Jump to content

m0rb

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral
  1. nah, thanks, you misunderstood - I have no problems re-installing Windows, I was just worried about finding drivers etc. for an in-place upgrade. I might be no programmer and/or specialist on the field ofr sofdtware etc, but I knoiw my way around. so, it'll be a clean re-install for me then. the issues I have atm are too severe to iugnore, yesterday I realized I had to run every programme as an admin, otherwise I get error-messages... I really see no way around a re-install. just for the sake of me saving asd much private data as possible - do you think I have a malware problem, or is it just my system and OS that has had enough 2 years of constantly installing new software? and maybe a private question in the end - since you wrote that you spent 2 yrs in Germany, armed forces or student? I'm just asking because I spent a lot of time with American students in the last 10 years at the uni and there's a US Army barrack just down the street from where I live (see, technically, we are still at war, Germany is occupied by American forces really) and HQ is just around the corner.
  2. is it as complicated as these instructions suggest, after briefly looking over them? and, would you recommend an "in-place upgrade", over a fresh and clean reinstall?
  3. hey, sorry I couldn't respond to you yesterday, as I hgad planned to. I just notticed that it isn't only a couple of pics I cannot view - it's ALL pics/photos I have, that won't open using the standard windows "imageview" or "photoview", whatever it is called ("Windows-Fotoanzeige"). apart from this issue, my PC runs more or less smooth - atm my biggest problem is that I cannot run a Windows Installer, to re-install "Steam" for gaming. unfortunately, the steam-support couldn't help me at all, they just gave me a link (which I found even before they told me to try that) - http://support.microsoft.com/kb/275869 - which should help, but unfortunately either it did not help or I was just to stupid to do it right. I thought that possibly this was caused to all the (now dead) entries in my registry, so I used "CCleaner" to tidy up the registry, but that didn't help either. if I can't resolve all this %!"§, I'm going to re-install Windows 7 to fix my issue with "Steam", the problem with viewing pics and that thing with "Chrome", which still exists. since none of the programmes and tests you made run did not find any malware, I tend to thinking that all these issues are NOT caused by malware. of course, I am not the expert here and so I will just do as you say.
  4. I will come back to you later today - I'm currently not able to sit on my PC and only write so that you won't shut down this topic yet. as I said, I'll respond properly in 6-10 hours or so.
  5. oh, I remembered there was that other permission issue with opening a photo... this I really don't understand. I can copy the .JPG wherever I want on my drives - when I try to open it by double click, it says "The picture kann not be opened, since you do not have permission to access the save_location of this file." - this is the literal translation from German - no matter where I try to open it from. right-click "open with... paint" works fine though.
  6. yes, I realized (after posting here) that the new version I installed/updated of the reader was 11.x and not 10.x any more. I was just confused because Acrobat Reader told me at the start-up of my PC that there was a newer version, but when trying to update from within the reader, I got this "no newer version available" message. just a bit odd. well the archive I wanted to extract was still in my download folder, which is the standard folder (win 7), "C:\user\m0rb\download\" I opened the archive in "WinRAR", because it's the only programme I have currently installed for such tasks, usually I use 7zip, but it's not installed currently. as I always do with archives, I open them in one of the programmes and then just slide it to a temp folder on my desktop. when I tried that, I got said message about not having the rights to access that location - when I right-clicked the archive though and chose "extract here", it worked. oh, and it really didn't matter where I tried sliding the files to, when I tried it my usual way, or where the archive was (I tried to put the archive in a temp folder and got the same error message). screenshot, sure, I could make one, but it's German and I assume you wouldn't speak German... it's not a problem though, because as I said, I simply could right-click the archive and "extract here" or "extract to \archivename". I guess that's just part of the reason why I usually use 7zip?
  7. oh, I just realized something, after reading this last protocol and don't know whzat to make off it: when I tried updating "Adobe Reader" 2 minutes ago, I started the programme, selected "update" and received a message "there is no newer version available, Adobe Reader X is up-to-date". BUT - and excuse me if this is nothing special, but it is something I always thought of as a sign of malware infestation - when I typed download "Adobe Reader" into my search-engine, it took me 2.4 seconds to realize that there IS a newer version available in deed! does this mean something? (or does it only mean I shouldn't "think" any longer at all, for it is obviously a weak-spot of me)
  8. Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SpyCraft Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 29.0.1547.57 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ^why is it listing "SpyCraft" as 'Anti-malware/Other Utilities'? I am pretty sure this is a game I had installed prior to my hard-drive going MIA. How is the computer running? basically, it runs smooth... that is, of course, besides denying me access to parts of my hard-disc(s) and not letting me install some new programmes or games, not even to my fresh-off-the-shelf HDD. oh, I just tried opening a photo sent to me some weeks ago. it opened normally last week - now it told me "You cannot open this picture, because you are not authorized to access files stored in this location" - of course, I could cut out the file, shift it to another location and still not open it. but I could open it using "MS Paint"! yaay! sorry, it's just that this doesn't make any sense to me, I have no idea why this is happening and it all seems so surreal to me. concerning browsers: I used firefox for almost a decade (if that is even possible? let's stick with "a pretty long time" and I always liked it a lot, especially compared to Internet Explorer. then again, I'm pretty sure EVERY other browser runs better than IE - and safer. and faster. and more comfortably. I never wanted to use chrome, particularly because it is known to be google's "spy". but, I really loved the "feel" of it and it seems to me it's much faster and more comfortable than firefox. I can't really picture myself going back to the fox. finally, IF I decided to re-install Windows, I'd HAVE TO abolish as many of my personal files as possible, right? I mean, just in case my current problems ARE caused by malware, I wouldn't want to carry anything over from one installation to the next.
