .NET Runtime) (User: ) Description: Anwendung: MOM.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.Reflection.TargetInvocationException Stapel: bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[]) bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[]) bei ATI.ACE.MOM.EXE.MOM.Main(System.String[]) Error: (04/16/2014 08:15:39 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (04/16/2014 07:42:43 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0, Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x51f2569a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000010087607 ID des fehlerhaften Prozesses: 0x58c Startzeit der fehlerhaften Anwendung: 0xFuel.Service.exe0 Pfad der fehlerhaften Anwendung: Fuel.Service.exe1 Pfad des fehlerhaften Moduls: Fuel.Service.exe2 Berichtskennung: Fuel.Service.exe3 Error: (04/16/2014 04:40:34 AM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\msiexec.exe /V; Beschreibung = Removed WinDealist; Fehler = 0x80042302). System errors: ============= Error: (04/16/2014 07:42:45 AM) (Source: Service Control Manager) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (04/16/2014 07:42:18 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/16/2014 07:42:18 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (04/16/2014 07:42:14 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/16/2014 05:03:15 AM) (Source: NetBT) (User: ) Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte. Error: (04/16/2014 04:27:34 AM) (Source: NetBT) (User: ) Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte. Error: (04/15/2014 11:56:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinRST" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (04/15/2014 11:56:11 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PirritDesktop" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (04/15/2014 11:56:06 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "PirritUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (04/15/2014 05:55:10 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (04/16/2014 08:35:36 AM) (Source: VSS)(User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (04/16/2014 08:35:36 AM) (Source: VSS)(User: ) Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Vorgang: Für diesen Anbieter eine aufrufbare Schnittstelle abrufen Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen Schattenkopien abfragen Kontext: Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshotkontext: 13 Snapshotkontext: 13 Ausführungskontext: Coordinator Error: (04/16/2014 08:28:20 AM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service)(User: ) Description: hr=0x80072EE766c92734-d682-4d71-983e-d6ec3f16059f Error: (04/16/2014 08:20:26 AM) (Source: Software Protection Platform Service)(User: ) Description: hr=0x80072EE700010001(0x00000000, 08:20:26:285 - http://go.microsoft.com) 00030002(0x00000000, 08:20:26:379 - 0) 00040001(0x00000000, 08:20:26:379 - http://go.microsoft.com) 00040002(0x00000000, 08:20:26:566 - 1, <NULL>, <NULL>, <NULL>) 00040004(0x80072F94, 08:20:26:800 - <NULL>) 00040006(0x00000000, 08:20:26:800 - 1, http://go.microsoft.com, <NULL>, <local>) 00020005(0x00000000, 08:20:26:800 - 0) 00020007(0x80072EE7, 08:20:26:800) 00010002(0x80072EE7, 08:20:26:800 - <NULL>) 00010003(0x80072EE7, 08:20:26:800) Error: (04/16/2014 08:17:25 AM) (Source: Application Error)(User: ) Description: MOM.exe4.5.0.051891507KERNELBASE.dll6.1.7601.1822951fb1677e0434352000000000000940da0001cf593b851e72b5C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\KERNELBASE.dllc6a42931-c52e-11e3-89c5-20cf3092b053 Error: (04/16/2014 08:17:23 AM) (Source: .NET Runtime)(User: ) Description: Anwendung: MOM.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.Reflection.TargetInvocationException Stapel: bei System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[]) bei System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo) bei System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[]) bei ATI.ACE.MOM.EXE.MOM.Main(System.String[]) Error: (04/16/2014 08:15:39 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8 Error: (04/16/2014 07:42:43 AM) (Source: Application Error)(User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll_unloaded0.0.0.051f2569ac0000005000000001008760758c01cf59369ef0bbe5C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeDevice.dlledb5cf64-c529-11e3-89c5-20cf3092b053 Error: (04/16/2014 04:40:34 AM) (Source: System Restore)(User: ) Description: C:\Windows\system32\msiexec.exe /VRemoved WinDealist0x80042302 ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 4094.18 MB Available physical RAM: 2546.79 MB Total Pagefile: 8188.36 MB Available Pagefile: 6020.49 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:77.6 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:81.89 GB) NTFS Drive e: (D3C1.0.0) (CDROM) (Total:7.66 GB) (Free:0 GB) UDF Drive f: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 714A9E11) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  4. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Admin (administrator) on ADMIN-PC on 17-04-2014 00:58:11 Running from C:\Users\Admin\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe () C:\Windows\DAODx.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe () D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe (Valve Corporation) C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-20\...\Run: [sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-05-04] (AMD) HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\Run: [Mobile Partner] => D:\Program Files (x86)\Mobile Partner\Mobile Partner.exe [515072 2012-08-06] () HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: E - "E:\Diablo III Setup.exe" HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: G - G:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {11d0d086-3275-11e2-8103-20cf3092b053} - H:\LGAutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {15f8f047-0a3f-11e3-aeeb-a8dac7a89c77} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {20840f13-1eda-11e3-a7f6-cfa5a7489e29} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0c8e-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {24fb0ca9-1824-11e3-833a-91a3279bb32f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {279b1066-d1a1-11e0-be7c-20cf3092b053} - F:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {284e8834-137f-11e3-808a-89daba781751} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d52-22f5-11e3-a2eb-806e6f6e6963} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {34ca5d91-22f5-11e3-a2eb-a0b43365dd2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {3696f653-e149-11e0-a98c-20cf3092b053} - G:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a86c-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a879-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a884-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a88f-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {43b5a894-138f-11e3-96a0-871d381bee6f} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063d4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {47b063f4-1edb-11e3-adf3-ec3d660cca2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb31a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb345-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {4ecfb35a-0a2c-11e3-8e96-bcb528037870} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {500c9ee0-d2da-11df-842a-806e6f6e6963} - E:\setup.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e738ca-14b6-11e3-87b4-b49057f69231} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73929-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {53e73934-14b6-11e3-87b4-8ca190478b16} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7d6ff44f-181f-11e3-9b39-be42a6262c2c} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {7ecde6c3-d2d8-11df-9c48-806e6f6e6963} - E:\Launch.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {86a557d7-0cc5-11e3-a9e0-c1ccd0af8704} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {9b744473-07c1-11e1-b1ec-20cf3092b053} - G:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b3a61115-13e2-11e3-b660-99b2a4e7fe53} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69d5-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {b47e69f1-17e4-11e3-ab07-e447f8139a14} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d4d08413-90a1-11e0-adc2-20cf3092b053} - F:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d651983c-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {d6519847-181d-11e3-86b0-d40f997cba6b} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {dbea53c3-4580-11e3-ac41-20cf3092b053} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb1fc-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb214-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb232-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2b6-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2c4-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {e5afb2d0-08cf-11e3-a31c-8d5a85e1683a} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f056648e-593e-11e0-b1bb-20cf3092b053} - F:\PcOptions.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f2c0fae1-1581-11e3-ab60-b9c730ea1479} - F:\AutoRun.exe HKU\S-1-5-21-4265403288-2499944042-4284603429-1000\...\MountPoints2: {f439eaad-145e-11e3-9133-a0a9361b4322} - F:\AutoRun.exe IFEO\ccleaner64.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\nusb3utl.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\uninst.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=http://127.0.0.1:9880 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC82E533625EFCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{138FB2CB-AA09-4F9E-8B76-96C785947EFE}: [NameServer]194.48.139.254 194.48.124.200 Tcpip\..\Interfaces\{98158FD1-7547-4DC3-8D55-C80CC96EE5E5}: [NameServer]194.48.128.199 194.48.139.254 Tcpip\..\Interfaces\{A4037DDA-029B-4029-96F1-5A6D26DB6855}: [NameServer]194.48.139.254 194.48.128.199 Tcpip\..\Interfaces\{D93CAB26-3943-4D3E-9B86-45352821D63C}: [NameServer]194.48.139.254 194.48.124.200 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\user.js FF SelectedSearchEngine: Google FF Homepage: about:home FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Heroes Updater - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldheroespatcher@ea.com [2012-01-28] FF Extension: Battlefield Play4Free - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\battlefieldplay4free@ea.com [2012-04-01] FF Extension: Google Docs Viewer - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\adonis.cuhk@gmail.com.xpi [2012-09-18] FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\firefox@ghostery.com.xpi [2013-08-03] FF Extension: Personas Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\personas@christopher.beard.xpi [2012-01-24] FF Extension: NoScript - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-24] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10] FF Extension: DownThemAll! - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wxnjc1td.