  9. hey - I have a new, severe problem: trying to "unzip" an archive, I've been told that the location where temporary files were to be copied to, couldn't be accessed... although the profile I use on this PC is the only admin, the only user-profile, really, I was told that my profile wouldn't have the necessary rights to write to this drive. of course I checked whether there'd suddenly be any other profiles besides mine - there weren't. and of course I checked whether my profile did have all necessary rights to access, write or read hard-drives etc. - of course I have and only I! as I wrote, there are no guest profiles on this PC and no other users besides myself. when I later tried to install a software (steam) onto my new HDD, I got an error message claiming something along the lines of: "error copying installation-data to the harddrive, make sure there's enough space on the HDD you're running this installer off. unfortunately, this message occurs no matter which hard-drive I use. that new drive I mentioned is literally "virginal" - absolutely untouched. this is wearing me off! seriously, I've been thinking of "format C:\"-ing everything and starting with a clean slate... my fears are only that it wouldn't be as clean as I thought it would and then there's loss of so much data.
  10. hello again... AdwCleaner does not find any problems any more... should I still post a log? and btw, it was AdwCleaner I've had used to "clean" the found problems, which left me with a crippled "Chrome". concerning said browser, I followed your instructions and anything chrome told me to do, to restore my browser - unfortunately, it did not work and my chrome still is crippled. well, I guess I could uninstall it completely and try to re-install. I just fear for all my links. I can't find any "export" option and I fear I wouldn't remember all the passwords for all the forums I ever registered. seems like manually downloading 2 apps from chrome app-store and logging in to my browser are the lesser evil atm...
  11. damned! I just used that last tool I scanned with and "cleaned"... unfortunately, now my Google Chrome settings cannot be saved any more and I have to download my favorite plug-ins every startup. any suggestions how to fix this? damn, I'm such an idiot for deleting anything on my own... I'd appologize, but since I am the victim of my own stupidity... stuff!
  12. so... Anti Rootkit didn't find anything! should I still post the logs? next, JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.9 (09.07.2013:1)OS: Windows 7 Enterprise x64Ran by m0rb on 08/09/2013 at 23:32:00.07~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [service] hshld Successfully stopped: [service] hsstrayservice Successfully deleted: [service] hsstrayservice Successfully stopped: [service] hsswd Successfully deleted: [service] hsswd ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfreeSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshieldSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ef17083-57d4-4d64-ae4f-55f32a2c4571}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d793423b-ff18-4a54-b9c9-75b3396baac4}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3E94288C-DE96-40BD-AD2D-F3AAE1ED37E7}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34C70A40-3D87-43EF-96BA-F3E148592D24}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34C70A40-3D87-43EF-96BA-F3E148592D24} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"Successfully deleted: [Folder] "C:\ProgramData\premium"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\boost_interprocess"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\codecv"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield" ~~~ FireFox Successfully deleted the following from C:\Users\m0rb\AppData\Roaming\mozilla\firefox\profiles\7yg9x2uh.default\prefs.js user_pref("extensions.4f97c8882496d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-Emptied folder: C:\Users\m0rb\AppData\Roaming\mozilla\firefox\profiles\7yg9x2uh.default\minidumps [38 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 08/09/2013 at 23:35:16.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log: # AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 23:45:25# Updated 07/09/2013 von Xplode# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)# Benutzername : m0rb - M0RB-PC# Gestartet von : C:\Users\m0rb\Desktop\AdwCleaner.exe# Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : BCUService ***** [ Dateien / Ordner ] ***** Ordner Gefunden : C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecvOrdner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\DeviceVMSchlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Schlüssel Gefunden : [x64] HKCU\Software\DeviceVMSchlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHookSchlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}Schlüssel Gefunden : HKLM\Software\DeviceVMSchlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v12.0 (de) [ Datei : C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\prefs.js ] Zeile gefunden : user_pref("extensions.4f97c8882496d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/14[...] -\\ Google Chrome v [ Datei : C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2435 octets] - [08/09/2013 23:45:25] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2495 octets] ########## - it's all good to go with me.. ESET log: C:\BIE\bie_7install64.exe a variant of Win32/HackKMS.A applicationC:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask applicationC:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D applicationC:\Program Files (x86)\SlySoft\AnyDVD\ElbyCDIO.dll a variant of Win32/Packed.Enigma.AAF trojanC:\Qoobox\Quarantine\C\ProgramData\Codecv\uninstall.exe.vir Win32/Adware.MultiPlug.A applicationC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask applicationE:\downloads\Programme\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask applicationE:\Games - ISOs\Angry Birds Collection\Angry.Birds.Rio.v1.4.2.Cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U applicationE:\Games - ISOs\Angry Birds Collection\Angry.Birds.Seasons.v2.2.0.Cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U applicationE:\Games - ISOs\Retro.City.Rampage.v1.06.multi5.full-THETA\Retro City Rampage.exe Win32/HackTool.Crack.B application well, apart from the very first hit (C:\BIE\bie_7install64.exe a variant of Win32/HackKMS.A application), I don't have any use for it. BUT, there's some "Avira" files listed and I am not sure whether it would be a smart move to delete those. btw - Avira (my anti-virus tool) has been deactivated, yer this scan warned me about finding anti-virus software... so I am not sure if it is right to delete those files... I'll do whatever you tell me is right. last, not least FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013Ran by m0rb (administrator) on M0RB-PC on 09-09-2013 00:47:25Running from C:\Users\m0rb\DownloadsWindows 7 Enterprise Service Pack 1 (X64) OS Language: German StandardInternet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Executive Software International, Inc.) C:\Program Files (x86)\DiskeeperLite\DKService.exe(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe() C:\Program Files\Core Temp\Core Temp.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Users\m0rb\Desktop\AdwCleaner.exe(Executive Software International, Inc.) C:\Program Files (x86)\DiskeeperLite\DfrgNTFS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)HKCU\...\Run: [steelSeries Engine] - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [239104 2013-02-06] (SteelSeries ApS)HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No FileStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {43F32485-5564-4b1e-84B9-21A12B7F3F8A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMBSearchScopes: HKCU - {43F32485-5564-4b1e-84B9-21A12B7F3F8A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMBBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No FileBHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.defaultFF Homepage: google.deFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\m0rb\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No FileFF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xmlFF Extension: Codecv - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\4f97c88824966@4f97c88824968.infoFF Extension: Hotspot Shield - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}FF Extension: No Name - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: No Name - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpiFF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.comFF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (Google Update) - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)CHR Plugin: (Uplay PC) - D:\- G A M E S -\Uplay\Ubisoft Game Launcher\npuplaypc.dll No FileCHR Extension: (BIODIGITAL HUMAN) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0CHR Extension: (OkayFreedom) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd\1.1.0_0CHR Extension: (Knightmare Tower) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdecmbmceeclagcfaobhlmijgpjighb\1.1_0CHR Extension: (NYTimes) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0CHR Extension: (The QR Code Generator) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0CHR Extension: (AdBlock) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0CHR Extension: (Drakensang Online) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfnnlgcclgoefnbmlkabdnpfndekmeo\1_0CHR Extension: (Battlestar Galactica Online) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0CHR Extension: (Lord of Ultima) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0CHR Extension: (Burrito Bison) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnlnlkkpikjojgijcdbfddkfbledeom\1.0_0CHR Extension: (Google Mail Checker) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0CHR Extension: (Feed the King) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmgcophkiclkphofoigmmfgdajkokab\1_1CHR Extension: (Chrome In-App Payments service) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Mini Ninjas) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.19_0CHR Extension: (Psykopaint) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0CHR HKLM-x32\...