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-07-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-10-25] ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) S2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; D:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655744 2012-06-28] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) S4 PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [59904 2014-02-20] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-04] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) S4 TeamViewer9; D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4915040 2014-02-17] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-12] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2011-09-16] (LG Electronics Inc.) S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-24] (Google Inc) S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.) R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.) S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA)) S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.) S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-04] (QUALCOMM Incorporated) R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.) S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X] S3 DNIMp50a64; System32\Drivers\DNIMp50a64.sys [X] S3 DNISp50a64; System32\Drivers\DNISp50a64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-17 00:58 - 2014-04-17 00:58 - 00022358 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log 2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe 2014-04-16 08:35 - 2014-04-16 08:36 - 00048873 _____ () C:\Users\Admin\Downloads\Addition.txt 2014-04-16 08:34 - 2014-04-17 00:58 - 00000000 ____D () C:\FRST 2014-04-16 08:34 - 2014-04-16 08:36 - 00044834 _____ () C:\Users\Admin\Downloads\FRST.txt 2014-04-16 08:33 - 2014-04-16 08:33 - 02054144 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-04-16 07:41 - 2014-04-16 07:42 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log 2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 05:02 - 2014-04-16 23:59 - 00000280 _____ () C:\Windows\setupact.log 2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-16 04:54 - 2014-04-16 20:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 04:53 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 04:53 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 04:53 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-16 04:52 - 2014-04-16 04:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST 2014-04-15 23:55 - 2014-04-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Pirrit 2014-04-14 03:01 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-14 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-14 03:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-14 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-14 03:01 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-14 03:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-14 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-14 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-14 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-14 03:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-14 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-14 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-14 03:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-14 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-14 03:00 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-14 03:00 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-14 03:00 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-14 03:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-14 03:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-14 03:00 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-14 03:00 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-14 03:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-14 03:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-14 03:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-14 03:00 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-14 03:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-14 03:00 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-14 03:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-14 03:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-14 03:00 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-14 03:00 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-14 03:00 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-14 03:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-14 03:00 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-14 03:00 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-14 03:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-14 03:00 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-14 03:00 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-14 03:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-14 03:00 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-14 03:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-14 03:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-14 03:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-14 03:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-14 03:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-14 03:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-14 03:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-14 03:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt 2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip 2014-04-09 20:27 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 20:27 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 20:27 