\Chrome\Extension: [akogkenicmciojjhoijaipjdhbjphddd] - C:\ProgramData\Codecv\akogkenicmciojjhoijaipjdhbjphddd.crxCHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crxCHR StartMenuInternet: Google Chrome - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()R2 Diskeeper; C:\Program Files (x86)\DiskeeperLite\DKService.exe [176128 2002-10-16] (Executive Software International, Inc.)R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-25] ()S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [x] ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-29] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-01] (DT Soft Ltd)R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-01-10] (SteelSeries Corporation)R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)R3 ALSysIO; \??\C:\Users\m0rb\AppData\Local\Temp\ALSysIO64.sys [x]S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-09 00:46 - 2013-09-09 00:46 - 01948988 _____ (Farbar) C:\Users\m0rb\Downloads\FRST64.exe2013-09-09 00:41 - 2013-09-09 00:41 - 00001502 _____ C:\Users\m0rb\Desktop\eset.txt2013-09-08 23:52 - 2013-09-08 23:52 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu.exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (2).exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (1).exe2013-09-08 23:47 - 2013-09-08 23:47 - 00002587 _____ C:\Users\m0rb\Desktop\AdwCleaner[R0].txt2013-09-08 23:45 - 2013-09-08 23:45 - 00000000 ____D C:\AdwCleaner2013-09-08 23:43 - 2013-09-08 23:44 - 01037278 _____ C:\Users\m0rb\Desktop\AdwCleaner.exe2013-09-08 23:35 - 2013-09-08 23:35 - 00005533 _____ C:\Users\m0rb\Desktop\JRT.txt2013-09-08 23:31 - 2013-09-08 23:31 - 00000000 ____D C:\Windows\ERUNT2013-09-08 23:30 - 2013-09-08 23:31 - 01029490 _____ (Thisisu) C:\Users\m0rb\Desktop\JRT.exe2013-09-08 23:06 - 2013-09-08 23:06 - 96566691 _____ C:\Windows\SysWOW64\㌦2013-09-07 12:05 - 2013-09-05 13:04 - 00028889 _____ C:\Users\m0rb\Desktop\ComboFix.txt2013-09-06 01:47 - 2013-09-06 01:47 - 00001255 _____ C:\Users\m0rb\Desktop\OUTLAST.lnk2013-09-05 13:04 - 2013-09-05 13:04 - 00028889 _____ C:\ComboFix.txt2013-09-05 12:54 - 2013-09-05 13:04 - 00000000 ____D C:\Qoobox2013-09-05 12:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe2013-09-05 12:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe2013-09-05 12:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe2013-09-05 12:28 - 2013-09-05 12:28 - 05120804 ____R (Swearware) C:\Users\m0rb\Desktop\ComboFix.exe2013-09-04 22:12 - 2013-09-04 22:12 - 00002165 _____ C:\Users\m0rb\Desktop\aswMBR.txt2013-09-04 22:12 - 2013-09-04 22:12 - 00000512 _____ C:\Users\m0rb\Desktop\MBR.dat2013-09-04 20:07 - 2013-09-04 20:08 - 04745728 _____ (AVAST Software) C:\Users\m0rb\Desktop\aswmbr.exe2013-09-04 17:48 - 2013-09-04 17:48 - 00002031 _____ C:\Users\m0rb\Desktop\RKreport[0]_S_09042013_174835.txt2013-09-04 17:45 - 2013-09-04 17:45 - 03787264 _____ C:\Users\m0rb\Desktop\RogueKillerX64.exe2013-09-04 17:42 - 2013-09-05 13:03 - 00000000 ____D C:\Windows\ERDNT2013-09-04 17:42 - 2013-09-04 17:48 - 00000000 ____D C:\Users\m0rb\Desktop\RK_Quarantine2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\m0rb\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000911 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-04 17:37 - 2013-09-04 17:47 - 00002034 _____ C:\Users\m0rb\Desktop\Rkill.txt2013-09-04 17:37 - 2013-09-04 17:37 - 00000000 ____D C:\Users\m0rb\Desktop\rkill2013-09-04 17:31 - 2013-09-04 17:31 - 00791393 _____ (Lars Hederer ) C:\Users\m0rb\Desktop\erunt-setup.exe2013-09-04 17:30 - 2013-09-04 17:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\m0rb\Desktop\rkill.exe2013-09-04 15:25 - 2013-09-04 15:25 - 00001758 _____ C:\Users\m0rb\Desktop\Anweisungen zur Datenträgerwiederherstellung.txt2013-09-04 12:12 - 2013-09-04 12:12 - 30683519 _____ C:\Users\m0rb\Downloads\Paperspls.rar2013-09-03 10:55 - 2013-09-08 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-03 10:53 - 2013-09-03 10:54 - 12907592 _____ (Malwarebytes Corp.) C:\Users\m0rb\Downloads\mbar-1.07.0.1005.exe2013-09-03 01:32 - 2013-09-03 01:32 - 00000000 ___DC C:\Users\m0rb\AppData\Local\MigWiz2013-09-03 01:08 - 2013-09-04 19:23 - 00000000 ____D C:\Users\m0rb\Desktop\diagnose_malware2013-09-03 00:22 - 2013-09-04 10:48 - 00000000 ____D C:\Program Files (x86)\DiskeeperLite2013-09-03 00:22 - 2013-09-03 00:22 - 00000780 _____ C:\Users\Public\Desktop\Diskeeper Lite.lnk2013-09-01 23:50 - 2013-09-01 23:50 - 00001076 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk2013-09-01 23:50 - 2013-09-01 23:50 - 00000000 ____D C:\Program Files (x86)\VirtualCloneDrive2013-09-01 23:49 - 2013-09-01 23:49 - 01588760 _____ C:\Users\m0rb\Downloads\SetupVirtualCloneDrive5460.exe2013-09-01 20:23 - 2013-09-01 20:23 - 00001086 _____ C:\Users\m0rb\Desktop\prison architect - Verknüpfung.lnk2013-09-01 20:22 - 2013-08-26 16:32 - 00002168 _____ C:\Users\m0rb\Desktop\sir_alpha_v0.3.4518 - Verknüpfung.lnk2013-09-01 19:49 - 2013-09-01 19:49 - 08531968 _____ C:\Users\m0rb\Downloads\SteamInstall_German.msi2013-09-01 18:16 - 2013-09-01 18:16 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk2013-09-01 18:13 - 2013-09-01 18:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys2013-09-01 18:13 - 2013-09-01 18:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite2013-09-01 16:20 - 2013-09-01 16:20 - 00003202 _____ C:\Windows\System32\Tasks\{2076B10B-0E9B-4690-BD51-DD15D71E5A7F}2013-09-01 01:29 - 2013-09-01 01:29 - 00001710 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk2013-09-01 01:29 - 2013-09-01 01:29 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games2013-08-31 01:37 - 2013-08-13 01:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-29 15:19 - 2013-08-29 15:26 - 00960960 _____ C:\Windows\PE_File.dll2013-08-29 14:50 - 2013-08-29 15:08 - 00000000 _____ C:\Windows\Path.idx2013-08-29 14:22 - 2013-08-29 14:22 - 00330853 _____ C:\Users\m0rb\Downloads\RealTemp_370.zip2013-08-29 14:04 - 2013-08-29 14:05 - 99540854 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 1.rar2013-08-29 14:04 - 2013-08-29 14:05 - 85079171 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 2.rar2013-08-29 14:04 - 2013-08-29 14:05 - 67268727 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 3.rar2013-08-29 14:04 - 2013-08-29 14:05 - 106883696 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 4.rar2013-08-27 12:26 - 2013-08-27 12:26 - 01252424 _____ C:\Users\m0rb\Downloads\DesuraInstaller.exe2013-08-26 19:35 - 2013-08-29 15:28 - 01025648 _____ C:\Windows\PE_Rom.dll2013-08-26 19:24 - 2013-08-26 19:25 - 00000000 ____D C:\Windows\System32\Tasks\ASUS2013-08-26 19:23 - 2008-01-04 13:34 - 00011832 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys2013-08-26 19:23 - 2008-01-04 13:34 - 00010216 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys2013-08-26 19:13 - 2013-08-26 19:13 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll2013-08-26 18:58 - 2013-08-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf2013-08-26 18:56 - 2010-08-03 13:21 - 00014464 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys2013-08-26 18:55 - 2008-12-02 20:05 - 00184320 _____ (ASUSTeK) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll2013-08-26 18:54 - 2013-08-26 19:26 - 00000090 _____ C:\setup.log2013-08-26 18:53 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files (x86)\ASUS2013-08-26 18:53 - 2013-08-26 18:53 - 00000000 ____D C:\ProgramData\ASUS2013-08-26 18:53 - 2010-08-24 15:16 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys2013-08-26 18:53 - 2010-08-18 01:28 - 00026136 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys2013-08-26 18:53 - 2010-06-29 15:41 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll2013-08-26 18:53 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll2013-08-26 18:51 - 2013-08-26 18:52 - 292246834 _____ C:\Users\m0rb\Downloads\AISuite_II_P8P.zip2013-08-26 17:09 - 2013-08-26 17:10 - 122582464 _____ C:\Users\m0rb\Downloads\DSpdL_v1.0.2.123456_GERMAN-BiTE.rar2013-08-26 15:54 - 2013-08-26 15:56 - 495923496 _____ C:\Users\m0rb\Downloads\Gone.Home-WaLMaRT.rar2013-08-25 19:53 - 2013-09-08 23:05 - 00005782 _____ C:\Windows\setupact.log2013-08-25 19:53 - 2013-08-25 19:53 - 00000000 _____ C:\Windows\setuperr.log2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part04.rar2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part02.rar2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part01.rar2013-08-25 17:50 - 2013-08-25 17:54 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part03.rar2013-08-24 01:58 - 2013-08-24 01:58 - 00000000 _____ C:\Users\m0rb\Desktop\DOWNLOADS !!!.txt2013-08-21 22:57 - 2013-08-21 22:57 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Wayforward Technologies2013-08-21 18:35 - 2013-08-21 18:35 - 53767044 _____ C:\Users\m0rb\Downloads\battlefield3_ost_mp3_1376097014.zip2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Windows\9530AE42DAE146199594B23487285D17.TMP2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Arrowhead2013-08-21 12:23 - 2013-08-21 12:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel2013-08-17 22:12 - 2013-08-17 22:12 - 72314526 _____ C:\Users\m0rb\Downloads\Hwpo-(DatPiff.com).zip2013-08-15 02:35 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-15 02:35 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-15 02:35 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-08-15 02:35 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-15 02:35 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-15 02:35 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-08-15 02:35 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-08-15 02:35 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-15 02:35 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-15 02:35 