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 20:27 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 20:27 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 20:27 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 20:27 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 20:27 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3 ==================== One Month Modified Files and Folders ======= 2014-04-17 00:59 - 2014-04-17 00:58 - 00022358 _____ () C:\Users\Admin\Desktop\FRST.txt 2014-04-17 00:58 - 2014-04-16 08:34 - 00000000 ____D () C:\FRST 2014-04-16 23:59 - 2014-04-16 05:02 - 00000280 _____ () C:\Windows\setupact.log 2014-04-16 23:59 - 2010-10-10 14:25 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-16 20:02 - 2014-04-16 04:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 19:37 - 2013-05-15 04:02 - 00000000 ____D () C:\Windows\rescache 2014-04-16 09:22 - 2013-06-25 21:56 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-04-16 09:16 - 2014-04-16 09:16 - 00009644 _____ () C:\Users\Admin\Desktop\hijackthis.log 2014-04-16 08:56 - 2014-04-16 08:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\Admin\Desktop\HijackThis.exe 2014-04-16 08:52 - 2012-03-06 10:20 - 02010477 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 08:36 - 2014-04-16 08:35 - 00048873 _____ () C:\Users\Admin\Downloads\Addition.txt 2014-04-16 08:36 - 2014-04-16 08:34 - 00044834 _____ () C:\Users\Admin\Downloads\FRST.txt 2014-04-16 08:33 - 2014-04-16 08:33 - 02054144 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe 2014-04-16 08:25 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 08:25 - 2009-07-14 06:45 - 00015024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 07:42 - 2014-04-16 07:41 - 00293064 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-16 07:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 07:41 - 2014-04-16 07:41 - 00010476 _____ () C:\Windows\PFRO.log 2014-04-16 05:31 - 2010-10-10 13:42 - 00002878 _____ () C:\Windows\System32\Tasks\{55FFC241-A927-4FEF-B898-D45E30517C06} 2014-04-16 05:11 - 2014-04-16 05:11 - 00065608 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-16 05:11 - 2012-01-07 12:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Paint.NET 2014-04-16 05:02 - 2014-04-16 05:02 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-16 04:53 - 2014-04-16 04:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 04:52 - 2014-04-16 04:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-16 04:39 - 2012-04-16 21:02 - 00000000 ____D () C:\Windows\pss 2014-04-16 04:17 - 2012-06-26 19:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2014-04-16 03:58 - 2011-07-21 15:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-16 03:57 - 2010-10-08 15:34 - 00000000 ____D () C:\Windows\Panther 2014-04-16 03:56 - 2010-10-10 13:57 - 00000000 ____D () C:\Windows\Minidump 2014-04-16 01:10 - 2010-10-10 13:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2014-04-15 23:57 - 2010-10-08 14:40 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Pirrit 2014-04-15 23:56 - 2014-04-15 23:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\WinRST 2014-04-15 23:56 - 2014-04-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Pirrit 2014-04-14 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-13 23:30 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-04-13 23:30 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-04-13 23:30 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-12 22:51 - 2014-04-12 22:51 - 00000066 _____ () C:\Users\Admin\Desktop\teso.txt 2014-04-12 21:54 - 2011-07-12 01:12 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-12 20:53 - 2014-04-12 20:53 - 00013262 _____ () C:\Users\Admin\Desktop\RandyRun Order 1454125 CDKey.zip 2014-04-09 20:30 - 2013-07-31 08:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:28 - 2010-10-08 15:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 18:16 - 2013-08-17 03:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-08 18:16 - 2010-10-10 13:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2014-04-03 09:51 - 2014-04-16 04:53 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 04:53 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-16 04:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 17:49 - 2010-10-26 10:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games 2014-03-28 12:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-24 09:43 - 2014-03-24 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\mslug3 2014-03-24 09:43 - 2013-08-21 07:57 - 00000000 ____D () C:\ProgramData\Package Cache ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-16 08:11 ==================== End Of Log ============================
  5. Few hours ago a program was installed called "pirrit" its somekind of spam virus or whatever on my computer. Well, i removed it successfully. After that i opened up Dota 2 and was looking for a game and then this showed up.*link to pic http://i62.tinypic.com/2hykvtf.pngAlso on Facebook the youtube links look kinda weird now they all have big white stripe under their thumbnail.I also clicked on the ad, Malwarebytes instantly blocked the website and "disconnected" from the website. Already scanned with Spybot and ESET NOD32 Antivirus. They found nothing. When my scan finished with Malwarebytes it found smoething and i instantly removed it. But i still have these problems.Can someone help me? CheersI think i have the same or atleast a similar problem as this gentlemen. https://forums.malwa...howtopic=142749 Sorry for double post. Cheers
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.