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-15 02:35 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-15 02:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-15 02:35 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-15 02:35 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-15 02:35 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-08-15 02:35 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-15 02:35 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-08-15 02:35 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-08-15 02:32 - 2013-08-15 02:33 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 16:21 - 2013-08-14 16:21 - 00000000 ____D C:\Users\m0rb\AppData\Local\Risen2013-08-14 07:57 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-14 07:57 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-14 07:57 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-14 07:57 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-14 07:57 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-08-14 07:57 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-08-14 07:57 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-08-14 07:57 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-14 07:57 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-14 07:57 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-14 07:57 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-14 07:57 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-14 07:57 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-14 07:57 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-14 07:57 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-14 07:57 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-14 07:57 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-14 07:57 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-14 07:57 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-14 07:57 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-14 07:57 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-14 07:57 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-14 07:57 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-14 07:57 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-14 07:57 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-14 07:57 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-14 07:57 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2013-08-14 07:57 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-14 07:57 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2013-08-14 07:57 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2013-08-14 07:57 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2013-08-14 07:57 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2013-08-14 07:57 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-08-14 07:57 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2013-08-14 07:57 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-08-13 09:40 - 2013-08-13 09:40 - 17857246 _____ C:\Users\m0rb\Downloads\20130807.zip2013-08-13 09:40 - 2013-08-13 09:40 - 02958696 _____ C:\Users\m0rb\Downloads\dpjuly13.zip ==================== One Month Modified Files and Folders ======= 2013-09-09 00:46 - 2013-09-09 00:46 - 01948988 _____ (Farbar) C:\Users\m0rb\Downloads\FRST64.exe2013-09-09 00:41 - 2013-09-09 00:41 - 00001502 _____ C:\Users\m0rb\Desktop\eset.txt2013-09-09 00:16 - 2012-03-30 10:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-08 23:52 - 2013-09-08 23:52 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu.exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (2).exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (1).exe2013-09-08 23:47 - 2013-09-08 23:47 - 00002587 _____ C:\Users\m0rb\Desktop\AdwCleaner[R0].txt2013-09-08 23:45 - 2013-09-08 23:45 - 00000000 ____D C:\AdwCleaner2013-09-08 23:44 - 2013-09-08 23:43 - 01037278 _____ C:\Users\m0rb\Desktop\AdwCleaner.exe2013-09-08 23:35 - 2013-09-08 23:35 - 00005533 _____ C:\Users\m0rb\Desktop\JRT.txt2013-09-08 23:31 - 2013-09-08 23:31 - 00000000 ____D C:\Windows\ERUNT2013-09-08 23:31 - 2013-09-08 23:30 - 01029490 _____ (Thisisu) C:\Users\m0rb\Desktop\JRT.exe2013-09-08 23:28 - 2013-09-03 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-08 23:20 - 2009-07-14 06:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-08 23:20 - 2009-07-14 06:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-08 23:06 - 2013-09-08 23:06 - 96566691 _____ C:\Windows\SysWOW64\㌦2013-09-08 23:06 - 2011-10-30 16:47 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini2013-09-08 23:05 - 2013-08-25 19:53 - 00005782 _____ C:\Windows\setupact.log2013-09-08 23:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-07 16:02 - 2011-10-30 16:11 - 01318902 _____ C:\Windows\WindowsUpdate.log2013-09-06 23:37 - 2013-08-09 21:48 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Skype2013-09-06 15:06 - 2013-08-04 16:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan2013-09-06 01:47 - 2013-09-06 01:47 - 00001255 _____ C:\Users\m0rb\Desktop\OUTLAST.lnk2013-09-06 01:47 - 2011-10-31 09:44 - 00000000 ____D C:\Users\m0rb\AppData\Local\CrashDumps2013-09-06 01:35 - 2011-11-02 16:34 - 00000000 ____D C:\Users\m0rb\Documents\My Games2013-09-06 00:32 - 2012-01-13 17:54 - 00000000 ____D C:\Program Files (x86)\Futuremark2013-09-06 00:32 - 2011-10-30 16:39 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information2013-09-05 15:34 - 2011-10-31 07:38 - 00100204 _____ C:\Windows\PFRO.log2013-09-05 13:04 - 2013-09-07 12:05 - 00028889 _____ C:\Users\m0rb\Desktop\ComboFix.txt2013-09-05 13:04 - 2013-09-05 13:04 - 00028889 _____ C:\ComboFix.txt2013-09-05 13:04 - 2013-09-05 12:54 - 00000000 ____D C:\Qoobox2013-09-05 13:03 - 2013-09-04 17:42 - 00000000 ____D C:\Windows\ERDNT2013-09-05 13:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini2013-09-05 12:28 - 2013-09-05 12:28 - 05120804 ____R (Swearware) C:\Users\m0rb\Desktop\ComboFix.exe2013-09-04 22:12 - 2013-09-04 22:12 - 00002165 _____ C:\Users\m0rb\Desktop\aswMBR.txt2013-09-04 22:12 - 2013-09-04 22:12 - 00000512 _____ C:\Users\m0rb\Desktop\MBR.dat2013-09-04 20:08 - 2013-09-04 20:07 - 04745728 _____ (AVAST Software) C:\Users\m0rb\Desktop\aswmbr.exe2013-09-04 19:23 - 2013-09-03 01:08 - 00000000 ____D C:\Users\m0rb\Desktop\diagnose_malware2013-09-04 17:48 - 2013-09-04 17:48 - 00002031 _____ C:\Users\m0rb\Desktop\RKreport[0]_S_09042013_174835.txt2013-09-04 17:48 - 2013-09-04 17:42 - 00000000 ____D C:\Users\m0rb\Desktop\RK_Quarantine2013-09-04 17:47 - 2013-09-04 17:37 - 00002034 _____ C:\Users\m0rb\Desktop\Rkill.txt2013-09-04 17:45 - 2013-09-04 17:45 - 03787264 _____ C:\Users\m0rb\Desktop\RogueKillerX64.exe2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\m0rb\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000911 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-04 17:37 - 2013-09-04 17:37 - 00000000 ____D C:\Users\m0rb\Desktop\rkill2013-09-04 17:31 - 2013-09-04 17:31 - 00791393 _____ (Lars Hederer ) C:\Users\m0rb\Desktop\erunt-setup.exe2013-09-04 17:30 - 2013-09-04 17:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\m0rb\Desktop\rkill.exe2013-09-04 15:25 - 2013-09-04 15:25 - 00001758 _____ C:\Users\m0rb\Desktop\Anweisungen zur Datenträgerwiederherstellung.txt2013-09-04 15:11 - 2013-03-29 15:22 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys2013-09-04 12:12 - 2013-09-04 12:12 - 30683519 _____ C:\Users\m0rb\Downloads\Paperspls.rar2013-09-04 10:48 - 2013-09-03 00:22 - 00000000 ____D C:\Program Files (x86)\DiskeeperLite2013-09-04 02:57 - 2009-07-14 12:49 - 00696848 _____ C:\Windows\system32\perfh007.dat2013-09-04 02:57 - 2009-07-14 12:49 - 00148144 _____ C:\Windows\system32\perfc007.dat2013-09-04 02:57 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-03 10:54 - 2013-09-03 10:53 - 12907592 _____ (Malwarebytes Corp.) C:\Users\m0rb\Downloads\mbar-1.07.0.1005.exe2013-09-03 01:32 - 2013-09-03 01:32 - 00000000 ___DC C:\Users\m0rb\AppData\Local\MigWiz2013-09-03 00:30 - 2013-07-12 13:06 - 00000000 ____D C:\Users\m0rb\Desktop\Files2013-09-03 00:22 - 2013-09-03 00:22 - 00000780 _____ C:\Users\Public\Desktop\Diskeeper Lite.lnk2013-09-03 00:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help2013-09-01 23:50 - 2013-09-01 23:50 - 00001076 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk2013-09-01 23:50 - 2013-09-01 23:50 - 00000000 ____D C:\Program Files (x86)\VirtualCloneDrive2013-09-01 23:49 - 2013-09-01 23:49 - 01588760 _____ C:\Users\m0rb\Downloads\SetupVirtualCloneDrive5460.exe2013-09-01 20:23 - 2013-09-01 20:23 - 00001086 _____ C:\Users\m0rb\Desktop\prison architect - Verknüpfung.lnk2013-09-01 20:20 - 2011-10-30 16:19 - 00000000 ____D C:\Users\m0rb2013-09-01 19:49 - 2013-09-01 19:49 - 08531968 _____ C:\Users\m0rb\Downloads\SteamInstall_German.msi2013-09-01 18:27 - 2011-11-02 14:24 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite2013-09-01 18:16 - 2013-09-01 18:16 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk2013-09-01 18:13 - 2013-09-01 18:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys2013-09-01 18:13 - 2013-09-01 18:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite2013-09-01 16:20 - 2013-09-01 16:20 - 00003202 _____ C:\Windows\System32\Tasks\{2076B10B-0E9B-4690-BD51-DD15D71E5A7F}2013-09-01 15:23 - 2013-05-08 14:14 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2013-09-01 01:29 - 2013-09-01 01:29 - 00001710 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk2013-09-01 01:29 - 2013-09-01 01:29 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games2013-08-31 02:07 - 2013-08-01 09:56 - 00000000 ____D C:\dosgames2013-08-30 09:58 - 2011-10-30 22:39 - 01123039 _____ C:\Windows\DirectX.log2013-08-29 15:28 - 2013-08-26 19:35 - 01025648 _____ C:\Windows\PE_Rom.dll2013-08-29 15:26 - 2013-08-29 15:19 - 00960960 _____ C:\Windows\PE_File.dll2013-08-29 15:08 - 2013-08-29 14:50 - 00000000 _____ C:\Windows\Path.idx2013-08-29 14:22 - 2013-08-29 14:22 - 00330853 _____ C:\Users\m0rb\Downloads\RealTemp_370.zip2013-08-29 14:05 - 2013-08-29 14:04 - 99540854 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 1.rar2013-08-29 14:05 - 2013-08-29 14:04 - 85079171 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 2.rar2013-08-29 14:05 - 2013-08-29 14:04 - 67268727 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 3.rar2013-08-29 14:05 - 2013-08-29 14:04 - 106883696 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 4.rar2013-08-29 11:40 - 2013-05-07 14:40 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys2013-08-29 11:40 - 2013-03-29 15:22 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys2013-08-27 12:26 - 2013-08-27 12:26 - 01252424 _____ C:\Users\m0rb\Downloads\DesuraInstaller.exe2013-08-27 09:05 - 2011-10-30 16:45 - 00000000 ____D C:\Users\m0rb\Documents\Bluetooth Folder2013-08-26 19:26 - 2013-08-26 18:54 - 00000090 _____ C:\setup.log2013-08-26 19:25 - 2013-08-26 19:24 - 00000000 ____D C:\Windows\System32\Tasks\ASUS2013-08-26 19:24 - 2013-08-26 18:53 - 00000000 ____D C:\Program Files (x86)\ASUS2013-08-26 19:13 - 2013-08-26 19:13 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll2013-08-26 19:00 - 2011-10-30 17:09 - 00105528 _____ C:\Users\m0rb\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-26 18:58 - 2013-08-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf2013-08-26 18:58 - 2011-10-30 16:39 - 00000000 ____D C:\Program Files (x86)\Intel2013-08-26 18:53 - 2013-08-26 18:53 - 00000000 ____D C:\ProgramData\ASUS2013-08-26 18:52 - 2013-08-26 18:51 - 292246834 _____ C:\Users\m0rb\Downloads\AISuite_II_P8P.zip2013-08-26 17:10 - 2013-08-26 17:09 - 122582464 _____ C:\Users\m0rb\Downloads\DSpdL_v1.0.2.123456_GERMAN-BiTE.rar2013-08-26 16:32 - 2013-09-01 20:22 - 00002168 _____ C:\Users\m0rb\Desktop\sir_alpha_v0.3.4518 - Verknüpfung.lnk2013-08-26 15:56 - 2013-08-26 15:54 - 495923496 _____ C:\Users\m0rb\Downloads\Gone.Home-WaLMaRT.rar2013-08-25 19:53 - 2013-08-25 19:53 - 00000000 _____ C:\Windows\setuperr.log2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part04.rar2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part02.rar2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part01.rar2013-08-25 17:54 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part03.rar2013-08-24 01:58 - 2013-08-24 01:58 - 00000000 _____ C:\Users\m0rb\Desktop\DOWNLOADS !!!.txt2013-08-23 16:42 - 2013-04-27 18:25 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\vlc2013-08-21 22:57 - 2013-08-21 22:57 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Wayforward Technologies2013-08-21 18:35 - 2013-08-21 18:35 - 53767044 _____ C:\Users\m0rb\Downloads\battlefield3_ost_mp3_1376097014.zip2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Windows\9530AE42DAE146199594B23487285D17.TMP2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Arrowhead2013-08-21 15:16 - 2012-03-30 10:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-21 15:16 - 2012-03-30 10:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-21 15:16 - 2011-10-30 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-21 12:23 - 2013-08-21 12:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel2013-08-20 10:46 - 2012-03-13 04:27 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\dvdcss2013-08-20 10:10 - 2012-02-18 08:24 - 00000125 ____S C:\ProgramData\.zreglib2013-08-17 22:12 - 2013-08-17 22:12 - 72314526 _____ C:\Users\m0rb\Downloads\Hwpo-(DatPiff.com).zip2013-08-17 11:22 - 2012-01-03 12:36 - 00000000 ____D C:\Users\m0rb\AppData\Local\Adobe2013-08-15 18:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache2013-08-15 16:02 - 2012-04-28 22:27 - 00000000 ____D C:\ProgramData\Origin2013-08-15 16:02 - 2012-04-28 22:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Origin2013-08-15 15:45 - 2012-04-28 22:27 - 00000000 ____D C:\Users\m0rb\AppData\Local\Origin2013-08-15 02:33 - 2013-08-15 02:32 - 00000000 ____D C:\Windows\system32\MRT2013-08-15 02:32 - 2011-01-02 14:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-14 16:21 - 2013-08-14 16:21 - 00000000 ____D C:\Users\m0rb\AppData\Local\Risen2013-08-13 09:40 - 2013-08-13 09:40 - 17857246 _____ C:\Users\m0rb\Downloads\20130807.zip2013-08-13 09:40 - 2013-08-13 09:40 - 02958696 _____ C:\Users\m0rb\Downloads\dpjuly13.zip2013-08-13 01:07 - 2013-08-31 01:37 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-10 05:01 - 2013-01-13 17:50 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\.purple Files to move or delete:====================C:\Users\m0rb\AppData\Local\Temp\Quarantine.exeC:\Users\m0rb\AppData\Local\Temp\sfamcc00001.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 22:45 ==================== End Of Log ============================ Addition.txt is, as was requested, attached to the following message.
  13. okay, attached to this post, there is "Combofix.txt". Let's hope this helps/finds anything... or at least makes it obvious it isn't malware that causes my problems. ComboFix.txt
  14. seems to be alright... https://www.virustotal.com/de/file/9a92c9cf1e28630486c84cd75ca70205dcd09383cbb389c6e61378576e9c813a/analysis/1378328866/
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.